Bitcoin Forum
May 09, 2024, 06:08:28 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Trading Discussion > Scam Accusations > rahman1988 - posting links to password stealing malware
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: rahman1988 - posting links to password stealing malware  (Read 821 times)
hamsterfly (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 08, 2016, 08:31:56 PM
 #1
Scammer : rahman1988

Profile : https://bitcointalk.org/index.php?action=profile;u=326395


Link to his sales thread -

https://bitcointalk.org/index.php?topic=1429893.msg14461489#msg14461489

Sends you a .zip file claiming its his Dash wallet.dat file for the trade except it has a password stealer in it.

I have a complete log of all pm's between us if anyone wants to see them.


Quote from: rahman1988 on April 08, 2016, 07:53:45 PM

I have now send 25% of the 14000 DASH upfront as promised.
- https://stemfund.com/dashwallet.zip


I'm looking forward to your business!

My bitcoin address is:
1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS


Quote from: rahman1988 on April 08, 2016, 08:06:17 PM
StemFund is my bitcoin loaning company, and i already sent you the wallet with password..
I dont know how a txt or zip is malware.. man i its my wallet.dat and password for DASH.

Else i would have to change my password for my wallet. It contains 3507 DASH coins.

Regards
rahman1988


Virustotal report on zip file :
https://www.virustotal.com/en/file/216cfbe6851a2d733ec5f7d9875e9156b5cf6b461dc195d41d08642edd525aed/analysis/1460146837/



If this guy posts any bullshit about who is the real scammer I happy to give my password to any senior member so they can confirm every pm between us.



Please tag this retard as a scammer!
1715234908
Hero Member
*
Offline Offline

Posts: 1715234908

View Profile Personal Message (Offline)

Ignore
1715234908
1715234908
Reply with quote  #2
1715234908
Report to moderator
1715234908
Hero Member
*
Offline Offline

Posts: 1715234908

View Profile Personal Message (Offline)

Ignore
1715234908
1715234908
Reply with quote  #2
1715234908
Report to moderator
1715234908
Hero Member
*
Offline Offline

Posts: 1715234908

View Profile Personal Message (Offline)

Ignore
1715234908
1715234908
Reply with quote  #2
1715234908
Report to moderator
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
suchmoon
Legendary
*
Offline Offline

Activity: 3654
Merit: 8922


https://bpip.org


View Profile WWW
April 08, 2016, 10:05:24 PM
 #2
Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.
xetsr
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 08, 2016, 10:20:55 PM
 #3
Quote from: suchmoon on April 08, 2016, 10:05:24 PM
Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.

Seen this many times before here. Been awhile but it's nothing new.
rahman1988
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
April 08, 2016, 11:20:18 PM
 #4
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.
The crypto currency of the future!    ●           RACE            ●    ✔ Fast  ✔ Secure  ✔ Anonymous
▄▄▄███      Masternodes  |  PoW  |  Secure  |  ASIC resistant  |  Lyra2REv2      ███▄▄▄
DISCORD                TWITTER
suchmoon
Legendary
*
Offline Offline

Activity: 3654
Merit: 8922


https://bpip.org


View Profile WWW
April 08, 2016, 11:37:13 PM
 #5
Quote from: rahman1988 on April 08, 2016, 11:20:18 PM
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Oh, so you know how to "move" coins. I wonder why you had to send the wallet file then? Instead of just sending the coins to the buyer.

And why did the password have to be in the LNK file?
xetsr
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 09, 2016, 12:16:09 AM
 #6
Quote from: rahman1988 on April 08, 2016, 11:20:18 PM
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Yeah... I don't think anyone is gonna fall for that. Might wanna try again  Roll Eyes

http://whois.domaintools.com/stemfund.com - Shared namecheap hosting. They'll take it down if enough people report it.
KenR
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000


「きみはこれ&#


View Profile
April 09, 2016, 03:38:55 AM
 #7
Quote from: rahman1988 on April 08, 2016, 11:20:18 PM
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

How can someone steal the coins leaked from the PM's ? Roll Eyes Aren't you the one trying to send the coins in a Zip File ? That's a new one dude! What were you actually thinking!
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████		  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████		  .WEBSITE.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
  .ANN THREAD.		.
▄▄▄▄▄▄▄▄		  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
Timelord2067
Legendary
*
Offline Offline

Activity: 3668
Merit: 2217


💲🏎️💨🚓


View Profile
April 26, 2016, 03:31:07 PM
 #8
Strange transactions: https://blockchain.info/tx/c54a42d272782ea1751425085baec5f8888e066d74b9cd801d95253678c0a5d7

1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS sends

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 3.999 BTC
157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 1.0009 BTC


https://blockchain.info/address/157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 only other transaction two days later is to send

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 1.599 BTC
1MRkXWDcvcPKKR1PpQUVbugKZtS1fewZQ6 0.01504649 BTC

https://blockchain.info/tx/c81739504b649b31002e7ce229e9962a07ad2c4aa4482567c6edf87e286db2fe


1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS also sends 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG directly more than once eg

https://blockchain.info/tx/95295cac37482d6aa7e6c814b196065819157d162caec7476804bc435632fa03
https://blockchain.info/tx/15d7a07ac0225a92ae3e15ce757818f2af0b78786b2c77fae091461c0ca90561
Stemfund
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
January 02, 2017, 05:00:36 PM
 #9
This guy is clearly a scammer. He has nothing to do with Stemfund.
Pages: [1]
  Print  
Bitcoin Forum > Economy > Trading Discussion > Scam Accusations > rahman1988 - posting links to password stealing malware
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!