Baofeng (OP)
Legendary
 Offline
Activity: 2576
Merit: 1655
|
 |
October 13, 2019, 01:36:14 AM |
|
Since crypto is still hot topic, Hackers are not resting on their laurels and continue to used it as their attack vector. A recently discovered trading apps are running on the web right and pretending to be a legit software but researchers says in a phishing site and it could be connected to a more bigger cyber criminal groups. To summarised: [1] This scheme starts with a professionally designed web site where the attackers promote the JMT Trader program.
[2] Then they also have a official twitter account to spread the this so called new trading apps
[3] If you attempt to download the software, you will be brought to a GitHub repository where you can find Windows and Mac executables for the JMT Trader application. This page also contains the source code for the trading programs for those who want to compile it under Linux. This source code does not appear to be malicious.
[4] Using the JMT Trade program, a user can create various exchange profiles and use it legitimately to trade cryptocurrency. That's because this application and the above GitHub page are just clones of the legitimate QT Bitcoin Trader program that have been adopted for this malware operation.
[5] When the JMT Trader is installed, though, the installer will also extract a secondary program called CrashReporter.exe and save it to the %AppData%\JMTTrader folder.
And then you are done!!!
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/PHISHING LINK: http://jmttrading.org
 So kindly avoid this sites and help me report it again, by going to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en |
| │ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███▀▀▀█████████████████
███▄▄▄█████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
███████████████████
███████████████
████████████████████████ | ███████████████████████████
███████████████████████████
███████████████████████████
█████████▀▀██▀██▀▀█████████
█████████████▄█████████████
████████▄█████████▄████████
█████████████▄█████████████
█████████████▄█▄███████████
██████████▀▀█████████████
██████████▀█▀██████████
▀███████████████████▀
▀███████████████▀
█████████████████████████ | | | O F F I C I A L P A R T N E R S
▬▬▬▬▬▬▬▬▬▬
ASTON VILLA FC
BURNLEY FC | | | BK8? | | | .
..PLAY NOW.. |
|
|
|
|
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
UserU
|
|
October 13, 2019, 04:25:24 AM |
|
Done, and linked this thread in the description. Hope they'll shut it down.
|
.
.500 CASINO.██ | ▄▀ |
▄
▄ | | .
THE HOTTEST CRYPTO
CASINO & SPORTSBOOK | | ▄▄▄████████████
▄▄▄███████████████████
▐█████████████████████
█████████████████████
▐███████████████████
▐███████████████████
███████████████████
██████▀█████▀██████
▐████████▀█████████
▐███████████████████
███████████████████
▐███████████████████
▀██████▀▀▀▀▀▀ ▀▀▀█ | ▄▄▄▀▀▀▀▀▀▀▄▄▄
▄▄▀▀▄ ▄ ▀ ▀ ▀ ▄ ▄▀▀▄▄
▄▀▄ ▀ ▀ ▄▀▄
█ ▄ ▄ █
█ ▄ █████ ▄███▄ ▄███▄ ▄ █
█ ▄ ██▄▄ ██ ██ ██ ██ ▄ █
█ ▄ ▀▀▀██ ██ ██ ██ ██ ▄ █
█ ▄ ▄▄ ██ ██ ██ ██ ██ ▄ █
█ ▄ ▀███▀ ▀███▀ ▀███▀ ▄ █
█ ▄ ▄ █
▀▄ ▀ ▄ ▄ ▀ ▄▀
▀▀▄▄ ▀ ▄ ▄ ▄ ▄ ▀ ▄▄▀▀
▀▀▀▄▄▄▄▄▄▄▀▀▀ |
█▄▄▄██████████▄▄▄
███████████▀██▀▀██▄▄
███████████████████▄
█████████████████████
████▄████▄███████▄███
█████████████████████
████▀████▀███████▀███
█████████████████████
███████████████████▀
███████████▄██▄▄██▀▀
▀▀▀██████████▀▀▀ | |
► ORIGINALS
► SLOTS | |
► LIVE GAMES
► SPORTSBOOK |
▄
▄
| ▀▄ | .
██..PLAY NOW.. |
|
|
|
soadrlz
Newbie
Offline
Activity: 18
Merit: 0
|
|
October 13, 2019, 06:35:57 AM |
|
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
|
|
|
|
|
|
Jating
|
|
October 13, 2019, 09:12:46 AM |
|
Thank you again @Baofeng for giving us a heads-up regarding this kind of attacks for bad entities in this crypto sphere. I'm sure that this is not the last one that we are going to see this kind of malicious intent. So we really need to be very attentive and think before we download something.
I also reported it as well. And I do hope that no one in this community has fallen victim to this kind of attacks.
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2492
Merit: 3597
Buy/Sell crypto at BestChange
|
|
October 14, 2019, 06:15:55 PM |
|
Open-source programs or those hosted on Github do not mean they are secure. You should make sure that some trusted developers have reviewed the code or at least the application works for a long time and has popularity with no reports of hacking. Why didn't you report to Github to be deleted? 95 days old
Created on 2019-07-11
Expires on 2020-07-11
Updated on 2019-09-09 The establishment of this domain did not last more than 100 days. |
|
|
|
ABCbits
Legendary
Offline
Activity: 2856
Merit: 7406
Crypto Swap Exchange
|
|
October 14, 2019, 06:34:26 PM |
|
Why didn't you report to Github to be deleted?
Because it's already removed/deleted? I tried access the repository from link i found at the article and i got 404. Even the website's content already removed, and only show "Index of /", which don't show any file or directory. |
|
|
|
desticy
Sr. Member
Offline
Activity: 1512
Merit: 292
www.cd3d.app
|
|
October 14, 2019, 08:20:33 PM |
|
Not bad. Thank you for distributing such important information. Hackers really improve tirelessly.
Only attentiveness and timely communication of the community will help get rid of this scourge, or at least protect yourself.
Always check if your connection is secure. Always check the address bar. Do not be lazy to spend an extra few minutes, this can save you money, time and nerves.
Thanks again.
|
|
|
|
GreatArkansas
Legendary
Offline
Activity: 2296
Merit: 1345
Buy/Sell crypto at BestChange
|
|
October 14, 2019, 11:01:08 PM |
|
I think it is much better if we report it to it's registrar which is NameaCheap, so that they will able to take it down ASAP. So, I submitted a ticket about this phishing website on it's registrar which is NameCheap, Inc.  Also reported here: https://etherscamdb.info/ Hoping for their fast response and action, especially on their registrar because they can take down the site once it is proved that that domain is abusing/containing some malware. |
|
|
|
whtchocla7e
Full Member
Offline
Activity: 392
Merit: 116
Worlds Simplest Cryptocurrency Wallet
|
|
October 15, 2019, 12:47:26 AM |
|
They can promote it by sending a link to their personal email, creating attractive bonus programs for hunters. These types of scams are very sophisticated and professional.
|
▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂
World's Simplest and Safest Decentralized Cryptocurrency Wallet!
▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
|
|
|
|
apoorvlathey
|
|
October 16, 2019, 03:34:26 PM |
|
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
Not necessary to raise red flags because I have seen several open source projects that just let the users download the binaries and execute the program on their computers. Hosting on Github helps to give users a false sense of trust that all the code is right in front of you if they had hosted on their own website, chances are lesser people would have downloaded. I wanna know whether antiviruses are capable to detect such backdoors or not. If yes, then this scam could have been avoided by just using a decent AV. |
|
|
|
|
Quidat
|
|
October 16, 2019, 05:33:13 PM |
|
Report sent! such sites should really be taken down.This one is hardly to be noticed if you dont have such experienced eyes.   |
|
|
|
|
|
panganib999
|
|
October 18, 2019, 04:06:06 PM |
|
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
As the technological age goes by and security features tightens, hackers and scammers also upgraded their hacking schemes and styles to follow and move together with the trend so they can still do and execute their plans. They make a trojan styled website where they will make it look like a legitimate and useful so users will be convinced to use it and once they run it to their computers it will start the phishing activity. |
|
|
|
|
khaled0111
Legendary
Offline
Activity: 2506
Merit: 2832
Top Crypto Casino
|
|
October 18, 2019, 05:39:03 PM |
|
If I understood you correctly, what the hacker did is binding a malware to a legitimate trading app?
If so, an updated antivirus would easily detect the malware.
Reporting the website is a must but it won't solve the problem as the hacker can register a new domain name whenever he wants.
|
|
|
|
Baofeng (OP)
Legendary
Offline
Activity: 2576
Merit: 1655
|
|
October 19, 2019, 04:08:13 PM |
|
Locking this thread as the site is already off-line. Thanks to those who have reported it!!!
|
| │ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███▀▀▀█████████████████
███▄▄▄█████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
███████████████████
███████████████
████████████████████████ | ███████████████████████████
███████████████████████████
███████████████████████████
█████████▀▀██▀██▀▀█████████
█████████████▄█████████████
████████▄█████████▄████████
█████████████▄█████████████
█████████████▄█▄███████████
██████████▀▀█████████████
██████████▀█▀██████████
▀███████████████████▀
▀███████████████▀
█████████████████████████ | | | O F F I C I A L P A R T N E R S
▬▬▬▬▬▬▬▬▬▬
ASTON VILLA FC
BURNLEY FC | | | BK8? | | | .
..PLAY NOW.. |
|
|
|
|
