Bitcoin Forum
January 29, 2020, 11:53:34 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: {Warning}: Attackers Create Elaborate Crypto Trading Scheme to Install Malware  (Read 150 times)
Baofeng
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 741


View Profile
October 13, 2019, 01:36:14 AM
Merited by suchmoon (4), Jating (2), ETFbitcoin (1), Steamtyme (1), DdmrDdmr (1), Kupid002 (1)
 #1

Since crypto is still hot topic, Hackers are not resting on their laurels and continue to used it as their attack vector. A recently discovered trading apps are running on the web right and pretending to be a legit software but researchers says in a phishing site and it could be connected to a more bigger cyber criminal groups.

To summarised:

Quote
[1] This scheme starts with a professionally designed web site where the attackers promote the JMT Trader program.
[2] Then they also have a official twitter account to spread the this so called new trading apps
[3] If you attempt to download the software, you will be brought to a GitHub repository where you can find Windows and Mac executables for the JMT Trader application. This page also contains the source code for the trading programs for those who want to compile it under Linux. This source code does not appear to be malicious.
[4] Using the JMT Trade program, a user can create various exchange profiles and use it legitimately to trade cryptocurrency. That's because this application and the above GitHub page are just clones of the legitimate QT Bitcoin Trader program that have been adopted for this malware operation.
[5] When the JMT Trader is installed, though, the installer will also extract a secondary program called CrashReporter.exe and save it to the %AppData%\JMTTrader folder.

And then you are done!!!

https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/

Code:
PHISHING LINK: http://jmttrading.org


 
So kindly avoid this sites and help me report it again, by going to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1580298814
Hero Member
*
Offline Offline

Posts: 1580298814

View Profile Personal Message (Offline)

Ignore
1580298814
Reply with quote  #2

1580298814
Report to moderator
1580298814
Hero Member
*
Offline Offline

Posts: 1580298814

View Profile Personal Message (Offline)

Ignore
1580298814
Reply with quote  #2

1580298814
Report to moderator
UserU
Member
**
Offline Offline

Activity: 476
Merit: 61

★777Coin.com★ Fun BTC Casino!


View Profile WWW
October 13, 2019, 04:25:24 AM
 #2

Done, and linked this thread in the description. Hope they'll shut it down.

soadrlz
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
October 13, 2019, 06:35:57 AM
 #3

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
Jating
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 568



View Profile
October 13, 2019, 09:12:46 AM
 #4

Thank you again @Baofeng for giving us a heads-up regarding this kind of attacks for bad entities in this crypto sphere. I'm sure that this is not the last one that we are going to see this kind of malicious intent. So we really need to be very attentive and think before we download something.

I also reported it as well. And I do hope that no one in this community has fallen victim to this kind of attacks.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
hugeblack
Legendary
*
Offline Offline

Activity: 938
Merit: 1090


Avatar for Rent for 3 weeks. PM me


View Profile
October 14, 2019, 06:15:55 PM
Merited by ETFbitcoin (1)
 #5

Open-source programs or those hosted on Github do not mean they are secure. You should make sure that some trusted developers have reviewed the code or at least the application works for a long time and has popularity with no reports of hacking.

Why didn't you report to Github to be deleted?

95 days old
Created on 2019-07-11
Expires on 2020-07-11
Updated on 2019-09-09

The establishment of this domain did not last more than 100 days.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1904
Merit: 2173

Use SegWit and enjoy lower fees.


View Profile WWW
October 14, 2019, 06:34:26 PM
Merited by Baofeng (1)
 #6

Why didn't you report to Github to be deleted?

Because it's already removed/deleted? I tried access the repository from link i found at the article and i got 404.

Even the website's content already removed, and only show "Index of /", which don't show any file or directory.

desticy
Sr. Member
****
Offline Offline

Activity: 1036
Merit: 282


View Profile
October 14, 2019, 08:20:33 PM
 #7

Not bad. Thank you for distributing such important information. Hackers really improve tirelessly.
Only attentiveness and timely communication of the community will help get rid of this scourge, or at least protect yourself.

Always check if your connection is secure. Always check the address bar. Do not be lazy to spend an extra few minutes, this can save you money, time and nerves.
Thanks again.
GreatArkansas
Hero Member
*****
Offline Offline

Activity: 742
Merit: 772



View Profile WWW
October 14, 2019, 11:01:08 PM
 #8

I think it is much better if we report it to it's registrar which is  NameaCheap, so  that they will able to take it down ASAP.
So, I submitted a ticket about this phishing website on it's registrar which is NameCheap, Inc.


Also reported here: https://etherscamdb.info/

Hoping for their fast response and action, especially on their registrar because they can take down the site once it is proved that that domain is abusing/containing some malware.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
whtchocla7e
Full Member
***
Offline Offline

Activity: 378
Merit: 116


BBOD - The Best Crypto Derivatives Exchange


View Profile
October 15, 2019, 12:47:26 AM
 #9

They can promote it by sending a link to their personal email, creating attractive bonus programs for hunters. These types of scams are very sophisticated and professional.

apoorvlathey
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 546


CryptoTalk.Org - Get Paid for every Post!


View Profile WWW
October 16, 2019, 03:34:26 PM
 #10

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
Not necessary to raise red flags because I have seen several open source projects that just let the users download the binaries and execute the program on their computers.
Hosting on Github helps to give users a false sense of trust that all the code is right in front of you if they had hosted on their own website, chances are lesser people would have downloaded.

I wanna know whether antiviruses are capable to detect such backdoors or not. If yes, then this scam could have been avoided by just using a decent AV.

Quidat
Sr. Member
****
Online Online

Activity: 1008
Merit: 367


Betller.io P2P ₿itcoin Betting Platform.


View Profile
October 16, 2019, 05:33:13 PM
 #11

Report sent! such sites should really be taken down.This one is hardly to be noticed if you dont have such experienced eyes. Cool


▄▄▄▄▄▄▄▄▄▀▀
      ▄▄▀▀
      ▄▄▀▀
      ▄▄█▌
     ████
    ▐███▌▐█▄
    ████ ████▄
   ▐███▌  ▀████▄
   ████     ▀███▀
  ▐███▌    ▄▄▄█████
  ████      ▀██████
 ▐███▌ ▄▄▄█████▄▄█▀
 ██████████▀▀▀
▐████▀▀▀
Betller
 █
 █
 █
 █
███
███
███
███
███
███
███

 █
███
███
███
███
███
███
 █
 █
 █
 █
 █

 
 
 █
▄█▄
███
███
███
███
███
███
███
 █

 █
 █
███
███
███
███
███
███
███
███

 
 
 
 
 
 
███
███
███
███
███
▀█▀

 
 █
 █
 █
███
███
███
███
███
 █
 █

 █
 █
 █
 █
███
███
███
███
███
███
███

 █
███
███
███
███
███
███
 █
 █
 █
 █
 █

 
 
 █
▄█▄
███
███
███
███
███
███
███
 █
████
██
██
██
██
██
██
██
██
██
██
██
████
.ANN.████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████
panganib999
Sr. Member
****
Offline Offline

Activity: 770
Merit: 280


Betller.io P2P ₿itcoin Betting Platform.


View Profile
October 18, 2019, 04:06:06 PM
 #12

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
As the technological age goes by and security features tightens, hackers and scammers also upgraded their hacking schemes and styles to follow and move together with the trend so they can still do and execute their plans. They make a trojan styled website where they will make it look like a legitimate and useful so users will be convinced to use it and once they run it to their computers it will start the phishing activity.

▄▄▄▄▄▄▄▄▄▀▀
      ▄▄▀▀
      ▄▄▀▀
      ▄▄█▌
     ████
    ▐███▌▐█▄
    ████ ████▄
   ▐███▌  ▀████▄
   ████     ▀███▀
  ▐███▌    ▄▄▄█████
  ████      ▀██████
 ▐███▌ ▄▄▄█████▄▄█▀
 ██████████▀▀▀
▐████▀▀▀
Betller
 █
 █
 █
 █
███
███
███
███
███
███
███

 █
███
███
███
███
███
███
 █
 █
 █
 █
 █

 
 
 █
▄█▄
███
███
███
███
███
███
███
 █

 █
 █
███
███
███
███
███
███
███
███

 
 
 
 
 
 
███
███
███
███
███
▀█▀

 
 █
 █
 █
███
███
███
███
███
 █
 █

 █
 █
 █
 █
███
███
███
███
███
███
███

 █
███
███
███
███
███
███
 █
 █
 █
 █
 █

 
 
 █
▄█▄
███
███
███
███
███
███
███
 █
████
██
██
██
██
██
██
██
██
██
██
██
████
.ANN.████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████
khaled0111
Hero Member
*****
Offline Offline

Activity: 966
Merit: 747


View Profile
October 18, 2019, 05:39:03 PM
 #13

If I understood you correctly, what the hacker did is binding a malware to a legitimate trading app?
If so, an updated antivirus would easily detect the malware.
Reporting the website is a must but it won't solve the problem as the hacker can register a new domain name whenever he wants.

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
Baofeng
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 741


View Profile
October 19, 2019, 04:08:13 PM
 #14

Locking this thread as the site is already off-line. Thanks to those who have reported it!!!

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!