Report Malware and Suspicious Links here so Mods can take Action !

[Lafu]

After the other Github Account got deleted they have now a new one !

Fake Github : github.com/PhoeixMiner-Dev-Team/  <------ Please report all kind of posts with that github and also on Github!
The Github was created 14 hours ago
The last one got deleted after i reported it in 1 Day

Also here all Accounts that posting it are registered April 30, 2021

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.7c  from  here:

url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Windows.zip]PhoenixMiner_5.7c_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Linux.tar.gz]PhoenixMiner_5.7c_Linux.tar.gz[/url]
Changes in version 5.7c :

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.7c  from  here:

url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Windows.zip]PhoenixMiner_5.7c_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Linux.tar.gz]PhoenixMiner_5.7c_Linux.tar.gz[/url]

Looks like the bot from mitchell already catching them as they get deleted
Report on Github is done and hope it gets deleted soon.

Edit and Update:
The Github Account github.com/PhoeixMiner-Dev-Team got deleted and banned on Github.

[JayDDee]

There's another scam using the same github technique, the "LHR-pill"

Current example until the post is deleted:
https://bitcointalk.org/index.php?topic=5361294.msg57997524#msg57997524

A copy of it with links sanitized:

Glad to see you new crypto software LHR-pill .
Now unlock up to 100% of the Ethereum mining performance of Nvidia�s Lite Hash Rate (LHR) series

In what could be bad news for anyone in the market for a new graphics card, as far as the changelog from the latest version of the NBMiner crypto currency mining software is concerned, the tool is now capable of unlocking up to 70% of the original GPU mining performance of the Nvidia Lite Hash rate series of GPUs for mining Ethereum

But our software will completely solve this problem. It is by far the best solution to the problem of LHR GPU's. The software does not lower and increases power consumption every second. therefore it is safe for your graphics cards. Work with Win7, Win10 (Not HiveOs,RaveOS and etc)

Download:
https colon slash slash github dot com slash LHR-Pill slash LHR-DEVsoftware slash releasesslash download slash lhrslash LHR-Pill.zip

How to use:

https colon slash slash i.imgur dot com slash Ww88c12.png

Run LHR-pill.exe
Wait when software detected yours GPU's
When you see message "worked" you can minimize window and start your miner

Support miners:
PhoenixMiner
Gminer
Trex

[Lafu]

And they have already a new Github again for the Fake PhoenixMiner download links !
Fake Github Account : github.com/PhoeixMiner-TeamDev   <----- Please report that account on Github again that it gets deleted !

And looks like a Account got hacked  @Rizzrack
Account : LogitechMouse   <----- Please lock that Account and delete the post

Archived post : https://archive.fo/wip/8Xb0A

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/PhoeixMiner-TeamDev/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-TeamDev/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url]

I already reported the Fake Github Account on Github again .

There's another scam using the same github technique, the "LHR-pill"

Nice catch on that , and thanks for keeping your eyes open about that !
Alread report this one here also on Github
Fake Github Account :

Code:

https://github.com/LHR-Pill/LHR-DEVsoftware/releases/tag/lhr

Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
1 security vendor flagged this file as malicious
Virus and Malware name : GenericRXAA-AA!47CE6E097BA2
Also known and from the Family of Trojan-Banker.Win32.Emotet
Source : https://howtofix.guide/trojan-banker-win32-emotet/

[JayDDee]

There's another scam using the same github technique, the "LHR-pill"

Nice catch on that , and thanks for keeping your eyes open about that !
Alread report this one here also on Github
Fake Github Account :

Code:

https://github.com/LHR-Pill/LHR-DEVsoftware/releases/tag/lhr

Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
1 security vendor flagged this file as malicious
Virus and Malware name : GenericRXAA-AA!47CE6E097BA2
Also known and from the Family of Trojan-Banker.Win32.Emotet
Source : https://howtofix.guide/trojan-banker-win32-emotet/

Malware activity seems to be increasing.

There's on other very insidious technique I found. I think it's rare but it's worth noting. It requires a compromised,
but otherwise legitimate github account.

If the account has weak security settings a malfaisant can create a github account of his own and use it to hack
the poorly secured legitimate account to make changes. In the instance I saw the previously unused wiki was the
target of the attack. The legimate owner may not even notice if notifications aren't turned on or are not checked.

The wiki was updated to do one thing: redirect to the malware hosted elsewhere. Then a link was posted in the mining
board and it looks like it points to a legitimate github account, which it is, before redirecting to the malware.
The fake github account was not used to host the malware, it was only used as a side door into a legitimate github
account. The malware was hosted elsewhere.

This redirection could go on for some time without the user realizing he's being used. When I alerted the user in this case
he was unaware but took switft action.

As long as github users have proper security and don't allow just any user to make changes to their repo this can't
happen. But it did because it didn't.*

For those not fluent in englsih or are just not good with riddles my apologies, here's the long version:
But it [ the hack] did [happen] because it [the repo] didn't [have proper security].

[bL4nkcode]

And they have already a new Github again for the Fake PhoenixMiner download links !
Fake Github Account : github.com/PhoeixMiner-TeamDev   <----- Please report that account on Github again that it gets deleted !

And looks like a Account got hacked  @Rizzrack
Account : LogitechMouse   <----- Please lock that Account and delete the post
[...]

I get in touch with the owner of this account in telegram, he said it wasn't him which is probably true. I didn't see this guy interact on that thread and then suddenly the account posted like he owns the thread or somewhat related to the team/devs of phoenix miner, and regarding the previous reports this is a desperate attacks of the scammer/hackers to phoenix miner.

Currently the account was banned and it should be lift somehow.

[Rizzrack]

I get in touch with the owner of this account in telegram, he said it wasn't him which is probably true. I didn't see this guy interact on that thread and then suddenly the account posted like he owns the thread or somewhat related to the team/devs of phoenix miner, and regarding the previous reports this is a desperate attacks of the scammer/hackers to phoenix miner.

Currently the account was banned and it should be lift somehow.

The account is locked so nobody can even login. It does look like his account was hacked. Tell him to send an email and we'll look into it.

There were over 400 of these posts in the Phoenix Miner thread in the last 3 days so yeah...

[LoyceV]

Currently the account was banned and it should be lift somehow.

I received an email from someone asking to whitelist his alt, which I did now.

The account is locked so nobody can even login.

Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

It does look like his account was hacked.

That makes more sense than a regular user suddenly joining a long-term spammer scam.

Tell him to send an email and we'll look into it.

I told him that

There were over 400 of these posts in the Phoenix Miner thread in the last 3 days so yeah...

I assume MindlessElectron still bans them, right? That explains why they need more senior accounts for their spam.

[Rizzrack]

...so as a user I can't see this lock anywhere.

No you cannot

That makes more sense than a regular user suddenly joining a long-term spammer scam.

LOL

I assume MindlessElectron still bans them, right? That explains why they need more senior accounts for their spam.

It is whooping their asses 24/7 indeed.
Older accounts I can understand with the database leak(s) and all, but how are new users getting infected/hacked ? Provided they don't download the malware-PILLs or something similar...

[bL4nkcode]

The account is locked so nobody can even login.

Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

This is the screenshot LM shared btw, so it's a ban and account was locked.

The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

Yeah, seems the hacker knows the way of forum account's security that it will be locked soon (by the owner) if he somehow change the password/email.

[Lafu]

The account is locked so nobody can even login.

Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

This is the screenshot LM shared btw, so it's a ban and account was locked.

Removed the Image for privacy

The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

Yeah, seems the hacker knows the way of forum account's security that it will be locked soon (by the owner) if he somehow change the password/email.

I reported the LogitechMouse Account instant when i have seen his post in the PhoenixMiner thread as i know that User,
and i already knowen after i readed the post that it was hacked .
bL4nkcode or LoyceV when you write with him , tell him he should write in here when his Account is recovered and i will remove my Feedback on the Account .
The most Accounts that got banned and reported was newbies .

[LoyceV]

how are new users getting infected/hacked ?

I'm hoping you can get the answer to that question It indeed doesn't make sense to use a hacked account only for one easily detected malware post, while it could have stayed under the radar for a while to carry out other scams.

tell him he should write in here when his Account is recovered and i will remove my Feedback on the Account .

I sent him the link to this topic already. If you ask me though: I think you can remove the feedback already. The post is gone, the account is locked, and only the real owner will get it back.

[Lafu]

The ETH and LHR Pill posts and threads have a new Github thats 11 Hours old already !

Fake Github Account

Code:

https://github.com/Ethpill/eth/releases/tag/eth

Its the same file in there as on the others with Malware !
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
Same Trojan and Virus : GenericRXAA-AA!47CE6E097BA2

This post is a reference for the report on Github also !
Report on Github is done.

Edit and Update :
Github Account is banned and deleted

[JayDDee]

I can't seem to report LHR pill fast enough. Twice in the last 2 days I've seen it within a minute of
being posted but by the time I click the submit button it's already gone.

Is this now an automated process or is manual reporting still required for known repeat scams?

[Xal0lex]

I can't seem to report LHR pill fast enough. Twice in the last 2 days I've seen it within a minute of
being posted but by the time I click the submit button it's already gone.

Is this now an automated process or is manual reporting still required for known repeat scams?

Some posts, in particular the one you mentioned, may be processed automatically. But you can still send the report to the moderators, if you have time to do it before the message is deleted.

[Lafu]

Is this now an automated process or is manual reporting still required for known repeat scams?

The reporting Bot from Mitchell is catching them all and then they get deleted.
Mostly the bot is to fast for reporting as he catches the posts and threads from Keywords when they get posted.
I tried it a few times with the LHR Threads but its impossible do get them reported.
If they change there Github and starting posting again you can report them.

[Lafu]

There is now again a new Fake Github for the PhoenixMiner thread and download  !

Fake Github : github.com/Poenix-build/   <------  Please report all kind of posts with that Link and also on Github
I already reported it on Github

Account E-commerce Token looks like hacked or sold <---- Please ban and lock that Account
Last post was done in December 06, 2017
This user recently woke up from a long period of inactivity.

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Poenix-build/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Poenix-build/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github
Changes in version 5.8a :

Edit and Update :
The Fake Github Account is deleted and banned on Github now

[Lafu]

And there is a new Fake Github again for the PhoenixMiner  !

Fake Github : github.com/Phoenix-mine/  <------  Please report all kind of posts with that Link and also on Github

Looks like another hacked Account is posting it
Account : Knathein   <-----  Please ban and lock that account and delete the post
Last post was done on June 26, 2021 , hacked or sold account

Archived Post : https://archive.fo/wRfge

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

Please let us know if you have any problems or questions related to PhoenixMiner 5.8a

Another Account that got hacked or sold!

Account : userghost  <-----  Please ban and lock that account and delete the post

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

And there are new and other Fake Github Accounts now too

Fake Github : github.com/trexminer-corp
Original Github :github.com/trexminer

T-Rex 0.23.3 beta
url=https_://github.com/trexminer-corp/T-Rex/releases/download/T-Rex/t-rex-0.23.3-win.zip]t-rex-0.23.3-win.zip[/url] Github
url=https_://github.com/trexminer-corp/T-Rex/releases/download/T-Rex/t-rex-0.23.3-linux.tar.gz]t-rex-0.23.3-linux.tar.gz[/url] Github

Fake Github : github.com/Ethpill-corp/

Glad to see you new crypto software LHR-pill .
Download:
https_://github.com/Ethpill-corp/ethpill/releases/download/ETH/LHR-Pill.zip

Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
its the same files as for the others we got

This is also a reference for my Github report.
Report on Github is already done  !

Edit and Update :
All Github Accounts are banned and deleted now on Github

[Lafu]

Next fake Github Account with Malware download for trexminer  !

New Fake Github : github.com/trexminer-TRex  <----- Please report all kind posts with that Link and if possible also on Github
Original Github : github.com/trexminer/T-Rex/releases

Account : teazy <------ Please ban and lock that Account and delete the post
The Account got hacked or sold and posting normaly only in the France board.

T-Rex 0.23.3 beta
url=https_://github.com/trexminer-TRex/T-Rex/releases/download/T-Rex/t-rex-0.23.3-win.zip]t-rex-0.23.3-win.zip[/url] Github
url=https_://github.com/trexminer-TRex/T-Rex/releases/download/T-Rex/t-rex-0.23.3-linux.tar.gz]t-rex-0.23.3-linux.tar.gz[/url] Github

This post is a reference for the Github report !
Report is already done .

Next Fake Github for PhoenixMiner !

Fake Github : github.com/Phoenixmine    <------ Github is deleted

Account : matthewoz101  <----- Please lock that Account and delete the post
Last post was done in February 04, 2020

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenixmine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenixmine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

Another Hacked or sold Account  !

Account : pedjo99 <----- Please lock that Account and delete the post
Last post was in July 23, 2020

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

[Lafu]

There is a new Fake Github again for the PhoenixMiner now !

Fake Github : github.com/Phoenixmin  <----- Please report all kind posts with that Link and if possible also on Github
created 18 hours ago
Original download for PhoenixMiner : https://phoenixminer.info/downloads/

Account : Vgtus  <----- Please ban and lock that Account and delete the post
Last post was done in September 13, 2018 , hacked or sold Account
This user recently woke up from a long period of inactivity.

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

This is also a reference for the Github report

Edit and update:
The github is already deleted

[Lafu]

Next Fake Github for PhoenixMiner is created !

Fake Github : github.com/Phoenix-mine-core  <----- Please report all kind posts with that Link and if possible also on Github
Original PhoenixMiner download is : https://phoenixminer.info/downloads/

Account : Sgsg666  <----- Please ban and lock that Account and delete the post
Last post was done in June 26, 2018 , Account got hacked or sold
This user recently woke up from a long period of inactivity.

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine-core/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine-core/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

Edit :
Account : ohyeahhaha122  <----- Please ban and lock that Account and delete the post
Account got hacked or sold !

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine-core/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine-core/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

This post is also reference for the Github report  !