Fake stellar airdrop+malware promoting via email with using name of bittrex

[sujonali1819]

Today I have received an email in my primary inbox (not in spam). Where I see the name of the sender is Bittrex news, curiously try to Open the email for more reading. And found they are promoting fake steller airdrop and malware. So I decided to warn the newbies here. because the newbies has more chance to get trapped in this type of airdrops. Let's start...

The email comes from:

Code:

bittrex_n@yahoo.com

They sent he email to not only me but also hundreds of email account at the same time



They provide this documents link in the description

Code:

https://docs.google.com/forms/d/e/1FAIpQLScHApfQJWOK-ys_zGd0hoMdkuaTvpqDvp_TpdH0ZzyXHwDyLw/viewform

archive

In this google documents, they provide how to claim the airdrop, Also provided the fake site link.

Code:

https://stellar-company.com/

archive



I have laughed a little bit when I see that they also ask the bitcointalk username for submitting



Site domain information:

Code:

Registrar Info
NameHosting Concepts B.V. d/b/a Openprovider
Whois Serverwhois.registrar.eu
Referral URLhttp://www.registrar.eu
StatusclientTransferProhibited https://icann.org/epp#clientTransferProhibited
ok https://icann.org/epp#ok
Important Dates
Expires On2021-04-06
Registered On2020-04-06
Updated On2020-05-02
Name Servers
ns1.md-86.webhostbox.net162.215.252.35
ns2.md-86.webhostbox.net162.215.252.35

Now as I said previously people need to download a wallet to claim this airdrop. The link of the wallet file

Code:

https://yip.su/26KBd5

After checking the file link in virus total I found that the file contains malware.


source:https://www.virustotal.com/gui/url/3c7f1a9199c4a673dbea01a259b5f8a9edfdd04be6074e0b7c5733e3b6e881e9/detection


So they have arranged this method step to step for spreading their fake wallet and malware on the internet. I don't know how much people have already get trapped here. But basically newbies in online earning people are trying these airdrop to earn a few bucks without thinking or investigating anything.
And my main motive was to warn newbies who are not much aware about these things. Be aware, investigate, save your computer, and virtual money from malware. Thanks for reading.

[1714829789]

1714829789

[1714829789]

1714829789

[1714829789]

1714829789

[DdmrDdmr]

Rings a bell ... I received one on my once upon a time Newbie exploratory email, but with slight differences:

-   The email comes from YoBit Info (of all ...):

Code:

infoyobit@yahoo.com

-   The first phrase ("Time is …") is replaced by: "Dear Stellar Project Member".
-   The google doc form url is different (…1FAIpQLSdHVQHndbtoWRz1rPkTk9y4XeSMpWdWTLNu1GrRekbGRop1nQ …).

So they’ve segmented different versions, perhaps to test which has most "ROSA" (Return on Scam Attempt) …

[Baofeng]

Nice, recently I also found their modus, they will send two separates emails to phish their victims.

Good catch and everyone should be very careful because it seems that scammers are ramping their activities as of late.

[pakhitheboss]

Any promotion that comes to your mail id should be ignored or should be marked as a scam. Airdrop and promotions from already established cryptocurrency projects are always declared on their blogs.

Always check their blogs, social media handles or their website to reconfirm their promotion. Scammers have been using such tricks to lure newbies.

Always remember nothing is free.

[Taskford]

Any promotion that comes to your mail id should be ignored or should be marked as a scam. Airdrop and promotions from already established cryptocurrency projects are always declared on their blogs.

Always check their blogs, social media handles or their website to reconfirm their promotion. Scammers have been using such tricks to lure newbies.

Always remember nothing is free.

I always receive a mail regarding on those various promotion and I never tempt to click any of those since I always assume that all unknown promotion came from mail are scam or worse its a malware that's why people should remember that there's no one will give us free money since there's always an exchange of everything.

This trick is always used up by scammers and people should learn about this to avoid any bad incident to happen.

[Charles-Tim]

This is informational and helpful especially for newbies, if bittrex are the one that send the airdrops, you will see it on their website where you can apply for it. What I can never do is to participate on any airdrop through email messages which can lead to malware installation on the device someone use to access the links on the email. Aside that, it can lead to phishing attack also, if you provide your personal details.

[Assface16678]

It is quite suspicious because what is the reason why they make an email spamming to the different users just to have a promotion on their airdrop and also one of the problems I saw on this kind of action is the reason why do they need to get the information of the bitcointalk account because it is an airdrop the account does not have any related topics on that emails also if this is an airdrop they will give the website or platform only but sometimes the developers are getting active because the links and emails they are spreading some of those links has malware or phishing actions that will steal the information their victims. Good to see that you give a post on this thread because many people can possibly be scammed by those links and platforms.

Rings a bell ... I received one on my once upon a time Newbie exploratory email, but with slight differences:

-   The email comes from YoBit Info (of all ...):

Code:

infoyobit@yahoo.com

-   The first phrase ("Time is …") is replaced by: "Dear Stellar Project Member".
-   The google doc form url is different (…1FAIpQLSdHVQHndbtoWRz1rPkTk9y4XeSMpWdWTLNu1GrRekbGRop1nQ …).

So they’ve segmented different versions, perhaps to test which has most "ROSA" (Return on Scam Attempt) …

I'm one of the people who are using the the yobit platform today and they always make an email to my inbox which is going to the spam board of the emails and we want to avoid those links but it is quite unusual that they send an airdrop on their account email because most of the time it is ICO. It is better if we make further research about this information.

[alik111]

Actually you found a very strong scam trick which is already spread everywhere.Actually daily a huge number of people getting scammed.Even I also received stellar related fake airdrop form which is from a scammer.And I shared with all in this forum to make awareness first.Here is my topic link to give a look

• Email Scam with Fake Lumens Airdrop Be Careful

And Here are Some posts from others related to Fake Stellar:

• https://bitcointalk.org/index.php?topic=5206370.0
• https://bitcointalk.org/index.php?topic=5166661.0
• https://bitcointalk.org/index.php?topic=5232231.0
• https://bitcointalk.org/index.php?topic=5211245.0
• https://bitcointalk.org/index.php?topic=5169881.0
• https://bitcointalk.org/index.php?topic=5228680.0
• https://bitcointalk.org/index.php?topic=5208619.0

[cryptoaddictchie]

My dummy email also received similar emails like @DdmrDdmr said they have different version but most likely these all came from a single person/group of scammers. I dont know why they pick stellar as their massive target for scamming. But this is not good for stellar reputation cause many complained will pour in for those who have been victimized by this modus.

Bitforex

Code:

Email: info.bitforex@yahoo.com
Form: https://docs.google.com/forms/d/e/1FAIpQLScpNie8cp-vPBxl76KJ2wWYIfg_1YSoXeGzT0NC_qZEWqIE5A/viewform

News Upbit

Code:

Email: 
news.upbit@yahoo.com
Google form: https://docs.google.com/forms/d/e/1FAIpQLScL353MSk0b8BQ1b-N0Nm1oflsMGNpgaYWDpHpGPnLCgSXVXQ/viewform

Funny! Also they have another email queries hotline

Code:

stellar@support.io

[AakZaki]

I often and almost every day receive this kind of email.
directing us to dangerous phishing links, some even in the form of malware.

Of course many people have been stuck with this method. This kind of email will be sent to SPAM messages.

The method used by scammers is now more sophisticated and with various new methods. You must stay alert and be careful when you find email messages like this.

[Taskford]

I often and almost every day receive this kind of email.
directing us to dangerous phishing links, some even in the form of malware.

Of course many people have been stuck with this method. This kind of email will be sent to SPAM messages.

The method used by scammers is now more sophisticated and with various new methods. You must stay alert and be careful when you find email messages like this.

I receive so many mail regarding on this thing and I never tempted to click any of those so better we should avoid any of those since they mostly use the free and other appealing words just to get make us the content of the mail.

If anyone encounter the same mail with unknown content better to delete it immediately and don't let it tempt  you since the next for that is hacking issue.

[sujonali1819]

And Here are Some posts from others related to Fake Stellar:

• https://bitcointalk.org/index.php?topic=5206370.0
• https://bitcointalk.org/index.php?topic=5166661.0
• https://bitcointalk.org/index.php?topic=5232231.0
• https://bitcointalk.org/index.php?topic=5211245.0
• https://bitcointalk.org/index.php?topic=5169881.0
• https://bitcointalk.org/index.php?topic=5228680.0
• https://bitcointalk.org/index.php?topic=5208619.0

It seems many of us already received that mails, and the scammers choose the only steller because of the generally stellar launch more airdrop than other projects. So that people can get it as real easily.

My dummy email also received similar emails like @DdmrDdmr said they have different version but most likely these all came from a single person/group of scammers. I dont know why they pick stellar as their massive target for scamming. But this is not good for stellar reputation cause many complained will pour in for those who have been victimized by this modus.

Bitforex

Code:

Email: info.bitforex@yahoo.com
Form: https://docs.google.com/forms/d/e/1FAIpQLScpNie8cp-vPBxl76KJ2wWYIfg_1YSoXeGzT0NC_qZEWqIE5A/viewform

News Upbit

Code:

Email: 
news.upbit@yahoo.com
Google form: https://docs.google.com/forms/d/e/1FAIpQLScL353MSk0b8BQ1b-N0Nm1oflsMGNpgaYWDpHpGPnLCgSXVXQ/viewform

Funny! Also they have another email queries hotline

Code:

stellar@support.io

So, not only the bittrex named email they used but also they are using the most trusted and biggest exchanges names in their email. we have to aware of it. though I don't care about these emails and don't hurry to click there, sometimes I have to click to know the reality and make warn the newbies as well as the all people here.

[Claudio99]

Your email get compromised the moment you start using them online for free money promotions like Airdrops and bounties, I get tons of these fake mails, some in Airdrop form and others are giveaways, don't bother to check because i knew I'm not supposed to get such mails

[Cryptobd24]

Everyday I receive many spam mail about Fake stellar  and Erc20 base Airdrops.
I always ignor this type of mails. Last few years I joined many airdrops and share my email that's scammer easily collect my mails and sent spam mail.           

[libert19]

At least here you can figure these were spam/scam from broken English, sentences and email domain used, I had few where they were done so well that you couldn't tell these were scams, I fall for it and finally when it asked for private keys my bulbs lighten up.