{Warning}: Attackers Create Elaborate Crypto Trading Scheme to Install Malware

[Baofeng]

Since crypto is still hot topic, Hackers are not resting on their laurels and continue to used it as their attack vector. A recently discovered trading apps are running on the web right and pretending to be a legit software but researchers says in a phishing site and it could be connected to a more bigger cyber criminal groups.

To summarised:

[1] This scheme starts with a professionally designed web site where the attackers promote the JMT Trader program.
[2] Then they also have a official twitter account to spread the this so called new trading apps
[3] If you attempt to download the software, you will be brought to a GitHub repository where you can find Windows and Mac executables for the JMT Trader application. This page also contains the source code for the trading programs for those who want to compile it under Linux. This source code does not appear to be malicious.
[4] Using the JMT Trade program, a user can create various exchange profiles and use it legitimately to trade cryptocurrency. That's because this application and the above GitHub page are just clones of the legitimate QT Bitcoin Trader program that have been adopted for this malware operation.
[5] When the JMT Trader is installed, though, the installer will also extract a secondary program called CrashReporter.exe and save it to the %AppData%\JMTTrader folder.

And then you are done!!!

https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/

Code:

PHISHING LINK: http://jmttrading.org

 
So kindly avoid this sites and help me report it again, by going to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

[UserU]

Done, and linked this thread in the description. Hope they'll shut it down.

[soadrlz]

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.

[Jating]

Thank you again @Baofeng for giving us a heads-up regarding this kind of attacks for bad entities in this crypto sphere. I'm sure that this is not the last one that we are going to see this kind of malicious intent. So we really need to be very attentive and think before we download something.

I also reported it as well. And I do hope that no one in this community has fallen victim to this kind of attacks.

[hugeblack]

Open-source programs or those hosted on Github do not mean they are secure. You should make sure that some trusted developers have reviewed the code or at least the application works for a long time and has popularity with no reports of hacking.

Why didn't you report to Github to be deleted?

95 days old
Created on 2019-07-11
Expires on 2020-07-11
Updated on 2019-09-09

The establishment of this domain did not last more than 100 days.

[ABCbits]

Why didn't you report to Github to be deleted?

Because it's already removed/deleted? I tried access the repository from link i found at the article and i got 404.

Even the website's content already removed, and only show "Index of /", which don't show any file or directory.

[desticy]

Not bad. Thank you for distributing such important information. Hackers really improve tirelessly.
Only attentiveness and timely communication of the community will help get rid of this scourge, or at least protect yourself.

Always check if your connection is secure. Always check the address bar. Do not be lazy to spend an extra few minutes, this can save you money, time and nerves.
Thanks again.

[GreatArkansas]

I think it is much better if we report it to it's registrar which is  NameaCheap, so  that they will able to take it down ASAP.
So, I submitted a ticket about this phishing website on it's registrar which is NameCheap, Inc.


Also reported here: https://etherscamdb.info/

Hoping for their fast response and action, especially on their registrar because they can take down the site once it is proved that that domain is abusing/containing some malware.

[whtchocla7e]

They can promote it by sending a link to their personal email, creating attractive bonus programs for hunters. These types of scams are very sophisticated and professional.

[apoorvlathey]

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.

Not necessary to raise red flags because I have seen several open source projects that just let the users download the binaries and execute the program on their computers.
Hosting on Github helps to give users a false sense of trust that all the code is right in front of you if they had hosted on their own website, chances are lesser people would have downloaded.

I wanna know whether antiviruses are capable to detect such backdoors or not. If yes, then this scam could have been avoided by just using a decent AV.

[Quidat]

Report sent! such sites should really be taken down.This one is hardly to be noticed if you dont have such experienced eyes.

[panganib999]

Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.

As the technological age goes by and security features tightens, hackers and scammers also upgraded their hacking schemes and styles to follow and move together with the trend so they can still do and execute their plans. They make a trojan styled website where they will make it look like a legitimate and useful so users will be convinced to use it and once they run it to their computers it will start the phishing activity.

[khaled0111]

If I understood you correctly, what the hacker did is binding a malware to a legitimate trading app?
If so, an updated antivirus would easily detect the malware.
Reporting the website is a must but it won't solve the problem as the hacker can register a new domain name whenever he wants.

[Baofeng]

Locking this thread as the site is already off-line. Thanks to those who have reported it!!!