Bitcoin Forum
December 15, 2017, 07:01:59 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [WARNING] be careful about Electron Cash or the fork of Electrum for BCC  (Read 2849 times)
pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
July 31, 2017, 04:36:38 PM
 #1

the http://www.electroncash.org/ website which is being blocked now by my Antivirus as a malicious site (Eset Smart Security 10.1) so i can not and will not check and see if the GitHub repository that people advertise is also listed there or not (don't have a sandbox to check).

but i see people advertise this as their repository: https://github.com/fyookball/electrum
this is the same person: https://bitcointalk.org/index.php?action=profile;u=261027

and there is a Warning issued by ThomasV (the creator and maintainer of the original Electrum repository) which i will share here:

WARNING: "Electron Cash" will copy all your Electrum wallets to its own directory, and their binaries are anonymous:

this is the linked commit: https://github.com/fyookball/electrum/commit/0fc02cceee9d3465849dcecb2c1126de7cf65550

Note: the BCC version was renamed to "Electron cash" instead of "Electrum cash". and it is just a rename. so don't be confused.


Plain English aka Newbie friendly
do two things:
1. if you wanted to use Electron Cash, download and compile from source code NOT the binaries.
2. follow https://electrum.org/bcc2.txt you can use a live linux for your "another machine"

1513321319
Hero Member
*
Offline Offline

Posts: 1513321319

View Profile Personal Message (Offline)

Ignore
1513321319
Reply with quote  #2

1513321319
Report to moderator
1513321319
Hero Member
*
Offline Offline

Posts: 1513321319

View Profile Personal Message (Offline)

Ignore
1513321319
Reply with quote  #2

1513321319
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
July 31, 2017, 10:03:22 PM
 #2

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

HCP
Sr. Member
****
Online Online

Activity: 448

<insert witty quote here>


View Profile
August 01, 2017, 12:50:04 AM
 #3

It is definitely a piece of malware:
So ONE detection (by an AntiVirus app that I've never heard of... 9th result on google for WhiteArmor Antivirus??!?) while 61 others come up clean = "definitely"? Huh

Don't get me wrong... I'm not endorsing nor claiming that this software is legit... but it may not be time for the torches and pitchforks just yet...

pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
August 01, 2017, 03:31:03 AM
 #4

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

i agree with HCP.
this most probably is the same false positive that people have been reporting about Electrum for ages on different releases.  and virustotal is known to have these types of false positive about any binary.

malware is the last thing you should worry about. the Electron Cash client is an anonymously signed binary that you are willingly giving your private keys (seed or wallet file) to. stealing your coins is going to be easy and anonymous without needing a malware.

nerioseole
Hero Member
*****
Offline Offline

Activity: 650


View Profile
August 01, 2017, 03:34:48 AM
 #5


malware is the last thing you should worry about. the Electron Cash client is an anonymously signed binary that you are willingly giving your private keys (seed or wallet file) to. stealing your coins is going to be easy and anonymous without needing a malware.

Totally agree with you: have a look at the few lines of code that are required to steal your bitcoins - from the last heist attempt in January:  https://bitcointalk.org/index.php?topic=1772080.msg17686982#msg17686982  A binary from an anonymous developper can easily run similar code on your computer.
Niya
Sr. Member
****
Offline Offline

Activity: 476


Metta - one spot for every service you need


View Profile
August 02, 2017, 02:34:54 PM
 #6

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.


        ▄████████████████████▌
       ██████████████████████
      ▐████████████████████▀

          ▄▄▄▄         ▄▄▄▄▄
  ▄▄███ ▄███████▄   ▄█████████▄
 █████████████████ █████████████
████████████████████████████████▌
████████▀   ▀████████▀   ▀███████
███████      ▐██████▌     ▐██████
███████       ██████       ██████
███████       ██████       ██████
███████       ██████       ██████
███████       ██████       ██████
███████       ██████       ██████
███████       ██████       ██████
███████       █████▌       █████▌
███████       ████▀        ████▀
██████▌
█████▀
▀▀▀▀


▬▬▬▬▬▬▬▬▬▬HOMEPAGE▬▬▬▬▬▬▬▬▬▬WHITEPAPER▬▬▬▬▬▬▬▬▬▬YOUTUBE▬▬▬▬▬▬▬▬▬▬|▬▬▬▬▬▬▬▬▬▬WHATSAPP▬▬▬▬▬▬▬▬▬▬TELEGRAM▬▬▬▬▬▬▬▬▬▬FACEBOOK▬▬▬▬▬▬▬▬▬▬TWITTER▬▬▬▬▬▬▬▬▬▬
«UBERIZATION» PLATFORM ///» #True Reviews System
»FOR OFFLINE SERVICES    ///» #Built-in Messenger   #In-house Currency

jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 02, 2017, 02:47:00 PM
 #7

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

kolloh
Legendary
*
Offline Offline

Activity: 1176


View Profile
August 02, 2017, 04:49:58 PM
 #8

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.
thantos
Newbie
*
Offline Offline

Activity: 23


View Profile
August 07, 2017, 02:24:23 PM
 #9

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.

Two things can come up false-positive for entirely different reasons unless you have taken out the suspect variable and determined that that is the only one causing false-positives? I don't know anything about AVs but if it reports the specific lines of code that are raising malware flags on both....
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 07, 2017, 06:13:59 PM
 #10

It is definitely a piece of malware:
https://virustotal.com/en/file/66fc16d1d9782f32d0f73bd5cd109a3a9b89003b2eb70daa18d4205235d7f40a/analysis/1501537953/

I'd suggest, if you're going to use this, to use it on a computer you're happy completely wiping immediately after it has been used.
(this is a test of the windows binaries).

Try to test the official Electrum wallet for BTC on virustotal and you'll get the same warnings about malware, etc.

I just tried: https://virustotal.com/en/file/98dbe16fefd472b3fb68e2f6e491954cc21ef06cc489588d435b09ab15418f52/analysis/1501684402/
Try on your own if you don't trust me!

So stop spreading FUD and relate to serious stuff.

Yes it is probably harmless then.
It got flagged by the same AV as electrocash and for the same reason as well. So it's probably safe. Caution is still advisable though.

Yeah, it is likely just a false positive and isn't malware. I'd still advise running in a VM or a separate PC to keep it isolated from your primary Electrum wallets just as a good general security precaution.

Two things can come up false-positive for entirely different reasons unless you have taken out the suspect variable and determined that that is the only one causing false-positives? I don't know anything about AVs but if it reports the specific lines of code that are raising malware flags on both....

It is strange that one was only flagged on both though?
There were about 5/6 for the other electrum malware and this only has one. So there must have been those parts that were edited as well (that's probably part of the issue stated on other threads about having to manually find servers and datafiles whereas, the other electrum seeks them out automatically - there may be other features missing too - that are just perks to the software).

BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 994



View Profile WWW
August 12, 2017, 07:05:21 PM
 #11

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
August 13, 2017, 04:25:30 AM
 #12

download it only from trusted sources!
h t tps://github . com/ electroncash / windows-linux

"trusted"?
where did you even get that link from? that is not the trusted link. you are probably knowingly or unknowingly spreading malicious wallet.

the link to the source which is known and also listed on http://www.electroncash.org/ is the following:
https://github.com/fyookball/electrum

HCP
Sr. Member
****
Online Online

Activity: 448

<insert witty quote here>


View Profile
August 13, 2017, 08:56:07 AM
 #13

At minimum just run your own Bitcoin ABC client.
Can I ask why you consider Bitcoin ABC to be OK, but Electron Cash to be potentially "risky"? I don't really see any solid evidence that either of these wallet is "safer" than the other... especially when it comes to using binaries.

NOTE: I don't really see anything wrong with the ElectronCash sources... the modifications after the fork from Electrum look "OK"... however I can't comment on the "trustworthiness" of the binaries though.

Lionel
Sr. Member
****
Offline Offline

Activity: 398


View Profile
August 14, 2017, 12:58:33 AM
 #14

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

With Trezor or Ledger, can you claim your  BCC  with your seed as you do with Electron Cash?
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 19, 2017, 05:05:09 PM
 #15

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

I think you need to reassess those.

There have been quite a few security risks in relation to trezor especially and the unencrypted data it loads on startup. Look here
Ledger's have less dangers with them though however.

No offense but with both Trezor and Ledger Nano S both supporting BCH now I think you have to be nuts to use Electron Cash. If you can't afford a hardware wallet you probably should not be in the game. At minimum just run your own Bitcoin ABC client.

With Trezor or Ledger, can you claim your  BCC  with your seed as you do with Electron Cash?

And yes, they do suport quite a few altcoins, BCC being one of them.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!