Bitcoin Forum
July 23, 2018, 03:05:16 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: rahman1988 - posting links to password stealing malware  (Read 709 times)
hamsterfly
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 08, 2016, 08:31:56 PM
 #1

Scammer : rahman1988

Profile : https://bitcointalk.org/index.php?action=profile;u=326395


Link to his sales thread -

https://bitcointalk.org/index.php?topic=1429893.msg14461489#msg14461489

Sends you a .zip file claiming its his Dash wallet.dat file for the trade except it has a password stealer in it.

I have a complete log of all pm's between us if anyone wants to see them.



I have now send 25% of the 14000 DASH upfront as promised.
- https://stemfund.com/dashwallet.zip


I'm looking forward to your business!

My bitcoin address is:
1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS


StemFund is my bitcoin loaning company, and i already sent you the wallet with password..
I dont know how a txt or zip is malware.. man i its my wallet.dat and password for DASH.

Else i would have to change my password for my wallet. It contains 3507 DASH coins.

Regards
rahman1988


Virustotal report on zip file :
https://www.virustotal.com/en/file/216cfbe6851a2d733ec5f7d9875e9156b5cf6b461dc195d41d08642edd525aed/analysis/1460146837/



If this guy posts any bullshit about who is the real scammer I happy to give my password to any senior member so they can confirm every pm between us.



Please tag this retard as a scammer!
1532315116
Hero Member
*
Offline Offline

Posts: 1532315116

View Profile Personal Message (Offline)

Ignore
1532315116
Reply with quote  #2

1532315116
Report to moderator
1532315116
Hero Member
*
Offline Offline

Posts: 1532315116

View Profile Personal Message (Offline)

Ignore
1532315116
Reply with quote  #2

1532315116
Report to moderator
fair bitcoin games | pvp - pve - solo pve games | faucet |
Free satoshi code btcoon500
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532315116
Hero Member
*
Offline Offline

Posts: 1532315116

View Profile Personal Message (Offline)

Ignore
1532315116
Reply with quote  #2

1532315116
Report to moderator
1532315116
Hero Member
*
Offline Offline

Posts: 1532315116

View Profile Personal Message (Offline)

Ignore
1532315116
Reply with quote  #2

1532315116
Report to moderator
1532315116
Hero Member
*
Offline Offline

Posts: 1532315116

View Profile Personal Message (Offline)

Ignore
1532315116
Reply with quote  #2

1532315116
Report to moderator
suchmoon
Legendary
*
Offline Offline

Activity: 1652
Merit: 1456



View Profile
April 08, 2016, 10:05:24 PM
 #2

Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.

Breaking news: GAW was a scam
(Homero Garza pleads guilty)

HOWEYCOINS: SEC approved
                 Make sure to read

                 BitcoinTalk rules
          /s
xetsr
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 08, 2016, 10:20:55 PM
 #3

Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.

Seen this many times before here. Been awhile but it's nothing new.
rahman1988
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
April 08, 2016, 11:20:18 PM
 #4

This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

The crypto currency of the future!    ●           RACE            ●    ✔ Fast  ✔ Secure  ✔ Anonymous
▄▄▄███      Masternodes  |  PoW  |  Secure  |  ASIC resistant  |  Lyra2REv2      ███▄▄▄
DISCORD                TWITTER
suchmoon
Legendary
*
Offline Offline

Activity: 1652
Merit: 1456



View Profile
April 08, 2016, 11:37:13 PM
 #5

This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Oh, so you know how to "move" coins. I wonder why you had to send the wallet file then? Instead of just sending the coins to the buyer.

And why did the password have to be in the LNK file?


Breaking news: GAW was a scam
(Homero Garza pleads guilty)

HOWEYCOINS: SEC approved
                 Make sure to read

                 BitcoinTalk rules
          /s
xetsr
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 09, 2016, 12:16:09 AM
 #6

This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Yeah... I don't think anyone is gonna fall for that. Might wanna try again  Roll Eyes

http://whois.domaintools.com/stemfund.com - Shared namecheap hosting. They'll take it down if enough people report it.
KenR
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000


「きみはこれ&#


View Profile
April 09, 2016, 03:38:55 AM
 #7

This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

How can someone steal the coins leaked from the PM's ? Roll Eyes Aren't you the one trying to send the coins in a Zip File ? That's a new one dude! What were you actually thinking!

  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  .WEBSITE.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
  .ANN THREAD.
.
▄▄▄▄▄▄▄▄
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
Timelord2067
Legendary
*
Offline Offline

Activity: 1554
Merit: 1083


Merit: 224½ (81/37) Zero


View Profile WWW
April 26, 2016, 03:31:07 PM
 #8

Strange transactions: https://blockchain.info/tx/c54a42d272782ea1751425085baec5f8888e066d74b9cd801d95253678c0a5d7

1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS sends

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 3.999 BTC
157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 1.0009 BTC



https://blockchain.info/address/157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 only other transaction two days later is to send

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 1.599 BTC
1MRkXWDcvcPKKR1PpQUVbugKZtS1fewZQ6 0.01504649 BTC

https://blockchain.info/tx/c81739504b649b31002e7ce229e9962a07ad2c4aa4482567c6edf87e286db2fe



1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS also sends 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG directly more than once eg

https://blockchain.info/tx/95295cac37482d6aa7e6c814b196065819157d162caec7476804bc435632fa03
https://blockchain.info/tx/15d7a07ac0225a92ae3e15ce757818f2af0b78786b2c77fae091461c0ca90561

READY FOR A TREE CHANGE? Only $179,000 (AU$) for a 13.06 hectare (32 acres) fully timbered, secluded block in South-East Qld. Various house sites, predominantly north facing, halfway between Gympie & Tin Can Bay, 10 mins drive to local primary school https://www.facebook.com/nevkanerealestate/posts/1583146505116067 --- Known Alts of any-one - A User Generated List Mk III | SEXCoin Forum | Broadcast Your RAW Transaction | Get Paid in BitCoin | (NetHack 3.6.0 Hearse V 1.0.6e) | Twitter: @Timelord2067 Retweet ≠ endorsement | Merit: (224½ (81/37) Zero) | Other Forums: #BritishFolk #SFFHCF | Vanity Wallet Generation | Wallet Verified | ? BTC SXC | (USA) Donate Blood today at One Blood dot ORG | £ $ ₹ € ¥ ¢ ? ÷ BTC I am not an escrow service... | My proof quickseller is an Alt of master-P has been deleted by BitCoinTalk - read archived version here:
Stemfund
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
January 02, 2017, 05:00:36 PM
 #9

This guy is clearly a scammer. He has nothing to do with Stemfund.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!