yampi (OP)
|
|
March 06, 2015, 05:43:22 PM Last edit: March 07, 2015, 02:34:55 PM by yampi |
|
Recently there is an ad to a fake Electrum wallet which installs DarkComet TROJAN onto your computer. The official electrum wallet site has https, the fake one does not. Oh and the domain is OBVIOUSLY different than the official's.Please validate file signatures. Here's a virustotal anlysis report of the fake wallet file: here
|
|
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
DarkHyudrA
Legendary
Offline
Activity: 1386
Merit: 1000
English <-> Portuguese translations
|
|
March 06, 2015, 06:06:00 PM |
|
And where you got the fake electrum? You mean an ad here on the forum?
|
English <-> Brazilian Portuguese translations
|
|
|
abyrnes81
|
|
March 06, 2015, 06:07:31 PM |
|
And where you got the fake electrum? You mean an ad here on the forum?
I am interested to know the same thing, where do you downloaded the "fake" one? Can you give use the link between the (code) (/code) tag for security.
|
|
|
|
jbrnt
|
|
March 06, 2015, 06:21:52 PM |
|
Thank you for the warning. Where is the fake Electrum? Is it from a thread here on the forum?
|
|
|
|
dezoel
Legendary
Offline
Activity: 2016
Merit: 1072
Leading Crypto Sports Betting & Casino Platform
|
|
March 07, 2015, 04:50:19 AM |
|
ehm, where is you find it? can us see the link?
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
niktitan132
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
March 07, 2015, 09:00:30 AM |
|
Recently there is an ad to a fake Electrum wallet which installs DarkComet TROJAN onto your computer. The official electrum wallet site has https, the fake one does not. Please validate file signatures. Here's a virustotal anlysis report of the fake wallet file: hereReport the domain and they will hopefully take it down. Also, he must share the domain name here so we can report it too (the website will be faster taken down by host).
|
|
|
|
lacomepollos
Full Member
Offline
Activity: 168
Merit: 100
..... ..... ..... .....
|
|
March 07, 2015, 09:02:28 AM |
|
Thanks for this
|
------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
|
abyrnes81
|
|
March 07, 2015, 10:47:32 AM |
|
Thanks for the warning, I always download the official software from the real site and not from an unknown thread or site. Beware !
|
|
|
|
innocent93
Legendary
Offline
Activity: 896
Merit: 1000
|
|
March 07, 2015, 11:07:57 AM |
|
Never download any kind of wallet beyond their official website if you don't want to lose your money.
|
|
|
|
koelen3
Legendary
Offline
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
|
|
March 07, 2015, 11:23:35 AM |
|
This should rather be share on the Beginners Section too , just to make them aware of it! THank you for sharing it
|
|
|
|
9000
|
|
March 07, 2015, 11:48:28 AM |
|
Thanks for the warning, one is never too careful online...
|
|
|
|
luv2drnkbr
|
|
March 07, 2015, 12:09:17 PM |
|
Verify PGP sigs!!!
|
|
|
|
A10010
Newbie
Offline
Activity: 31
Merit: 0
|
|
March 07, 2015, 01:28:08 PM |
|
Just another reminder why we need to be extra careful online, scams everywhere!
|
|
|
|
Bralex
|
|
March 07, 2015, 01:31:48 PM |
|
Was only yesterday i downloaded electrum for the first time believe it or not, i checked the signature though so all was good. If everyone done this then the fake wallet would be useless but of course not everyone pays attention to what they download, which is crap because then the hackers will keep going while there are people to steal from.
|
|
|
|
twister
|
|
March 07, 2015, 02:34:09 PM |
|
The official electrum wallet site has https, the fake one does not.
Is that possible, can a hacker host files to someone else's domain with http? Verify PGP sigs!!!
Sorry for the stupid ques but how does one exactly do that with the downloads?
|
|
|
|
DarkHyudrA
Legendary
Offline
Activity: 1386
Merit: 1000
English <-> Portuguese translations
|
|
March 09, 2015, 11:07:34 AM |
|
The official electrum wallet site has https, the fake one does not.
Is that possible, can a hacker host files to someone else's domain with http? Verify PGP sigs!!!
Sorry for the stupid ques but how does one exactly do that with the downloads? First question: nope, with or without SSL/TSL, you're connecting to the same website. He probably confused with a phishing someting like el3ctrum or electrun. Second question, he probably meant the md5 hash for checksum, it's always said on the official website so that you can guarantee that you're downloading the right version.
|
English <-> Brazilian Portuguese translations
|
|
|
mistercoin
Legendary
Offline
Activity: 1042
Merit: 1000
https://r.honeygain.me/XEDDM2B07C
|
|
March 09, 2015, 12:13:04 PM |
|
Recently there is an ad to a fake Electrum wallet which installs DarkComet TROJAN onto your computer. The official electrum wallet site has https, the fake one does not. Oh and the domain is OBVIOUSLY different than the official's.Please validate file signatures. Here's a virustotal anlysis report of the fake wallet file: hereThanks for the heads up. I will send a newsletter out to my subscribers about it.
|
|
|
|
Bizmark13
Sr. Member
Offline
Activity: 462
Merit: 250
WikiScams.org - Information about Bitcoin Scams
|
|
March 09, 2015, 12:16:12 PM |
|
The official electrum wallet site has https, the fake one does not.
Is that possible, can a hacker host files to someone else's domain with http? Verify PGP sigs!!!
Sorry for the stupid ques but how does one exactly do that with the downloads? First question: nope, with or without SSL/TSL, you're connecting to the same website. He probably confused with a phishing someting like el3ctrum or electrun. Second question, he probably meant the md5 hash for checksum, it's always said on the official website so that you can guarantee that you're downloading the right version. If you go to the official download page for Electrum, next to each download link you will see a PGP signed signature from one of the devs. As for the MD5 hash, you can get it by right clicking on the file and choosing "properties". A window should appear with some tabs on the top. Click on the "checksums" tab to see the MD5 hash: Note however that the encryption behind MD5 hashes isn't completely resistant to forgeries, i.e. it is possible to construct collisions that result in two different files having the same MD5 hash.
|
|
|
|
kolloh
Legendary
Offline
Activity: 1736
Merit: 1023
|
|
March 09, 2015, 12:31:12 PM |
|
Thanks for the warning. I would definitely report this to the webhost so they can take it offline.
|
|
|
|
tss
|
|
March 09, 2015, 12:40:21 PM |
|
thanks for the warning but i don't see any info. no link to fake site to report and no confirmation on where the malicious file is being advertised.
|
|
|
|
twister
|
|
March 09, 2015, 03:28:18 PM |
|
First question: nope, with or without SSL/TSL, you're connecting to the same website. He probably confused with a phishing someting like el3ctrum or electrun. Yeah, I wasn't really sure that that could happen but I thought maybe some hackers developed something new. Thanks for clearing it up. He added in the OP now that the site is different. Second question, he probably meant the md5 hash for checksum, it's always said on the official website so that you can guarantee that you're downloading the right version.
If you go to the official download page for Electrum, next to each download link you will see a PGP signed signature from one of the devs. As for the MD5 hash, you can get it by right clicking on the file and choosing "properties". A window should appear with some tabs on the top. Click on the "checksums" tab to see the MD5 hash: Note however that the encryption behind MD5 hashes isn't completely resistant to forgeries, i.e. it is possible to construct collisions that result in two different files having the same MD5 hash. I see, so the only way to be safe while downloading Electrum is to make sure to download from the original site because the hacker can't possibly upload the forged MD5 hashed version at the original site. And the PGP signature contains the MD5 Hash, so one can verify that even that is from the original site owner.
|
|
|
|
luv2drnkbr
|
|
March 09, 2015, 07:52:31 PM |
|
The official electrum wallet site has https, the fake one does not.
Is that possible, can a hacker host files to someone else's domain with http? Verify PGP sigs!!!
Sorry for the stupid ques but how does one exactly do that with the downloads? First question: nope, with or without SSL/TSL, you're connecting to the same website. He probably confused with a phishing someting like el3ctrum or electrun. Second question, he probably meant the md5 hash for checksum, it's always said on the official website so that you can guarantee that you're downloading the right version. NO, no no!!! I did NOT mean the md5. That can be written on the forged website. I meant the PGP signature. The PGP signature *HAD* to have come from the actual Electrum developers. THAT'S what you need to verify. To the right of the link to download, you'll see another link that says "sig" or "signature", which will lead you to either a .asc file or a .sig file. You then use PGP software (usually in the form of GPG) to verify that the signature is correct and from either the key: 9914864DFC33499C6CA2BEEA22453004695506FD or the key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 You need to learn how to use GPG for that. It's a pain in the ass to learn, but once you learn it, it is extremely useful. It's that same software people use to encrypt their e-mail. Google and find Youtube videos about setting it up. It takes time to learn, and that sucks, but you'll be glad you know it once you do. The PGP signature, unlike a hash, can only be created by the developers. So even if the website is hacked and the hackers put up new md5's for their evil files, they still can't make fake PGP signatures.
|
|
|
|
twister
|
|
March 10, 2015, 09:45:20 AM |
|
NO, no no!!! I did NOT mean the md5. That can be written on the forged website.
I meant the PGP signature. The PGP signature *HAD* to have come from the actual Electrum developers. THAT'S what you need to verify.
To the right of the link to download, you'll see another link that says "sig" or "signature", which will lead you to either a .asc file or a .sig file.
You then use PGP software (usually in the form of GPG) to verify that the signature is correct and from either the key:
9914864DFC33499C6CA2BEEA22453004695506FD
or the key
6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
You need to learn how to use GPG for that. It's a pain in the ass to learn, but once you learn it, it is extremely useful. It's that same software people use to encrypt their e-mail. Google and find Youtube videos about setting it up. It takes time to learn, and that sucks, but you'll be glad you know it once you do.
The PGP signature, unlike a hash, can only be created by the developers. So even if the website is hacked and the hackers put up new md5's for their evil files, they still can't make fake PGP signatures.
Yeah, I get it now. I still don't know how to use PGP, I once tried to make a PGP key for me but got lost halfway. And I have been postponing it since coz it involves a lot of reading. But I guess I have to do it soon if I want to be safe.
|
|
|
|
tranzactionezlive
|
|
August 02, 2017, 07:18:57 AM |
|
If you can, please make this a sticky or make a new thread out of it, people NEED to be warned. I got robbed of 45.8 BTC (and BCH so total = 150000$) after installing the executable from electrum-wallet.com. I was running multisig but both on the same PC. First i ran the portable electrum.exe from electrum-wallet.com but when it did not load my wallets *NOTE : the ones that had BTC in them ,it loaded just fine any other wallet ) - I don't want to hear opinions on my stupidity After it didn't work i downloaded last version of electrum from electrum.org I'm wondering how the F is it possible that after 2 years of this thread no one has taken down and/or announced the US. authorities fbi etc about it. I'm in Romania and have no wish to deal with this legally, which will probably get me nowhere. I am willing to split the rights on the BTC with whoever is capable of recovering them via detective+legal means.This is the transaction : https://www.blocktrail.com/BTC/tx/78d44db46445d3097996fc644c1221eeead31added5c35cf1b7938737e3b49dbAs i said , I don't want to hear opinions on my stupidity, this is mostly a warning and hopefully a way for someone to make a healthy 75000$.
|
|
|
|
Reid
|
|
August 02, 2017, 08:09:59 AM |
|
Only beginners will bite this one. Although it is a good warning and might come in handy for new users. The website tells it all. It is simply electrum.org. I guess we just need to be careful with every clicks we make. For sure just one registry it will all end up with them. This is really bad.
|
|
|
|
|