[WARNING] be careful about Electron Cash or the fork of Electrum for BCC

[pooya87]

the http://www.electroncash.org/ website which is being blocked now by my Antivirus as a malicious site (Eset Smart Security 10.1) so i can not and will not check and see if the GitHub repository that people advertise is also listed there or not (don't have a sandbox to check).

but i see people advertise this as their repository: https://github.com/fyookball/electrum
this is the same person: https://bitcointalk.org/index.php?action=profile;u=261027

and there is a Warning issued by ThomasV (the creator and maintainer of the original Electrum repository) which i will share here:

WARNING: "Electron Cash" will copy all your Electrum wallets to its own directory, and their binaries are anonymous:

this is the linked commit: https://github.com/fyookball/electrum/commit/0fc02cceee9d3465849dcecb2c1126de7cf65550

Note: the BCC version was renamed to "Electron cash" instead of "Electrum cash". and it is just a rename. so don't be confused.

Plain English aka Newbie friendly
do two things:
1. if you wanted to use Electron Cash, download and compile from source code NOT the binaries.
2. follow https://electrum.org/bcc2.txt you can use a live linux for your "another machine"

[jackg]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

[HCP]

It is definitely a piece of malware:

So ONE detection (by an AntiVirus app that I've never heard of... 9th result on google for WhiteArmor Antivirus??!?) while 61 others come up clean = "definitely"?

Don't get me wrong... I'm not endorsing nor claiming that this software is legit... but it may not be time for the torches and pitchforks just yet...

[pooya87]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

i agree with HCP.
this most probably is the same false positive that people have been reporting about Electrum for ages on different releases.  and virustotal is known to have these types of false positive about any binary.

malware is the last thing you should worry about. the Electron Cash client is an anonymously signed binary that you are willingly giving your private keys (seed or wallet file) to. stealing your coins is going to be easy and anonymous without needing a malware.

[Niya]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

[jackg]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

[kolloh]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.

[thantos]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.

Two things can come up false-positive for entirely different reasons unless you have taken out the suspect variable and determined that that is the only one causing false-positives? I don't know anything about AVs but if it reports the specific lines of code that are raising malware flags on both....

[jackg]

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.

Two things can come up false-positive for entirely different reasons unless you have taken out the suspect variable and determined that that is the only one causing false-positives? I don't know anything about AVs but if it reports the specific lines of code that are raising malware flags on both....

It is strange that one was only flagged on both though?
There were about 5/6 for the other electrum malware and this only has one. So there must have been those parts that were edited as well (that's probably part of the issue stated on other threads about having to manually find servers and datafiles whereas, the other electrum seeks them out automatically - there may be other features missing too - that are just perks to the software).

[BitcoinNewsMagazine]

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

[pooya87]

download it only from trusted sources!
h t tps://github . com/ electroncash / windows-linux

"trusted"?
where did you even get that link from? that is not the trusted link. you are probably knowingly or unknowingly spreading malicious wallet.

the link to the source which is known and also listed on http://www.electroncash.org/ is the following:
https://github.com/fyookball/electrum

[HCP]

At minimum just run your own Bitcoin ABC client.

Can I ask why you consider Bitcoin ABC to be OK, but Electron Cash to be potentially "risky"? I don't really see any solid evidence that either of these wallet is "safer" than the other... especially when it comes to using binaries.

NOTE: I don't really see anything wrong with the ElectronCash sources... the modifications after the fork from Electrum look "OK"... however I can't comment on the "trustworthiness" of the binaries though.

[Lionel]

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

With Trezor or Ledger, can you claim your  BCC  with your seed as you do with Electron Cash?

[jackg]

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

I think you need to reassess those.

There have been quite a few security risks in relation to trezor especially and the unencrypted data it loads on startup. Look here
Ledger's have less dangers with them though however.

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

With Trezor or Ledger, can you claim your  BCC  with your seed as you do with Electron Cash?

And yes, they do suport quite a few altcoins, BCC being one of them.