Bitcoin Forum
July 16, 2019, 01:07:31 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Users spreading malware (cryptojacking) + strange behavior  (Read 411 times)
SFR10
Legendary
*
Offline Offline

Activity: 1386
Merit: 1197



View Profile WWW
October 20, 2018, 05:33:15 PM
Last edit: October 20, 2018, 06:26:59 PM by SFR10
Merited by suchmoon (4), Halab (2), Lafu (1), krogothmanhattan (1), Nameless27 (1)
 #1

Users in question:

a) Recently they both started posting (after a lengthy hiatus) multiple threads across different boards (including local boards).
b) I scanned the link of the service (Mammon) that they were promoting but nothing came up on virustotal and other similar website.
c) Then I checked the included YouTube link (only some of the threads have it). I noticed there's a different link (original one) on the description of the video than the one given on these new threads.
d) So I searched for the original thread and found it: Mammon - Desktop Ticker Price Tracker
e) Then I went over the other given links (from the above two users) and surprisingly, they included "this Medium link (explains the cryptojacking part)".
  • That was the strange part since it pushed me to look deeper and I end up finding the following connection:
    • I looked for other virustotal's alternatives and found "ReScan.pro" (result).
    • The above screenshot (result), only shows half of the link but if you go to "RedirectDetective" and paste the link address from "mammon (Download Mac App v0.2.9 button)", it "shows" that it's the exact same link (redirects) from the original website (teamfox [Download Mac App v0.2.8 button]).
Conclusion:
- The above results shows the connection between "seniorhuman, Rockford99 and rcocchiararo" and if we take the above "Medium" link into consideration, then these three users have spread malware (cryptojacking) across different boards and need to be punished.

This thread serves as a reference for my report.

Update
Another one: Pilippe - (Latest posts)

1563239251
Hero Member
*
Offline Offline

Posts: 1563239251

View Profile Personal Message (Offline)

Ignore
1563239251
Reply with quote  #2

1563239251
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Lafu
Legendary
*
Online Online

Activity: 1204
Merit: 1094



View Profile
October 20, 2018, 07:08:04 PM
Last edit: October 21, 2018, 12:06:33 PM by Lafu
 #2

Yeb they spam the whole forum with that kind of shitposts and links !

I reported them already !  

Hardcore Spamming !

- Pilippe  44  posts with that

- Rockford99  10 Posts

- rcocchiararo  6 posts

Update :

- Pilippe  is Banned

- rcocchiararo  3 topics removed

- Rockford99 3 topics removed 3 posts deleted

Halab
Staff
Sr. Member
****
Offline Offline

Activity: 644
Merit: 347



View Profile
October 21, 2018, 03:20:50 PM
Merited by SFR10 (1), Lafu (1), krogothmanhattan (1)
 #3

There was ReadySalted too, but he is already banned.

https://archive.fo/0nr6T
https://archive.is/zFHdK#selection-2381.4-2381.16
https://archive.fo/6QQP7#selection-3671.3-3671.15
https://archive.is/s3s82#selection-3225.4-3225.17
https://archive.is/Fzphm#selection-1901.4-1901.16
https://archive.is/bsHKS#selection-2999.3-2999.27

And an another "attack" today on french boards by n2liquid
https://archive.fo/lh87k#selection-1755.2-1755.15
https://archive.is/U3mzg#selection-3683.3-3683.29
https://archive.is/NAudG#selection-4879.1-4879.25
https://archive.is/NhK9k#selection-5551.3-5551.27
https://archive.is/HLI1v#selection-4761.3-4761.24
https://archive.is/Bc1SZ#selection-7077.0-7077.19
https://archive.is/Vkkaw#selection-4579.3-4579.25
https://archive.is/qaXDl#selection-1903.4-1903.17
https://archive.is/OsTXE#selection-3133.6-3133.17

Posts deleted on french boards, but I can't nuke him.

kenzawak
Hero Member
*****
Offline Offline

Activity: 644
Merit: 846



View Profile
October 21, 2018, 03:22:06 PM
Last edit: October 21, 2018, 03:55:02 PM by kenzawak
 #4

Thanks to Halab, I just noticed this thread.
I posted about n2liquid earlier here :
https://bitcointalk.org/index.php?topic=5054593.0

He keeps posting the same shit everywhere about his app :

https://bitcointalk.org/index.php?action=profile;u=25800;sa=showPosts

https://archive.fo/7A4aG

I reported his last 8 posts but I guess he's not done.

Can someone ban this guy ?

EDIT : the French moderator just posted that the link this guy posted was leading to a malware.
Lafu
Legendary
*
Online Online

Activity: 1204
Merit: 1094



View Profile
October 21, 2018, 03:47:24 PM
 #5

~Snip~

Nice dude , i have reported on the German board some too !
And they also got deleted !
Halab
Staff
Sr. Member
****
Offline Offline

Activity: 644
Merit: 347



View Profile
October 21, 2018, 03:58:07 PM
 #6

And they also got deleted !

And n2liquid, Rockford99, rcocchiararo are already banned. Thanks Global Mods.
kenzawak
Hero Member
*****
Offline Offline

Activity: 644
Merit: 846



View Profile
October 21, 2018, 04:16:07 PM
Last edit: October 21, 2018, 04:28:18 PM by kenzawak
Merited by SFR10 (1)
 #7

Another one just appeared :

chessdragon

https://archive.fo/7xbGD

I have a feeling this could last for a while.
tmfp
Legendary
*
Offline Offline

Activity: 1498
Merit: 1428


大智若愚


View Profile
October 21, 2018, 04:43:34 PM
 #8

There's a number of c.2011 registered accounts about that have recently been reactivated for spamming.

Extraordinary Claims require Extraordinary Evidence
LFC_Bitcoin
Copper Member
Legendary
*
Offline Offline

Activity: 1764
Merit: 1909


One of the world's leading Bitcoin-powered casinos


View Profile
October 21, 2018, 04:48:44 PM
 #9

Another one just appeared :

chessdragon

https://archive.fo/7xbGD

I have a feeling this could last for a while.

I literally just noticed the behaviour of chessdragon & made a thread requesting a mod to nuke him/her.
He/she made 15 shill posts today but before that last activity was 2011.




Code:
[center][table][tr][td][url=http://bit.ly/WelcomeToBitcasino][size=2pt][tt][color=#FF5111]       ██
       ▄▄   ▄▄
  ▐██ ▐██▌ ▐██▌
       ▄▄        ▄▄
▀  ▀  ▐██▌      ████
       ▄▄   ▄▄   ▀▀
▀  ▀  ████ ▐███
       ▀▀   ▀▀   ▄▄
▀  ▀  ▐██▌      ████
       ▀▀        ▀▀
  ▐██ ▐██▌ ▐██▌
       ▀▀   ▀▀
       ██[/size][/td]
[td][color=transparent][size=2pt].[/size][/color]
[url=http://bit.ly/WelcomeToBitcasino][color=#444][font=ubuntu,arial][size=18pt]Bitcasino[color=#FF5111].[/color]io[/size][/font][/td][td][/td][td][/td][td][/td]
[td][size=20pt][color=#ccc]│[/size][/td]
[td][color=transparent][size=1pt].[/size][/color]
[url=http://bit.ly/WelcomeToBitcasino][size=11pt][font=arial black][glow=#241651,2][size=10pt][color=#241651].....[/color][/size][font=calibri,arial][b][color=#fff]First licensed[font=arial black][size=10pt][color=#241651]......
.....[/size][/font][color=#FF5111]Bitcoin casino[font=arial black][size=10pt][color=#241651]....[size=9pt].[/size][/color][/size][/glow][/font][/td]
[td][color=transparent][size=1pt].[/size][/color]
[url=http://bit.ly/WelcomeToBitcasino][size=11pt][font=arial black][glow=#241651,2][size=10pt][color=#241651].....[/color][/size][font=calibri,arial][b][color=#fff]100% bonus[font=arial black][size=10pt][color=#241651].....
.....[/size][/font][color=#FF5111]Up to 1 BTC[font=arial black][size=10pt][color=#241651].....[size=7pt].[/size][/color][/size][/glow][/font][/td]
[td][color=transparent][size=1pt].[/size][/color]
[url=http://bit.ly/WelcomeToBitcasino][size=11pt][font=arial black][glow=#241651,2][size=10pt][color=#241651].....[/color][/size][font=calibri,arial][b][color=#fff]24/7 Support[font=arial black][size=10pt][color=#241651].....
.....[/size][/font][color=#FF5111]Fast Payouts[font=arial black][size=10pt][color=#2416
asche
Hero Member
*****
Offline Offline

Activity: 560
Merit: 635


I forgot more than you will ever know.


View Profile
October 21, 2018, 04:53:37 PM
 #10

Another one just appeared :

chessdragon

https://archive.fo/7xbGD

I have a feeling this could last for a while.

Also reported here :

https://bitcointalk.org/index.php?topic=5054636

SFR10
Legendary
*
Offline Offline

Activity: 1386
Merit: 1197



View Profile WWW
October 21, 2018, 05:11:25 PM
 #11

~Snipped~
~Snipped~
~Snipped~
~Snipped~
Thank you for contributing guys...

There's a number of c.2011 registered accounts about that have recently been reactivated for spamming.
Unfortunately, you're right. The good thing is the fact that, they're using "Newbie" accounts and this can easily be fixed with adding that website into "suspicious links blacklist (in case an admin reads this [the sooner the better])".

asche
Hero Member
*****
Offline Offline

Activity: 560
Merit: 635


I forgot more than you will ever know.


View Profile
October 21, 2018, 05:35:28 PM
 #12

~Snipped~
~Snipped~
~Snipped~
~Snipped~
Thank you for contributing guys...

There's a number of c.2011 registered accounts about that have recently been reactivated for spamming.
Unfortunately, you're right. The good thing is the fact that, they're using "Newbie" accounts and this can easily be fixed with adding that website into "suspicious links blacklist (in case an admin reads this [the sooner the better])".

Not sure you linked the topic you wanted.
Is there a topic thats lists suspicious link posted around here? As "suspicious links blacklist" seems to indicate?

SFR10
Legendary
*
Offline Offline

Activity: 1386
Merit: 1197



View Profile WWW
October 21, 2018, 06:32:16 PM
 #13

Not sure you linked the topic you wanted.
I linked "an specific post (that briefly explained about the subject in those quote marks) within a topic".

Is there a topic thats lists suspicious link posted around here? As "suspicious links blacklist" seems to indicate?
No, there isn't any (AFAIK). Only an admin (e.g. theymos) has access to such list.

kenzawak
Hero Member
*****
Offline Offline

Activity: 644
Merit: 846



View Profile
October 22, 2018, 11:13:01 AM
Merited by Halab (2)
 #14

One more :

dyiosah

https://archive.fo/RQxC2
Lafu
Legendary
*
Online Online

Activity: 1204
Merit: 1094



View Profile
October 22, 2018, 11:18:07 AM
 #15


Is still reported , hopefuly they all get banned !
Halab
Staff
Sr. Member
****
Offline Offline

Activity: 644
Merit: 347



View Profile
November 15, 2018, 01:13:55 PM
Merited by kenzawak (1)
 #16

Mammon strikes back in french section with the user FRanz33 (Date Registered:   12 March 2011, 08:39:18)

https://archive.fo/uZWEq#selection-3671.17-3671.24
https://archive.is/bjReS#selection-539.17-539.24
https://archive.is/J2pF7#selection-2749.17-2749.24
https://archive.is/sKnmj#selection-1911.17-1911.24
https://archive.is/DaZtf#selection-5015.17-5015.24

and a lot more messages in other local section.
Please ban.
kenzawak
Hero Member
*****
Offline Offline

Activity: 644
Merit: 846



View Profile
November 15, 2018, 09:17:43 PM
Merited by Halab (2)
 #17

Ferr is another handle spreading this shit :

Ferr

https://archive.fo/5K2Kd
https://archive.fo/d6kPL
Halab
Staff
Sr. Member
****
Offline Offline

Activity: 644
Merit: 347



View Profile
November 16, 2018, 01:47:35 PM
 #18

Mammon's Spam of the Day with pozhuk.

https://archive.fo/TdLT7#selection-4263.0-4263.6
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!