Bitcoin Forum
June 25, 2019, 09:03:13 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Possible Romanian Phishing attempt using "metatrading" domain.  (Read 838 times)
hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
October 17, 2015, 06:10:19 PM
Last edit: November 06, 2015, 06:25:45 AM by hennessyhemp
 #1

If you google the company, it is called Metatrader...the metatradING website is a phishing duplicate that will install a trojan.

I know because I got hit.  Then the guy used my BTCtalk account to advertise his scam.

If you clicked on a program and it looked like nothing happened...you are infected, get malwarebytes and run safe mode (assuming you're on windows).

They got in my cryptsy and withdrew all my funds rapidly (after converting everything to BTC), then deleted the confirmation emails.  I saw one of them before deletion and got notices that many of my other (coinbase, gemini, circle) accounts were being attempted (via my Authy two-factor app...get it, use it always).  

Two-Factor Authentication stopped them...use it with every account you put money in.

Be careful out there and change passwords regularly.

EDIT:  One of my accounts reports their IP as belonging to Romania. 

I don't know if they were using a VPN so they could have been from anywhere but this is the IP I had if anyone thinks they can help in any way:

149.3.142.244


Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
1561453393
Hero Member
*
Offline Offline

Posts: 1561453393

View Profile Personal Message (Offline)

Ignore
1561453393
Reply with quote  #2

1561453393
Report to moderator
1561453393
Hero Member
*
Offline Offline

Posts: 1561453393

View Profile Personal Message (Offline)

Ignore
1561453393
Reply with quote  #2

1561453393
Report to moderator
1561453393
Hero Member
*
Offline Offline

Posts: 1561453393

View Profile Personal Message (Offline)

Ignore
1561453393
Reply with quote  #2

1561453393
Report to moderator

Mine RVN and with 0% mining fees and get paid in BTC, ETH, XMR or RVN.

www.cudominer.com Get Cudo Miner
Auto coin switching, third-party miners, overclocking and remote management (Win/Linux)
Run from a USB stick or install from an ISO image (Linux)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561453393
Hero Member
*
Offline Offline

Posts: 1561453393

View Profile Personal Message (Offline)

Ignore
1561453393
Reply with quote  #2

1561453393
Report to moderator
1561453393
Hero Member
*
Offline Offline

Posts: 1561453393

View Profile Personal Message (Offline)

Ignore
1561453393
Reply with quote  #2

1561453393
Report to moderator
--Encrypted--
Copper Member
Legendary
*
Offline Offline

Activity: 924
Merit: 1003

hee-ho.


View Profile
October 17, 2015, 06:51:19 PM
 #2

you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

"You cannot now believe that you will ever feel better. But this is not true. You are sure to be happy again. Knowing this, truly believing it will make you less miserable now."
- Abraham Lincoln #GettingOverIt
hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
October 17, 2015, 08:46:38 PM
 #3

you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

Yes.

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
RustyNomad
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250



View Profile WWW
October 17, 2015, 08:59:01 PM
 #4

Metatrader was created by MetaQuotes http://www.metaquotes.net/

Guess you know that already but just posting it here for reference should somebody else might pickup on the 'metatrader' part.

There is only two places from where you should download Metatrader and that is from MetaQuotes and or your broker's website. Also be very careful with downloading indicator and or expert advisor files for this platform especially if from unknown sites. If you do check them with a virus scanner first. These indicators and or expert advisors (EA's) can be coded to call dll files and many other things so will not be surprised either if this route is followed to slip something onto pc's.
--Encrypted--
Copper Member
Legendary
*
Offline Offline

Activity: 924
Merit: 1003

hee-ho.


View Profile
November 04, 2015, 02:51:22 PM
 #5

bump.

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

don't know enough to report it. if someone is sure then they should report those topics.


update:
that site leads me to a download page with a malware download.
https://www.virustotal.com/en/file/32829d353a9bd9b208d848c4af6a819e3ed72aca64882498473ca82d8e8243f2/analysis/1446649120/

going to report those topics now.

"You cannot now believe that you will ever feel better. But this is not true. You are sure to be happy again. Knowing this, truly believing it will make you less miserable now."
- Abraham Lincoln #GettingOverIt
Cyrus
Ninja
Administrator
Legendary
*
Offline Offline

Activity: 2296
Merit: 1122



View Profile
November 05, 2015, 01:49:29 AM
Last edit: November 05, 2015, 10:59:44 AM by Cyrus
 #6

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
November 06, 2015, 06:20:30 AM
 #7

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

Updated thread and title to more accurately represent Romanian delegates. 

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
V.Lace
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
November 09, 2015, 02:39:23 PM
 #8

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

Thanks  Cyrus, cause I am also from Romania!!!

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!