Bitcoin Forum
June 25, 2019, 12:44:49 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: SCAM - Ulord(UT) FAKE ANN and FAKE Wallet to Spread Malware.  (Read 703 times)
JeromeTash
Full Member
***
Offline Offline

Activity: 378
Merit: 182


View Profile
May 10, 2019, 01:59:44 AM
Merited by DdmrDdmr (2), Juliya_D (1), Coolcryptovator (1), morvillz7z (1), ICOEthics (1)
 #1

What happened: FAKE ANN and FAKE Wallet which is infected with Virus while trying to impersonate an already existing Ulord Project

Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=1301111

ANN: https://bitcointalk.org/index.php?topic=5140680
Archived: http://archive.is/y57pI

Real GitHub Profile: https://github.com/UlordChain

Fake GitHub Profile: https://github.com/Ulord-UT
Archived: http://archive.is/hWyTx

FAKE WALLET

Code:
https://github.com/Ulord-UT/UlordChain/releases
The fake windows wallet is hosted on a Github repository whose profile is only 2 days old



Virustotal results

13 Engines detected the presence of a malware in the windows zipped folder
https://www.virustotal.com/gui/file/3045df425295d637b2e1a5678885c0bcf4b22ecbec292454bf1280e8f3a872df/detection



Additional Notes
- The original Ulord Project has no ANN in bitcointalk forum.
- The scammer is not affiliated with the original project and therefore he is trying to impersonate them to spread malware



Github profile and Ann reported

Mine RVN and with 0% mining fees and get paid in BTC, ETH, XMR or RVN.

www.cudominer.com Get Cudo Miner
Auto coin switching, third-party miners, overclocking and remote management (Win/Linux)
Run from a USB stick or install from an ISO image (Linux)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561466689
Hero Member
*
Offline Offline

Posts: 1561466689

View Profile Personal Message (Offline)

Ignore
1561466689
Reply with quote  #2

1561466689
Report to moderator
morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 10, 2019, 04:12:04 PM
 #2

Good find.

I'm almost 100% sure this one is connected with HyperCash [HC] the one that I exposed yesterday.

There are 3 more projects like this one currently being posted in Announcements (Altcoins). I'm just waiting for someone to safely VPS test these wallets, all GitHub profiles are fake, created in the last 3-4 days.

[ANN] [PoW] V-Dimension (VOLLAR)

[ANN] [ERC20] DUO Network Token

[ANN] [PoW/PoS] Nasdacoin (NSD)
ICOEthics
Sr. Member
****
Offline Offline

Activity: 392
Merit: 857



View Profile WWW
May 10, 2019, 04:32:47 PM
 #3

Good find.

I'm almost 100% sure this one is connected with HyperCash [HC] the one that I exposed yesterday.

There are 3 more projects like this one currently being posted in Announcements (Altcoins). I'm just waiting for someone to safely VPS test these wallets, all GitHub profiles are fake, created in the last 3-4 days.

[ANN] [PoW] V-Dimension (VOLLAR)

[ANN] [ERC20] DUO Network Token

[ANN] [PoW/PoS] Nasdacoin (NSD)

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)
This person was caught copying another project, he deleted the thread and opened a new one. Now someone just posted that there is a virus - I didnt find - maybe you can double check.

ICOEthics ━█ ██ Monitoring ICO Scams ██ █━ ICOEthics
☶ Browse ICO Scams List〚!〛Save your crypto from scammers〚!〛Submit a possible ICO scam ✎
morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 10, 2019, 04:44:02 PM
 #4

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)

This could very well be the reason behind all these fake ANN. It almost feels as like forum is under attack.  Undecided

Just look at recently created ones, all 5 of them...



@OP they have created another topic: https://bitcointalk.org/index.php?topic=5141572.0



HyperCash just got brand new ann, I wish theymos could go after those idiots and wipe them out.

 
ICOEthics
Sr. Member
****
Offline Offline

Activity: 392
Merit: 857



View Profile WWW
May 10, 2019, 04:59:12 PM
Merited by DdmrDdmr (1)
 #5

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)

This could very well be the reason behind all these fake ANN. It almost feels as like forum is under attack.  Undecided

Just look at recently created ones, all 5 of them...



@OP they have created another topic: https://bitcointalk.org/index.php?topic=5141572.0



HyperCash just got brand new ann, I wish theymos could go after those idiots and wipe them out.

 

Here, another one: W3Coin ($ 32.6 million sales) (maybe copying the real project?)
https://bitcointalk.org/index.php?topic=5141391.0


ICOEthics ━█ ██ Monitoring ICO Scams ██ █━ ICOEthics
☶ Browse ICO Scams List〚!〛Save your crypto from scammers〚!〛Submit a possible ICO scam ✎
morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 10, 2019, 06:36:37 PM
Last edit: May 11, 2019, 12:03:54 AM by morvillz7z
Merited by DdmrDdmr (2)
 #6

Here, another one: W3Coin ($ 32.6 million sales) (maybe copying the real project?)
https://bitcointalk.org/index.php?topic=5141391.0

They most certainly are using someone's project to inject malicious wallets, just like all other projects mentioned in this topic.

Fake GitHub is created just 9 hours ago: https://github.com/W3Coin-Software

Real one: https://github.com/w3coin


They are throwing one account after another, a third ANN thread opened for Ulord(UT).

https://bitcointalk.org/index.php?topic=5141597.0 (archived)

This time it's started by a senior member, I guess they have unlimited number of accounts to do this. Well, I can promise them I have unlimited time and desire to -ve tag each one of them.


EDIT;


All three, as expected, tested positive for malware:

Nasdacoin (ann archive)


DUO Network Token (ann archive)


V-Dimension (VOLLAR) (ann archive)


Big thanks to TakeItEasy, I will tag and report them all tomorrow.


EDIT2;

I can pretty much confirm all these ANNs are started by the same Russian scammers I've been chasing for over a month now.
Look which image hosting websites they use to upload their stolen screens at:

https://i.ibb.co/mbtxBYL/cleb-v-dimension.jpg
https://i.ibb.co/VqCvLMM/Daglo-Nasda.jpg
https://i.ibb.co/44mtmgQ/james-HCash.jpg
https://i.ibb.co/khnmps7/nonontech-DUO-Network-Token.jpg
https://i.ibb.co/YbTDd7j/yey09-Ulord.jpg

hugeblack
Hero Member
*****
Offline Offline

Activity: 728
Merit: 551


Not your code, Not your Coins, Dld FULLNODE wallet


View Profile
May 11, 2019, 09:42:17 AM
 #7

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)
I think that's because many people trust by default the files coming from Github.
Also, even if most of the file is compressed, an "Open Source" word is used to gain some trust.
There are some tips from the forum about this topic -----> Just because It’s on GitHub. It doesn’t mean it’s safe>
I hope that others report these pages to Gihub and Bitcointalk staff (malicious/virus wallets.)

ICOEthics
Sr. Member
****
Offline Offline

Activity: 392
Merit: 857



View Profile WWW
May 11, 2019, 08:58:38 PM
 #8


the OP for that ANN above (V-Dimension) deleted all his post, and opened a new thread here:

https://bitcointalk.org/index.php?topic=5141978.0
https://archive.is/scRz7

That person knows what he is doing - spreading virus/malicious software.

ICOEthics ━█ ██ Monitoring ICO Scams ██ █━ ICOEthics
☶ Browse ICO Scams List〚!〛Save your crypto from scammers〚!〛Submit a possible ICO scam ✎
morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 11, 2019, 09:01:11 PM
Last edit: May 11, 2019, 10:01:09 PM by morvillz7z
 #9

^ Yeah, I know...I will use this thread to report the rest of the fake ANN/GitHubs, there are 4-5 of them left.

I will update my post shortly!


[ANN] [POW/POS] Ulord (UT) Pre-Mine 50% (archived)

I lost count how many threads they have started for Ulord, user pushkarmore has been tagged, thread reported.


[ANN] [PoW] V-Dimension (VOLLAR) (archived)

v-dimension GitHub - original

V-Dimension GitHub - fake

Proof:

https://www.virustotal.com/gui/file/698a22b8225034a79e00c05d924f92da054c493a56e1adae5d858835f665c440/detection

https://www.virustotal.com/#/file/e4f7802967dca0e72aa4f2f95cce954a13465ab73f6e7d9b3804a8f55d4b993a/detection

User cleberw3b has been tagged, thread reported!


[ANN] [PoW/PoS] Nasdacoin (NSD) Wallet+Mining Software (archived)

Nasdacoin GitHub - original

NasdaCoin-NSD GitHub - fake

Proof:

https://www.virustotal.com/gui/file/3950c6c2894d019f182eef6164a9382a6c9b8130b71000646e78c56858413dd2/detection

User Daglo99 has been tagged, thread reported!


[ANN] [ERC20] DUO Network Token - (archived)

DUO Network Github - original

DUONetworkToken GitHub - fake

Proof:

https://www.virustotal.com/gui/file/8bb61f5e397529a5601f551eeb481d28f19200076f9380d31e354e212a1b3fff/detection

User nonontech has been tagged, thread reported!


There are two new fake ANNs posted by the same Russian scammers, I just need someone to safely test wallets first.

[ANN][ERC20] MultiVAC (MTV) - (archived)

[ANN] [Proof of Work] MIR COIN - (archived)

Fake MIR-COIN GitHub created just 12 hours ago - https://github.com/MIR-COIN

MultiVAC fake GitHub -  https://github.com/MultiVAC

JeromeTash
Full Member
***
Offline Offline

Activity: 378
Merit: 182


View Profile
May 11, 2019, 09:16:22 PM
 #10

Good job fellas.
Their new Ann are invalid now. Sorry I wasn't so much only for the past 36 hours but i am now back.

By the way looks like the person behind this kind of scam really farmed so many accounts before or hacked them because the accounts used are mostly member accounts and now we are seeing senior member accounts. Very rarely have i seen a newbie account being used lately.

I am going to create a thread to track all these kind of fake Ann scams starting this coming week. I will also dedicate my time to fight off this malware scammer.
Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:02:19 PM
 #11

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 11, 2019, 10:12:28 PM
 #12

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

You posted ANN thread for Ulord and links to fake GitHub with infected wallets.

I believe this is the thread, which is now deleted: https://bitcointalk.org/index.php?topic=5141572.0

Does anyone have it archived somewhere?



Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:20:31 PM
 #13

Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:22:32 PM
 #14

I can repeat my self this ACC was hacked I was even logout completely.

Bitcoin_Arena
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 156

Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
May 11, 2019, 10:24:49 PM
 #15

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.
You think you are a smart?
You deleted the topic and then came here claiming you never announced it

On the screenshot your name is clearly there on the Fake Ann.



Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

For starters
1. When was your account hacked?
2. How did you get it back?
3. When did you regain control of your account?

morvillz7z
Sr. Member
****
Online Online

Activity: 406
Merit: 699



View Profile
May 11, 2019, 10:29:32 PM
 #16

You think you are a smart?
You deleted the topic and then came here claiming you never announced it.

On the screenshot your name is clearly there on the Fake Ann.

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalk.org/index.php?topic=5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.
Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:30:06 PM
 #17

At first I wasn't able to login this account it was showing wrong password and when I finally get in I got to see this I wasn't even online yesterday to make a post I can't even make a post and get it of so quickly. Check this account well sir.

Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:33:10 PM
 #18

You think you are a smart?
You deleted the topic and then came here claiming you never announced it.

On the screenshot your name is clearly there on the Fake Ann.

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalk.org/index.php?topic=5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.
I won't have to lie definitely I was hacked because this account I saved it remember me I don't have to login offended. I was surprised I was logout when I opened my browser and I try to login I got a wrong password and when I tried again it went through and the next thing I saw was a Red trust.

Mrengage
Member
**
Offline Offline

Activity: 176
Merit: 10


View Profile WWW
May 11, 2019, 10:37:05 PM
 #19

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.
You think you are a smart?
You deleted the topic and then came here claiming you never announced it

On the screenshot your name is clearly there on the Fake Ann.



Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

For starters
1. When was your account hacked?
2. How did you get it back?
3. When did you regain control of your account?


I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!

Bitcoin_Arena
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 156

Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
May 11, 2019, 10:47:21 PM
Last edit: May 11, 2019, 11:00:03 PM by Bitcoin_Arena
 #20

I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!
Let me give you a benefit of doubt. Assuming you were not able to login, that means your password was changed right?
Why is it that on the seclog, there is nothing to show that your password was change?
BPIP too has no information showing that your password was changed recently

Look I am no hater or anything like that, I am just trying to reason



I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalk.org/index.php?topic=5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.
Maybe that could work too.
By the way i don't know much Spanish yet, so i don't know what really happened on that other guy's story but what i see on BPIP and Seclog is only one passowrd change that happened today

Quote
Today at 09:26:50 AM - bbvedf - password changed

And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!