|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Lafu (OP)
Legendary
 Offline
Activity: 2954
Merit: 3038
|
 |
November 10, 2023, 05:12:06 PM |
|
And we have a new Fake Ann Thread with a new Fake Github Account for Subi Network !The Fake Github Account was just created 1 Hour ago. Fake Github : github.com/VirtualRealityProject Real Github : github.com/subinetworkAccount : alinyous <--- Please ban or Lock that Account and delete the ThreadLooks like this Account got hacked or sold , Registered since May 25, 2018. Fake Ann Thread : [ANN] VRT - virtual reality project (Ghostrider/Exchange 20/11/2023)Subi Network's combination of public and private blockchain technologies for unparalleled gaming experiences in virtual realityWALLETS Windows: https://github.com/VirtualRealityProject/VRNetwork/releases/download/1.1.2.4/subi-win-1.1.2.4.zip Original Website : https://subinetwork.com/Subi Network combine public and private blockchain technologies to create unparalleled gaming experiences based on virtual reality.
Source : https://subinetwork.com/This post is also a reference for the Github Report !
|
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 11, 2023, 01:14:16 PM
Last edit: November 11, 2023, 05:05:13 PM by Lafu |
|
And we have new Fake Ann Topics with Malware download Links again , now with Short Links !
The Short Links are directing to the Fake Github Account download page! Windows: https://shorturl.at/dzET7 With http://getlinkinfo.com you will get all the Information you need and you see the Fake Github Account ! GetLinkInfo for that used Short Link : ResultFake Github : github.com/nikitonumReal Github : github.com/nikitoniumAccount : mah0099 <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Registered since August 02, 2020 , hacked or sold Account Fake Ann Thread : [ANN] SUB - sub network for workspace (Mineable)Windows: https://shorturl.at/dzET7
And again a new Fake Ann with a new Fake Github Account showed up this time for BlackCode ! Fake Github just got created 1 Hour ago and looks like it got already deleted. Fake Github : github.com/BlackCodeBlockchainVirustotal Malware and Trojan detections : https://www.virustotal.com/gui/file/bc2b3e767d1c973f8a1d5f70fa44f3bef1cda849e8520aca17833ba8833d956e/behaviorFiles that will get installed here again: C:\Windows\Supremo.exe
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
When you install the Fake Github download file it will create a lot of bad things. One of them is the File C:\Windows\Supremo.exe that is a Remote Control Program Account : BlackCodedev <--- Please ban or Lock that Account and delete the ThreadLINKSGithub: https://github.com/BlackCodeBlockchain/CoreWallets/releases/tag/2.1.2 This post is also a reference for the Github Report !
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 12, 2023, 08:59:31 PM |
|
And we have another new Fake Ann Thread with an Fake Github download Link for Nevermore !Fake Github : github.com/thelifebeautifulguruReal Github : github.com/evrmoreorgAccount : Krissh_369 <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Registered since April 21, 2020 , hacked or sold Account Fake Ann Thread : [ANN] Nevermore - blockchain for DeFI (Fork Evrmore) (GPU mining)WalletsWindows: https://github.com/thelifebeautifulguru/Nvrmore/releases/download/2.1.0/nevermore-v2.1.0-win64.zip For More Information: discord.gg/4csauGuvw3 Original Ann Thread : [ANN] Evrmore [EVR] Blockchain | ProgPoW GPU Mining | The Ravencoin fork for DeFAccount : hans_schmidtThis post is also a reference for the Github Report !
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 13, 2023, 10:28:43 AM |
|
And again we have a new Fake Ann Thread with a new Fake Github Malware download Link for Capybara coin !Fake Github Files was just uploaded 40 Minutes ago. Fake Github : github.com/xaMWVUnT/capybara/Real Github : github.com/Capybaraworld/Account : Dmengeon2 <--- Please ban or Lock that Account and delete the ThreadRegistered since October 31, 2017 , Hacked or sold Account Fake Ann Thread : Capybara coin - scrypt animal coin (Not another animal coin)WalletsWindows: https://github.com/xaMWVUnT/capybara/blob/main/capybara-win64.zip Virustotal : https://www.virustotal.com/gui/file/5ab74c83f8df2dd95e83e220bb2b0e3bf63b24aa7043b5cdd38f4ca7f6360ae0/behaviorC:\Windows\Supremo.exe
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
When you install the Fake Github download file it will create a lot of bad things. One of them is the File C:\Windows\Supremo.exe that is a Remote Control Program This post is also a reference for the Github Report !
|
|
|
|
BABY SHOES
Sr. Member
Offline
Activity: 308
Merit: 435
HODL - BTC
|
|
November 13, 2023, 11:34:33 AM |
|
Newbie accounts spread the virus on meta boards and local india boards with Trading AI Tool. user: ddoxer889 - Please ban this user and lock the thread.ANN: Trading AI Tool / Trading AI Tool[url=https://transfer.sh/MadLG7DuLG/Trading%20AI%20Tool.zip]https://transfer.sh/MadLG7DuLG/Trading%20AI%20Tool.zip[/url]
Virustotal: https://www.virustotal.com/gui/url/88da53b771ed7fa6392a003168cedf076e78eede18d8a426bd583219a7396e51/detection |
| | | SHUFFLE.COM | | | | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | ████████████████████ ████ ██
.
| ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 13, 2023, 09:55:34 PM |
|
And again there is a new Fake Ann Thread with an Fake Github Malware download link for BRANDS ! Fake Github : github.com/veramuraga/BlockchainBrandsThe Fake Github was just created 1 Hour ago. The downloaded and installed files from there have this here: Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager
C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behaviorAccount : Darkvi <--- Please ban or Lock that Account and delete the ThreadRegistered since January 20, 2019 , Hacked or sold Account Fake Ann Thread : [Pre-ANN] BRANDS - new trading tech [ProgPow/New eco area]WALLETSGithub: https://github.com/veramuraga/BlockchainBrands/releases/tag/1.0.0
This post is also a reference for the Github Report !
|
|
|
|
Bureau
Sr. Member
Offline
Activity: 406
Merit: 262
Eloncoin.org - Mars, here we come!
|
|
November 14, 2023, 12:22:59 PM
Last edit: November 14, 2023, 01:00:19 PM by Bureau |
|
Another post on the Indian local board with a suspicious link. Please check it and delete the post. I have already reported it to the global mods but I think there should be a local mod to remove such links. I do not understand why a big board like India does not have a local mod to date. There are a few sub-boards that need to be restructured and a lot of pin messages need to be removed. At the moment it is not done as global mods are busy and won't work on such issues. The link to the post: https://bitcointalk.org/index.php?topic=5474041.0 |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 14, 2023, 01:18:57 PM |
|
And again a new Fake Ann Thread with a new Fake Github Malware download Link for BRANDS again !Fake Github was created 4 Hours ago. Fake Github : github.com/vandia1/CryptoBrandsThe downloaded and installed files from there have this here: Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager
C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behaviorAccount : BukanAdit <--- Please ban or Lock that Account and delete the ThreadRegistered since May 19, 2020 , Hacked or sold Account Fake Ann Thread : [ANN] Decentralized tech mining system/GPU mining/AirdropWALLETWindows: https://github.com/vandia1/CryptoBrands/releases/download/1.0.0/brands-win64.zip This post is also a reference for the Github Report !
|
|
|
|
light_warrior
In memoriam
Copper Member
Hero Member
Offline
Activity: 602
Merit: 922
|
|
November 14, 2023, 08:50:36 PM |
|
I think this is a malware thread, as many threads with this coin have already been deleted and users who posted a similar thread have been banned. I don't know if I'm right or not, please check. ViktorStrangeThread [ANN] NikiChain - blockchain with crypto bridges (CPU mining, Ghostrider)Malware link https://github.com/teubub411/NikiBlockchain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip |
|
|
|
|
Bitcoin_Arena
Copper Member
Legendary
Offline
Activity: 2016
Merit: 1783
฿itcoin for all, All for ฿itcoin.
|
|
November 14, 2023, 11:57:59 PM
Last edit: November 15, 2023, 02:37:44 PM by Bitcoin_Arena |
|
This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website mercy_rain <--- Please ban or NukeThread: WTS (Selling Drainers) Archive - https://ninjastic.space/topic/5474076Fake GitHub link: github.com/ggrner (only 2 weeks old) Drainer links https://github.com/ggrner/golden-drainer
https://github.com/ggrner/stepn-solana-drainer
https://github.com/ggrner/spaceX_v3_drainer_2023 He even confessed that GitHub keeps deleting his repositories Github too often deletes repositories and I need create new acc
|
|
|
|
Bitcoin_Arena
Copper Member
Legendary
Offline
Activity: 2016
Merit: 1783
฿itcoin for all, All for ฿itcoin.
|
|
November 15, 2023, 02:38:36 PM |
|
This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website mercy_rain <--- NukedNice seeing that the mods did a quick job. The user was banned, however he is back with a new account. Spreading malware and evading ban at the same time New account: mercy___rain <--- Please ban or NukeANN: WTS (Selling Drainers) Archive: https://ninjastic.space/topic/5474135I have also reported his Fake GitHub account. I hope GitHub does what is required. |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 15, 2023, 05:33:30 PM |
|
And we have a new Fake Ann Thread with an new Fake Github Malware download Link for CommunityCoin !The Fake Github was created 16 Hours ago. Fake Github : github.com/CommunityCashReal Github : github.com/CommunityCoinVirustotal with 6 detections : https://www.virustotal.com/gui/file/21767196a889ef21fba60611b753272154634011499000685d53534da33a247a/behaviorDetects suspicious new RUN key element pointing to an executable in a suspicious folder
Detects modification of autostart extensibility point (ASEP) in registry.
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
The Fake Github was not long ago updated with new Files that now have Malware and Trojan in it. Generic.Malware.AI.DDS
Generic ML PUA (PUA)
Malware.SwollenFile!1.E38A (CLASSIC)
Trojan.Barys
Account : Xabikonjes <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Registered since October 02, 2021 , Hacked or sold Account Fake Ann Thread : [ANN] CommunityCoin: Empowering the Community with CMNTThe Thread is self-moderated https://github.com/CommunityCash/CommunityCoin
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 16, 2023, 01:53:36 PM
Last edit: November 16, 2023, 02:50:48 PM by Lafu |
|
And we have a new Fake Ann Thread again with a new Fake Github Malware download Link for MNSC !The Fake Github was just created 4 Hours ago. Fake Github : github.com/voknelez/MNSCoinReal Github : github.com/NewMNSavings/NewMNSCoin/Same here for the Fake Github files: Detects the usage of binaries such as 'net', 'sc' or 'powershell' in order to stop, pause or delete critical or important Windows services such as AV, Backup, etc. As seen being used in some ransomware scripts
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the stopping of a Windows service
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Virustotal : https://www.virustotal.com/gui/file/9b3d70ad7020b97311fcbe6d69a6181acc09d83e886f0f08f1eff35d0cb8b076/behaviorAccount : salmanb <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Registered since December 06, 2018 , Hacked or sold Account Fake Ann Thread : [ANN] Concept blockchain technology for QUARK (Pow, Quark)Wallets Windows: https://github.com/voknelez/MNSCoin/releases/download/1.0.0/MNSC-Win.zip Account : Kryptoyaner
New Fake Ann Thread again for NikiChainSame Fake Github Account as for MNSC Fake Github : github.com/voknelez/MNSCoinFake Github : github.com/voknelez/nikichainAccount : kuzgun51 <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Hacked or sold Account Fake Ann Thread : [ANN] NikiChain - blockchain with crypto bridges (CPU, Mine and Exchange now)NikiChain Wallet: Windows : https://github.com/voknelez/nikichain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip Quote from https://bitcointalk.org/index.php?topic=5474315.0This post is also a reference for the Github Report !
|
|
|
|
BABY SHOES
Sr. Member
Offline
Activity: 308
Merit: 435
HODL - BTC
|
|
November 17, 2023, 09:52:13 AM |
|
|
| | | SHUFFLE.COM | | | | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | ████████████████████ ████ ██
.
| ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
November 22, 2023, 09:21:33 PM |
|
We have a new Fake Ann Thread with a new Fake Github Malware download Link for MentaCoin (MNLC) !The Fake Github Account was just created 1 Hour ago. Fake Github : github.com/MNLCoinNetwork/MentaCoreReal Github : github.com/MentaCoinLot of bad things happen when you download and start the Files from the Fake Github. Drops script at startup location
Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects the execution of a renamed AutoIt2.exe or AutoIt3.exe. AutoIt is a scripting language and automation tool for Windows systems.
Attackers can leverage AutoIt to create and distribute malware, including keyloggers, spyware, and botnets
This detection method points out highly relevant Antivirus events
A Network Trojan was detected
Device Retrieving External IP Address Detected
C:\Users\user\AppData\Local\Oliver Robinson\SocialPulse Monitor.pif
C:\Users\user\AppData\Local\Temp\8819\5865\jsc.exe
C:\Users\user\AppData\Local\Temp\flofy.exe
C:\Users\user\AppData\Local\Temp\noply.exe
C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Legal + Rebel + Desktops + Sleeve + Romania 5865\Peeing.pif
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 2176
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\Temp\QY7M5JAACrWc.bat"
Source : https://www.virustotal.com/gui/file/0a483d211b2e8cefa76989095cb7965eae7a13d67626a96497dc213b0fae4a80/behaviorAccount : Taoktoyre <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.Registered since October 02, 2021 , Hacked or sold Account Fake Ann Thread : [ANN] MentaCoin (MNLC) - Unleashing the Power of Minting for Mental Healthhttps://github.com/MNLCoinNetwork/MentaCore/
|
|
|
|
BABY SHOES
Sr. Member
Offline
Activity: 308
Merit: 435
HODL - BTC
|
|
November 25, 2023, 06:29:08 PM |
|
I found a suspicious thread that did not share a link within GitHub but rather with a free website from GoDaddy and there it appeared to be spreading a virus downloaded via mega.nz User: FunkySkunkANN Fake: Release: New Altcoin - A even Lite version of Litecoin Called Obsidian (OBS)Virustotal: https://www.virustotal.com/gui/file/8f836b7a9ecfcc716ee78bef17494d4789134646b695df05b656714a98b57ea1/detectionI found Obsidian project's old ANN : Obsidian ODN - CryptoCurrency & Secure Anonymous Messaging |
| | | SHUFFLE.COM | | | | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | ████████████████████ ████ ██
.
| ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
December 06, 2023, 04:26:49 PM |
|
We have a new Fake Ann Thread with anew Fake Github Account with Malware and Trojan download Link for KASTLS (kaspa tools project) !The Fake Github download File was created 2 Days ago. Fake Github : github.com/troyseate/electrum-kasA Many shady and bad things happen when you start the Wallet File: MALWARE TROJAN EVADER RAT
Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the addition of a new rule to the Windows firewall via netsh
Detects scheduled task creations or modification to be run with high privileges on a suspicious schedule type
Detects the creation of scheduled tasks in user session
Detects the load of RstrtMgr DLL (Restart Manager) by an uncommon process. This library has been used during ransomware campaigns to kill processes
Detects loading of Amsi.dll by uncommon processes
Detects a WMI modules being loaded by an uncommon process
C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe
C:\Program Files\Kaspa\KDX\bin\windows-x64\gpuminer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\RestartManager
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Discord startup" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Also your Discord App will be compromised with it on the startup. Source : https://www.virustotal.com/gui/file/4dcae6a5ede0c0059bf0cdce636b144c40faa65c4539f91d456cc8df333509ff/behaviorAccount : fanepatent2 <--- Please ban or Lock that Account and delete the Thread and PostsRegistered since November 23, 2017 possible hacked or sold Account Fake Ann Thread : [ANN] KASTLS - kaspa tools project (For using)Hello community! https://github.com/troyseate/electrum-kas/tree/main
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2954
Merit: 3038
|
|
December 07, 2023, 02:54:49 PM |
|
And we have again a new Fake Ann Thread with the Fake Github Link with Malware for PURN !Fake Github : github.com/troyseate/purn-networkThis Fake Github Account have already other Links in it too. github.com/troyseate/purn-network
github.com/troyseate/electrum-kas
github.com/troyseate/pyrinwallet
github.com/troyseate/electrum
github.com/troyseate/awesome-nodejs
Windows already gives you a Warning vor Virus and Trojan when you try to download the File from the Fake Github. Account : Digitminer <--- Please ban or Lock that Account and delete the ThreadRegistered since July 15, 2017 , Hacked or sold Account WINDOWS: https://github.com/troyseate/purn-network/releases/download/1.0.0/windows.zip
|
|
|
|
|
