Report Malware and Suspicious Links here so Mods can take Action !

[BABY SHOES]

It seems that these gangs are not tired of continuing to spread malware by spreading it in self-moderated threads.
With accounts created in 2021 created simultaneously and now waking up again to spread it.

Account name:
Fatendisto - Create October 01, 2021, 06:38:54 PM
vikolkolpet - Create October 01, 2021, 06:40:37 PM
hafuterkina - Create October 01, 2021, 06:42:27 PM
jugujikolesad - Create October 01, 2021, 06:49:15 PM
Kerikostaw - Create October 01, 2021, 06:53:15 PM
ANN
Berto Coin - Your Very Own 3D Printed Bitcoin
Alfalah Coin - The Ultimate Crypto Innovation for Charity & Local Businesses
PID Coin - Empowering Internet Users with Personal Data Ownership
Modic Coin (MODIC) - Your Modern Investment Coin
StefanCoin - Your Politically Correct, Decentralized Coin
Fake Github

Code:

https://github.com/berto-coin/berto-coin/releases/tag/v1.2.0
https://github.com/Alfalah-Coin/Core/releases/tag/v1.1.3
https://github.com/Pid-Coin/Core/releases/tag/v1.1.1
https://github.com/Modic-Coin/modic-coin/releases/tag/v1.3.3
https://github.com/Stefan-Coin/Core/releases/tag/v1.0.2

The file size is the same as yesterday above
Checking on Virustotal detected a trojan virus/malware

Code:

https://www.virustotal.com/gui/file/1d5a517283b717ceb309b1a524de9e34d3ae9553f5111ba4b87be1c907e7e9a3
https://www.virustotal.com/gui/file/c47fde0015a1f5f3d39ffb4522b54f37c3528833ccca7b24e2839c9077388b3a?nocache=1
https://www.virustotal.com/gui/file/1362f6dd1a93d80b8134512f2848890b812326feb3c55b0cd95e1f6a4b38653c?nocache=1
https://www.virustotal.com/gui/file/a512218aa9ce5b4dd1619679d34ed8d944c08348ed5009840ac2721f37f4b088?nocache=1
https://www.virustotal.com/gui/file/4810f16c9f6dec19a9fe38405634a893cf12cbb1f78dfa84232356a84591a6df?nocache=1

[1714320475]

1714320475

[1714320475]

1714320475

[1714320475]

1714320475

[1714320475]

1714320475

[BABY SHOES]

Spreading Malware with fake ANN Although it has been tagged by @Lafu today but I think it is necessary to report here and action,

Account name SirenaMoon - ban
Thread: [ANN] [SRN] SirenaProject - collective help for profit [FiroPOW/Mineable now] & [ANN] [SRN] SirenaProject - collective help for profit [Mineable now]

Code:

https://github.com/SirenaProject/SirenaCoin/blob/main/SirenaProject-main.zip

Check on Virustotal which detected Malware


Additional edits
Malware spreading fraudsters have created new accounts by creating the same thread and with the thread locked.

Account name CoronelsN

ANN
[ANN] [NSR] SIR - crypto messenger for communication (FiroPOW/Fast start)

[Lafu]

~~~~~~

Thanks afor keeping your eyes open and that reported the threads and things , i was just on the mobile earlier when i tagged the Account.
Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

[BABY SHOES]

Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

Yes we must continue to report in every thread that is suspicious of spreading malware here, most of what I find are newbie accounts that have just been registered.
Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Account name: SirkonaMoment
ANN: [ANN] [KRS] Sirkona - safety communication [ProgPow]

Don't click

Code:

https://github.com/SirkonaCoin/Sirkona/releases/download/1.0.0/SirkonaProject-win-v1.0.0.zip

[Lafu]

Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Yes you are right with the last Fake Ann , the Fake Github github.com/SirkonaCoin was just created 4 Hours ago.
Nice to hear that you dont get tired of reporting them , thats for sure a big help fighting against this things.
Looks like they got not anymore hacked Accounts that they can use as the last ones new Accounts.

[BABY SHOES]

There is an old thread in June still not reported, because their site is active and also the shitcoin is traded on the Xeggex exchange after making a deeper search by checking the downloaded wallet and then checking in Virustotal detected Malware.
Even worse, they tried to create a new ANN with a new account to spread it, fortunately now we are reporting them.

Account name
ReactiveBitcoin Create Today
SquishyCoin 

ANN
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]
[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Fake GitHub

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

Detected

Code:

https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1

[Lafu]

In this case you are not right BABY SHOES !

The Github you have posted is no Fake one and what you see in the Virustotal scan detection here
https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1 is a false postive detection one for miners.

This one here is fine and original Ann Thread:
SquishyCoin

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Account name
ReactiveBitcoin Create Today
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]

This one here is for sure a Fake one and i guess soon there will be an fake github link edited in there.

[Lafu]

And we have a new Fake Miner Topic with a new Fake download Github Account Link with Malware for Pooler CPUMiner !

The Fake Github Account was created 3 days ago.

Fake Github : github.com/poooIer/cpuminer
Real Github : github.com/pooler/cpuminer

Account : BitTargetPlus  <--- Please ban or Lock that Account and delete the Thread
Its a new Fake Account from the Hackers and was just Registered yesterday.

Fake Miner Thread : The latest release of Pooler CPUMiner v2.5.2 is now available.

Current Version: 2.5.2 (Okt 19, 2023)

Code:

https://github.com/poooIer/cpuminer/blob/v2.5.2

There is no new Version of that CpuMiner!

Original CpuMiner Thread :  An (even more) optimized version of cpuminer (pooler's cpuminer, CPU-only)

Account :  pooler

Current Version: 2.5.1 (Jun 25, 2020)
https://github.com/pooler/cpuminer

This post is also a reference for the Github Report !

[light_warrior]

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

bitbooster

https://bitcointalk.org/index.php?topic=2460715.msg63064522#msg63064522
https://bitcointalk.org/index.php?topic=5048062.msg63064412#msg63064412
https://bitcointalk.org/index.php?topic=5195589.msg63064364#msg63064364

Link to virustotal

Code:

https://www.dropbox.com/scl/fi/o05mj6j7asredpbpd7kcs/Installer-Install-2023_v3x.1t.zip?rlkey=uvkxs4gid3dmea7ieomkspwhq&dl=1

UPD

Another comrade is circulating the same link

kerncc1

https://bitcointalk.org/index.php?topic=5297994.msg63064766#msg63064766
https://bitcointalk.org/index.php?topic=4453897.msg63064717#msg63064717
https://bitcointalk.org/index.php?topic=4453897.msg63064717#msg63064717

[Lafu]

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

Its enough and the detections from Virustotal are not false positive and you was right to report them here.
Thanks for keeping your eyes open , i also reported posts from all 2 Users and they are already deleted.
I also reanalyzed the file again on Virustotal and it got now 3 detections , thanks again for let me know about that.

[Lafu]

We have another Fake Ann with an Fake Github Account that have a Trojan and Malware download Link for OgreCoin !

The Fake Github was just created 2 Hours ago.

Fake Github : github.com/Ogrecoin

Account : jfedirolaret  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Fake Ann Thread :  [ANN] [OGR] OgreCoin - meme token destroyer, WHOAAA (Ghostrider)

Ogre wallet

Code:

https://github.com/Ogrecoin/OgreOgre/releases/tag/0.0.1

Virsutotal Link : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722?nocache=1

The strange thing here is the behavior of the File when it gets installed and started.
It create this file here and starts it when the Fake Wallet file gets started.

Code:

C:\Users\<USER>\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722/behavior


And the same Fake Ann and a Fake Github Account we got here for ARMATA  !

The Fake Github Account was just created 16 Hours ago.

Fake Github : github.com/ArmataProject

Account : Taretionks  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Our Github

Code:

https://github.com/ArmataProject/Armata

Virustotal : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/detection

And same here there will be a file created with name PhoenixMinerReborn.exe

Code:

C:\Users\<USER>\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/behavior

This post is also a reference for the Github Report !

[BABY SHOES]

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

[Lafu]

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

Yeb you are right its a Fake Ann Topic with a new Fake Github Account with malware download Link !
The Fake Github Account was just created 39 Minutes ago

The downloaded File also create and starts the same PhoenixMinerReborn.exe as the last 2 other Fake Ann downloads.

Code:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385/behavior

[BABY SHOES]

Fake Ann Thread :  [ANN] [OGR] OgreCoin - meme token destroyer, WHOAAA (Ghostrider)

This user appears again with his fake ANN, even though he has been tagged by you, at least I am reporting again here so that this user is banned.

ANN Fake: [ANN] [OGR] OgreCoin (Ghostrider)
User: vesko_savov - Please ban this user and lock the thread.

Ogre wallet
Github: https://github.com/OgreProject/Ogre/releases/tag/1.0.0
Source: https://github.com/OgreProject/Ogre/blob/main/Ogrecoin-master.zip

[pinggoki]

This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.

I've checked the 5 pages of his post and it's just bounty related posts so I might not be too inclined to believed that this account is hacked, there's not a lot of effort invested in this account so it's easy for him to just use it to share a Trojan, if I were on that person's shoes and there's an opportunity for me to do it with an account that has some significant activity to hide my intentions (sharing links in the posts most of the time so it's likely that someone will click on my links without thinking about it.), I would probably do it too. Although I could be wrong though and this account really is hacked but that's unlikely since the hacker won't really get anything out of hacking this account wouldn't they?

[BABY SHOES]

I found two fake ANNs spreading viruses via download links on github!

ANN Fake: [INS] InternetSecurity - protect you from phishing attempts [CPU mining]][ANN] [INS] InternetSecurity - protect you from phishing attempts [CPU mining]
User: js2105 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/1aa7a5d6aa38f4e5a4b641ccf6d5d7bdf4a96b86059b457e8cd0b49f00544008/detection

Wallets
Windows: https://github.com/InternetSec/InternetSec/releases/tag/1.2.1
Source: https://github.com/InternetSec/InternetSec/

ANN Fake: [ANN] [BRV] BitcoinRivera - most security system [Scrypt]
User: Bitcoin@111 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc

Wallets
Windows: https://github.com/BitcoinRivera/BRV/releases/download/1.0.0/BitcoinRiveraCore.zip
Linux: coming soon

What we see again is that the file is created with the name PhoenixMinerReborn.exe.
As @Lafu reported here.

Code:

C:\Users\<USER>\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc/behavior

[Lafu]

This user appears again with his fake ANN, even though he has been tagged by you, at least I am reporting again here so that this user is banned.

Thanks for keeping your eyes open and reporting this kind of posts and topics.
Yeah it was late when i saw that user and just tagged him and reported the thread , would have written it the other day but you was faster.
Oh and can you please use the code function and edit your last posts so that nobody can click on the Links , would be nice.

Looks like after a short break they starting again to post there Malware shit Links , but i am ready.

Although I could be wrong though and this account really is hacked but that's unlikely since the hacker won't really get anything out of hacking this account wouldn't they?

They dont care about the Accounts or what is related to them , they just want to spread there Fake Malware Links and sometimes somenody falls in that trap.
Then they can use this Account again and doing the same with it and on top of that they get all his coins if they lucky.

[Lafu]

And we have a new Fake Ann with an Fake Github Malware download Link for Etica !

Fake github : github.com/etilca
Real Github : github.com/etica

Account : Redox778  <--- Please ban or Lock that Account and delete the Thread
Looks like that Account got hacked as the last year it just posted in the Bountie section.

Fake Ann Thread :  [ANN] ETICA - open source medical research (Rework blockchain/ETChash)

Code:

https_://github.com/etilca/etlca-gui/releases/download/1.0.7/Windows-eticawallet-1.0.7.zip/

Original Ann Thread : [ETI] Etica - A cryptocurrency for Open Source medical research

Account : etica

Wallet
https://github.com/etica/etica-gui/releases

And again from a other User posted the same Fake Ann and Fake Github  !

Account : tasin78  <--- Please ban or Lock that Account and delete the Thread
Looks like this Account also got hacked or sold.

Fake Ann Thread : ETICA COIN - open source protocol for medical research (etchash)

Wallets

Code:

https://github.com/etilca/etlca-gui/releases/download/1.0.7/Windows-eticawallet-1.0.7.zip

This post is also a reference for the Github Report !

[Lafu]

And we have again a new Fake Ann Thread with an Fake Github Account for nikitonium !

Fake Github was just created 5 Hours ago.

Fake Github : github.com/nikitonum
Real Github : github.com/nikitonium

Account : voelker  <--- Please ban or Lock that Account and delete the Thread
Registered on January 31, 2016 and today first post , possible hacked or sold Account

Fake Ann Thread : [ANN] [NIK] Nikitonum - Secure Cryptocurrency Blockchain (Ghostrider)

Windows:

Code:

https://github.com/nikitonum/nikito/releases/download/2.0.2.3/windows-nikito-2.0.2.3.zip

Original Ann Thread : [ANN] WITHOUT A BLOCKCHAIN, $NIKI CANNOT EXIST

Account : nikitonium

Windows :
https://github.com/nikitonium/nikito/releases/download/2.0.2.3/windows-nikito-2.0.2.3.zip

This post is also a reference for the Github Report !

[Lafu]

And there is again a new Fake Ann Thread with a new Fake Github Account with Malware for DoubleNode !

The Fake Github Account was just created 1 Hour ago.

Fake Github : github.com/DoubleNodeCoin
Real Github : github.com/DoubleNode

Account : Henrique250  <--- Please ban or Lock that Account and delete the Thread
The Account is Registered since September 08, 2017 without any post , possible Hacked or sold Account.

Fake Ann Thread :  [Pre-ANN] DoubleNode - experimental mining project [ProgPow/MN]

Wallet

Code:

https://github.com/DoubleNodeCoin/Experimental/releases/download/1.1.1/doublenodecore.zip

A testnet is currently being conducted to test all systems. Coins mined on the testnet will be transferred to the mainnet in a 1:1 ratio

First Red Flag
is that normaly no Coins mined from the testnet will be transferred to the mainnet.

Next Red Flag is:
When you install the Github download file it will create a lot of bad things.
One of them is the File C:\Windows\Supremo.exe that is a Remote Control Program.
Virsutotal : https://www.virustotal.com/gui/file/79c7262e1335c522daa70fc65fb58b1435b28e0bbf2b21a88d6c03f8135a4da5/behavior


And again there is another new Fake Ann with a new Fake Github Account for nikitonium !

Fake Github was created 1 Hour ago.

Fake Github : github.com/nikitoniums
Real Github : github.com/nikitonium

Account : mrhakas565  <--- Please ban or Lock that Account and delete the Thread
Looks like the Account got hacked.

Fake Ann Thread :  [ANN] WBS - without blockchain and compromise system (CPU algo)

Our wallets

Code:

Windows: https://github.com/nikitoniums/nikito-wbs/releases/download/2.0.2.3/nikitonium-core-2.0.2.3.zip
Linux: https://github.com/nikitoniums/nikito-wbs/releases/download/2.0.2.3/ubuntu-nikitonium-2.0.2.3.tar.gz

Our socials
Website: https://nikitonium.com/
Discord: https://discord.gg/QFSvSuvgGq

Original Ann Thread : [ANN] WITHOUT A BLOCKCHAIN, $NIKI CANNOT EXIST

Account : nikitonium

Windows :
https://github.com/nikitonium/nikito/releases/download/2.0.2.3/windows-nikito-2.0.2.3.zip

Website: https://nikitonium.com/
Discord: https://discord.gg/QFSvSuvgGq

This post is also a reference for the Github Report !