Re: Report Malware and Suspicious Links here so Mods can take Action !

Post Edited versions Quotes to this post

Post

Topic

Board Meta

Re: Report Malware and Suspicious Links here so Mods can take Action !

by

BABY SHOES

on 04/11/2023, 10:40:12 UTC

I found two fake ANNs spreading viruses via download links on github!

ANN Fake: [INS] InternetSecurity - protect you from phishing attempts [CPU mining]][ANN] [INS] InternetSecurity - protect you from phishing attempts [CPU mining]
User: js2105 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/1aa7a5d6aa38f4e5a4b641ccf6d5d7bdf4a96b86059b457e8cd0b49f00544008/detection

Quote from: js2105 on Today at 08:41:29 AM

Wallets
Windows: https://github.com/InternetSec/InternetSec/releases/tag/1.2.1
Source: https://github.com/InternetSec/InternetSec/

ANN Fake: [ANN] [BRV] BitcoinRivera - most security system [Scrypt]
User: Bitcoin@111 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc

Quote from: Bitcoin@111 on Today at 08:26:50 AM

Wallets
Windows: https://github.com/BitcoinRivera/BRV/releases/download/1.0.0/BitcoinRiveraCore.zip
Linux: coming soon

What we see again is that the file is created with the name PhoenixMinerReborn.exe.
As @Lafu reported here.

Code:

C:\Users\<USER>\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc/behavior