(Solved) Spreading Malicios in guise of Utopia

[shasan]

@shasan I believe the result you got from VirusTotal is a false positive.

As the campaign manager confirmed that the result of virastotal showed the wrong result I am closing the case.
What happened:: Spreading malicious in guise of Utopia

Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=2503017

Reference Link: https://bitcointalk.org/index.php?topic=5436042
Additional Notes: Utopia website is: https://u.is/en/ But the scammer spreading malicious while shared as a telegram id (website):

Code:

https://utopia.im/78A01FD4C713514D5E2D7D9678851C22

while used the domain as https://utopia.im which has a malicious Proof is shown on the below image.[/color][/b]

[CCMS]

Hello idiot , what is this then ? : https://bitcointalk.org/index.php?topic=5425016.0

edit : IDIOT has no answer

[shasan]

Hello idiot , what is this then ? : https://bitcointalk.org/index.php?topic=5425016.0

The website link is https://u.is/ but you have shared the domain

Code:

https://utopia.im/

I am an idiot that's why you could not able to make me a fool. You think the community is a fool and will not be able to see the difference between the real domain https://u.is/ with the fake domain

Code:

https://utopia.im/

The domain you have shared is used to spread malware.


While on the real site there is no malware:

[CCMS]

  WHat to do with these kind of idiots I wonder .

Do this . Join t.me/utopiachatoff and ask there if it is a valid link . If they say it is not a valid link then I will share url given by you . Challege accepted ??

No do not scan this url with some stupid scanner

[CCMS]

Where is the Malware bro ??

[shasan]

WHat to do with these kind of idiots I wonder .

Do this . Join t.me/utopiachatoff and ask there if it is a valid link . If they say it is not a valid link then I will share url given by you . Challege accepted ??

No do not scan this url with some stupid scanner

The community will decide whether there is any malware or not. You are trying to post the spam link by me to promote your malware link? I will not do that. Just wait and see the reality. If the community says I am wrong then I am wrong. If the community says you are a scammer then you are the scammer. If the link were valid then they would post that on the forum/website/telegram group/telegram chat but the link u shared not published anywhere.

[examplens]

I'm not sure what's going on here, utopia.im domain certainly does not belong to official channels. at least as far as I've seen. however, it would not be the first time a project's supporters opened additional domains to better promote the project.

I took a risk and click on the link posted by CCMS, also accept to open with the Utopia application. as far as I could see, it really only connected me to one channel on Utopia chat. now I don't see anything critical. neither my browser nor my antivirus alerted me that there was something suspicious.

Also, the default domain utopia.im (without /78a01fd4c713514d5e2d7d9678851c22) is redirected to the official https://u.is/en/ Utopia website.

[holydarkness]

I'll open my post by saying that my statements below are all made on the base of assumption because I can't... won't check my theory to cross the t and dot the i, as I've turned off my laptop and it's quite dreadful for me to turn it back on just to check this theory on my mind. I had to rely on my phone and tablet... which, unfortunately, seems has a very different version from windows, given the screenshot provided by dozens of people on their ANN thread compared to what I see on my screen.

So treat this as a draft of my theory which I'll check tomorrow, anyone else is also welcome to weight in this theory, though.

So, in spite of --presumably-- different UI for android and windows, their website still say the same things cross platform, where one page said this:

[...]
Promo Report

Decentralized networks depend on users for stability and performance. As a result, public awareness of Utopia is the key to success. We need your enthusiastic support and will reward your efforts aimed at building a favorable image of Utopia and increasing its user base.

Here is what to do:

Use message boards, create videos, promote in real life among your friends, or unconventionally approach this. As a general rule, there is no limit to your creativity as long as it is beneficial for Utopia. Please make sure that you understand Utopia before promoting it.

You are encouraged to use the advantages of Utopia listed below in your promos:
[...]

I think, what CCMS tried to achieve is a reward for promotion by inviting a lot of people to their channel, thus the alternative website --to ensure they joined their channel through the link-- the "Don't have Utopia yet? Install it now!" and a tempting message that the group is for giveaways, which can only be accessed from "View in UTOPIA". Airdrop hunter on this forum who are yet to know Utopia would be tempted to join the channel --and by it, CCMS successfully increasing Utopia user base.

If my assumption is correct, I think it's a good strategy, and I'm not judging if it's right or wrong nor knowing if it violate Utopia's rule.

As for the malicious warning, as there's only one security vendor flagged it as malicious, I think it's probably a false positive, with the reason of the flag indicated on this picture


[tried to reupload with a box to show what I tried to point out, but the image was too blurry, if it's unreadable, it said "multiple redirect"]

[Zwei]

@shasan I believe the result you got from VirusTotal is a false positive.