|
qwertyup23
|
1. Malware from Github link and Fake Wallet Thread: Armor AMX (Armor Network) <---- DELETEProfile Link: ArmorAMX----> BRAND NEW: Last post March 13, 2021Archive: https://archive.fo/7AVF2 Virus Total Link/s: https://github.com/armornetworkdev/armor-gui/releases/download/v0.02/armor-desktop-master-win64-portable.zip  |
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO
FUTURES | | | | | | | │ | 1,000x
LEVERAGE | │ | COMPETITIVE
FEES | │ | INSTANT
EXECUTION | │ | .
TRADE NOW |
|
|
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Lafu (OP)
Legendary
 Offline
Activity: 2968
Merit: 3045
|
 |
May 27, 2021, 03:10:59 PM |
|
Nice found buddy ! I was looking at it yesterday also but have no time to check it more . There are a lot of detections in there damn , for sure there are a few miner dections but also Malware and Trojan detections. Dont know if it will bring something to write in the Thread and ask whats going on with the Wallet and things . |
|
|
|
|
qwertyup23
|
|
May 27, 2021, 05:28:46 PM |
|
Nice found buddy !
I was looking at it yesterday also but have no time to check it more .
There are a lot of detections in there damn , for sure there are a few miner dections but also Malware and Trojan detections.
Dont know if it will bring something to write in the Thread and ask whats going on with the Wallet and things .
As always, thank you Lafu! I mainly use my MacBook for my research and school purposes. Every time I scan wallet files using Virus total, I usually download the zip file that is compatible for windows in order to prevent any virus should I ever opt to download the macOS wallet. When I saw the results of the virus scan, it nearly gave me a heart attack to see the amount of trojan virus contained on that wallet. I quickly deleted the file and I scanned my laptop. Fortunately, the scan went clean! |
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO
FUTURES | | | | | | | │ | 1,000x
LEVERAGE | │ | COMPETITIVE
FEES | │ | INSTANT
EXECUTION | │ | .
TRADE NOW |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
May 28, 2021, 04:16:35 PM |
|
The detections look like a miner was detected, which makes sense, because according to their OP the software seems to contain a miner.
It's also visible in their source-code on Github: https_://github.com/armornetworkdev/armor-gui/tree/v0.02/src/Miner (caution! Do not compile or download anything from this repository! It may be harmful).
The client seems to be a fork of Bytecoin. However I just checked a version of Bytecoins Portable client on VirusTotal and there were no detections unlike the "Armor AMX"-client, so caution is advised. Has anyone checked their source more closely for malicious code? Because if they really included malware, a clean antivirus-scan doesn't necessarily mean, that everything is clean.
Yes there was a few Miner Software false positive detections , thats right , but there was also some Malware and Trojan in there. If its realy a fork from bytecoin there would be not so many detections , and it looks like it was modifyd. I havnt checked it deeper but the thread got deleted already and i guess for a good reason . |
|
|
|
Halab
Staff
Legendary
Offline
Activity: 2408
Merit: 2021
I find your lack of faith in Bitcoin disturbing.
|
|
June 21, 2021, 04:36:57 PM
Last edit: June 21, 2021, 05:27:05 PM by Halab Merited by DdmrDdmr (3), Lafu (1) |
|
Hi there, I need feedback on a topic created by a newbie in the french (and now spanish) section. - Account created today who "made a guide to help...". - He used Google Translate. - Github created 3 days ago. - I used virustotal like you, but it gives me nothing but I'm not really good at detecting malware ( https://www.virustotal.com/gui/url/bb4245b072d0f06a4c6d88b25770a884201c2fb3918833b92e65a28dff70c6e8/detection). Am I paranoid ? The account : Annapetit (see 'Show the last topics started by this person.') Edit : Thanks Xal0lex. Account nuked. |
|
|
|
Xal0lex
Staff
Legendary
Offline
Activity: 2450
Merit: 2445
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
June 21, 2021, 07:41:36 PM |
|
Hi Halab thanks for posting here and let us know about that. The problem why you dont have seen any detection is that you just scanned the URL from Github and normaly this will not detecting anything. For a real and intensive Scan you have to download the File ( just download and not open the File ) and then you have to upload it to Virustotal. This mostly detecting Malware or other shady Software. But looks like your instinct was right , well done ! And you are not paranoid ! |
|
|
|
DaveF
Legendary
Offline
Activity: 3472
Merit: 6263
Crypto Swap Exchange
|
|
July 10, 2021, 10:13:49 PM |
|
So the PhoenixMiner malware people are back. Or they have at least changed their posing bot enough to fool the malware reporting bot. Been seeing these crop up more and more. Here is a quote I added code tags and spaces to so linking would not work. Bummer as it seems to have calmed down for a while. -Dave The new beta version is finally ready. You can download PhoenixMiner 5.7a from here: [url=h t t p s://github. com/PhoenixMiner-Team-Dev/PhoenixMiner/releases/download/5.7a/PhoenixMiner_5.7a_Windows.zip]PhoenixMiner_5.7a_Windows.zip[/url] (GitHub)
[url=h t t p s://github. com/PhoenixMiner-Team-Dev/PhoenixMiner/releases/download/5.7a/PhoenixMiner_5.7a_Linux.tar.gz]PhoenixMiner_5.7a_Linux.tar.gz[/url] (GitHub)
The new features in this release are: - Added lock core clock
- The problem with the missing GPU temperatures on Nvidia GPUs is fixed
- Added native kernels for AMD RX6700 GPUs. These are faster than the generic kernels and produce a lot less stale shares
- Increase the max supported DAG epoch to 550 (should be enough to about Jan 2023)
- Full support for setting clocks, fan speeds, voltages, and memory timings of AMD RX6900/6800/6700 cards
- The specific hashrate is now shown in the form of kilo hashes per joule (kH/J). Example: if a GPU has hashrate of 30 MH/s with 100W power usage, the specific hashrate is 300 kH/J
- Added new command-line parameters -ttj and -ttmem, allowing automatic fan speed control based on GPU hotspot (junction), and memory temperatures respectively. Example: -ttmem 83 will keep the GPU memory temperature at or bellow 83C by increasing the fan speed as necessary. These parameters can be combined with -tt, as well as with each other. These options are supported only on AMD GPUs that report junction and memory temperatures
- Added new command-line parameters -tmaxj and -tmaxmem, allowing to decrease the GPU usage when the GPU hotspot (junction), or GPU memory temperatures are above the specified thresholds. These options are supported only on AMD GPUs that report junction and memory temperatures
- Added support for AMD Windows drivers 21.3.2, and 21.3.1
- Added support for AMD Linux drivers 20.50.x. Use this drivers only if you have Polaris or older GPUs, or the latest RX6x000 GPUs. WARNING: Vega, Radeon VII, and Navi GPUs won't work with these drivers!
- Turn off the zero fan feature on AMD cards whenever a fixed fan speed is used (e.g. -tt -40), or when an auto fan with min fan speed is used (e.g. -tt 63 -minfan 35). To disable this feature, add -fanstop 1 command-line parameter
- When -mcdag 1 is specified under Linux, the miner will not wait for the daggen.sh script to finish before starting to generate the DAGs. Instead it will for a fixed 7 seconds. This allows you to do all the following in the daggen.sh: turn off the overclocking of Nvidia GPUs, sleep for 30-60 seconds to allow time for DAG generation, and then re-apply the overclocking of the Nvidia GPUs
- Other small improvements and fixes
The support for -ttj, -ttmem, -tmaxj, and -tmaxmem for Nvidia 3090 and 3080 GPUs is not yet ready for release. We hope to have it ready for the final 5.7 release. For more robust integrity check, you can use our GPG public key, which was verifyed with ETH transaction from our main devfee account as explained here: https://bitcointalk.org/index.php?topic=2647654.msg56755869#msg56755869. Please let us know if you have any problems or questions related to PhoenixMiner 5.7a. |
|
|
|
DaveF
Legendary
Offline
Activity: 3472
Merit: 6263
Crypto Swap Exchange
|
|
July 12, 2021, 12:54:54 AM |
|
They also seem to be staying up much longer. The one below was posted at 09:49:54 AM my time, I reported it at 10:05:28 AM when I saw it. They never used to stay up for 15 minutes. Oh well, guess we just have to start being a bit more proactive on this till the reporting bot is fixed. And after I reported it, it was still up for a while. Guess the mods were on a lunch break. -Dave The new beta version is finally ready. You can download PhoenixMiner 5.7a from here:
.....
|
|
|
|
lovesmayfamilis
Legendary
Offline
Activity: 2086
Merit: 4287
✿♥‿♥✿
|
|
July 28, 2021, 08:36:26 AM |
|
|
|
|
|
|
|
|
|
|
qwertyup23
|
|
July 28, 2021, 02:30:53 PM |
|
From what i can see on the detection list from Virustotal there are a lot of false positive detections !
There is only 1 detection , but anyway the Thread is deleted already now if it is a serious project they will be asking why it was deleted .
Yup this is true. Normally, I would check the windows wallet only for viruses in virus total. Upon checking it also, it only contained one false-positive result, so I tried downloading the Mac wallet also. To my surprise, it contained 14 detections (most are false-positive) but the fact that the thread has been deleted and the user just recently awoken, those evidences conclude that the wallet did contain some malware on it. Thank you for going the extra mile and checking it, Lafu! |
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO
FUTURES | | | | | | | │ | 1,000x
LEVERAGE | │ | COMPETITIVE
FEES | │ | INSTANT
EXECUTION | │ | .
TRADE NOW |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
July 30, 2021, 03:16:12 AM |
|
Thank you for going the extra mile and checking it, Lafu!
No problem , you are welcome 
Guess there is a new style of Fake downloads for PhoenixMiner Versions ! Just saw a post and done some more research of the User and looks like it got maybe hacked or sold ! The new beta version is finally ready. You can download PhoenixMiner 5.7a from here:
[url_https_://github.com/Phoenix-Miner-TeamDev/PhoenixMiner/releases/download/5.7a/PhoenixMiner_5.7a_Windows.zip]PhoenixMiner_5.7a_Windows.zip[/url] (GitHub)
[url_https_://github.com/Phoenix-Miner-TeamDev/PhoenixMiner/releases/download/5.7a/PhoenixMiner_5.7a_Linux.tar.gz]PhoenixMiner_5.7a_Linux.tar.gz[/url] (GitHub)
The Github Account was created 20 Hours ago . I tried to download the file from Github but i instant got an warning from the download manager that the File is a Virus or Malware The Account of the User victorviran last post was back in January 08, 2019 Guess its hacked or sold . Post : https://bitcointalk.org/index.php?topic=2647654.msg57574447#msg57574447Account : victorviran <------ Please ban that User and delete the Post |
|
|
|
|
Rizzrack
|
|
July 30, 2021, 10:38:03 AM |
|
Guess there is a new style of Fake downloads for PhoenixMiner Versions ! Just saw a post and done some more research of the User and looks like it got maybe hacked or sold !
Account : victorviran <------ Please ban that User and delete the PostNot really new... https\\github.com\PhoenixMinerTeam https\\github.com\PhoenixMlnerDevTeam (L insted of i) https\\github.com\PhoenixDevTeamMiner https\\github.com\PhoenixDevMinerTeam https\\github.com\Phoenix-MinerDev https\\github.com\PhoenixMiner-TeamDev https\\github.com\PhoenixDev-Team-Miner https\\github.com\Phoenix-DevMinerTeam https\\github.com\PhoenixMiner-Team-Dev/ and now https\\github.com\Phoenix-Miner-TeamDev/ Guess they focus on phoenix miner because of it's popularity overall and on bitcointalk (one of the top traffic keywords) and because it only recently has an "official" website ( https://phoenixminer.info) Thanks for keeping an eye out!! Luckily their posts don't last more than a few minutes |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
August 09, 2021, 10:11:09 AM |
|
Thanks for keeping an eye out!!
No problem i doing my best to find and report them , even when they got catched from mitchells bot mostly ! Following text is for reference ! But anyway i have an Account for you that sended me an PM that his real Account got banned as it was reported from me in here ! Account name : flooren is the Account from the User : MasterPP Thats the post why he got banned ! Thats the PM i got today from the User MasterPP Hello. Flooren: this is my first account got hacked, and someone work from my account How i can back my first account ? Thank you @Rizzrack , @Cyrus , @alanst my question is now when i am write him back that he should be open a new Thread in Meta or is enough that he write in here ? Or should i just write him that he should be just send an email to recoveries...@bitcointalk.org from his original email adress as far this not also hacked ? Let me know and i will reply to his pm i got . |
|
|
|
|
Rizzrack
|
|
August 09, 2021, 10:28:18 AM
Last edit: August 09, 2021, 11:26:32 AM by Rizzrack Merited by Lafu (1), mole0815 (1) |
|
...my question is now when i am write him back that he should be open a new Thread in Meta or is enough that he write in here ? Or should i just write him that he should be just send an email to recoveries...@bitcointalk.org from his original email adress as far this not also hacked ? Let me know and i will reply to his pm i got . Since he has been allegedly hacked the best thing to do would be to direct him to this thread so he would send us an email. If your account was hacked Email recoveries...@bitcointalk.org, ideally from the account's email address. Include your username and a brief description of the details of how/when the account was hacked. A signature will likely be required |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
August 09, 2021, 12:49:51 PM |
|
Since he has been allegedly hacked the best thing to do would be to direct him to this thread so he would send us an email. Thanks and i have written that he should be sending the Recovery Team an email to the email adress from theymos thread about Hacked Accounts. Also i have written that he should write in this Thread here when his Account is fully back in his hands and recovered , so i can remove my Feedback i have given back in the days. And thats why like to write in this Thread for using it as reference , sometimes it helps to get Users there Account back . |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
September 08, 2021, 10:17:16 PM |
|
The fake Miner Software download links with malware in the PhoenixMiner thread has changed now !They have a new Github Account now github.com/PhoenixMiner-Beta if possible please report them on Github also that it gets deleted. User : jerryngm <---- Please ban that User or lock the AccountAccount last activity was back in 2016 Archived post : https://archive.fo/XYl9l post gots deleted when i archived it The new version is finally ready. You can download PhoenixMiner 5.8a from here: https_://github.com/PhoenixMiner-Beta/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip
https_://github.com/PhoenixMiner-Beta/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 2968
Merit: 3045
|
|
September 19, 2021, 10:55:49 AM
Last edit: September 21, 2021, 02:01:22 AM by Lafu Merited by mole0815 (5), Mitchell (1) |
|
And we have the next Version and a new Github for the Fake Miner Malware download Link for PhoenixMiner! New Fake Github : https_://github.com/PhoenixBetaMiner/ <--- Please report this on Github also if possible so it gets deletedUser : koolturtle77 <----- Please ban or lock that Account Account was registered in April , possible hacked or sold Archived post : https://archive.fo/mmlx1The new version is finally ready. You can download PhoenixMiner 5.8a from here:
url=https_://github.com/PhoenixBetaMiner/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]https_://phoenixminer.info/downloads/PhoenixMiner_5.8a_Windows.zip[/url]
url=https_://github.com/PhoenixBetaMiner/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]https_://phoenixminer.info/downloads/PhoenixMiner_5.8a_Linux.tar.gz[/url]
Please let us know if you have any problems or questions related to PhoenixMiner 5.8a
And also another Fake Miner download Link here ! Fake Github : https_://github.com/Nebu-Tech/Github Account was created 1 Hour ago User : jaclarkbizz101 <----- Pleas ban or Lock that Account Archived post : https://archive.fo/faqNHNew versions v40.0 with full LHR disable mode was released
url=https://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Win.zip]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Win.zip[/url]
url=https://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Linux.tgz]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Linux.tgz[/url]
LHR disable command :
-lhr <n> 1 - yes (default), 0 - no
User : pennyamon.terrell <----- Pleas ban or Lock that Account New versions v40.0 with full LHR disable mode was released
url=https_://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Win.zip]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Win.zip[/url]
url=https_://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Linux.tgz]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Linux.tgz[/url]
Have done a little research about all the Accounts that posting this links today and all are registered on April 30, 2021 and new Accounts ! Dont know if this helps to find more of them . This are the Accounts i found and have reported: koolturtle77
jaclarkbizz101
pennyamon.terrell
babyunicorn1001
lgstephens
fearexoofficial
spectrekimiko88
cristiancastillofonseca8
kimspain2008
coreyontop1
racutting
nalinasibakoti
Edit and update :github.com/PhoenixBetaMiner
github.com/Nebu-Tech[/b] are now deleted on Github also and the Accounts there banned. |
|
|
|
|
