Ninjastic
PostEdited versionsQuotes to this post
Post was deleted
 2 months ago (view)
Post
Topic
Board Announcements (Altcoins)
Topic OP
PURN
by
Jay2502
on 12/05/2025, 15:42:20 UTC
[ALERT] PURN Wallet May Contain Malware – Detected REMCOS Remote Access Trojan After Execution
⚠️ URGENT SECURITY WARNING – DO NOT DOWNLOAD PURN EXECUTABLES UNTIL FURTHER NOTICE ⚠️

Hello fellow miners and crypto enthusiasts,

I’m posting this as a critical warning regarding the newly released PURN project (https://github.com/PURN-NETWORK), which claims to offer a novel Blake3-based Proof of Work algorithm with AI integration (PAIW) and a smart contract layer.

I downloaded the official Windows binaries from the PURN GitHub release:

https://github.com/PURN-NETWORK/PURN/releases/tag/1.0.0

Immediately after launching the wallet and node binaries (purn-qt.exe, purnd.exe, etc.), Windows Defender triggered a severe threat detection:

🛑 Threat Details:
Threat Name: Behavior:Win32/Remcos.gen!MTB

Type: Remote Access Trojan (RAT)

Behavior: Executes commands from an attacker, logs keystrokes, and can access files, clipboard, wallets, and more

Affected File: BridgeMa.exe found in %AppData%\Local\Temp (spawned after PURN launch)

Status: Automatically removed by Windows Defender at runtime

⚠️ Why This is Dangerous:
REMCOS is a known Trojan toolkit used by cybercriminals to take over machines remotely.

It can silently steal passwords, crypto wallet seeds, clipboard content, and deploy further malware.

In my case, the RAT installed itself after launching the PURN wallet or node — suggesting the binaries may be infected or tampered with.

📉 Additional Observations:
The PURN node is non-functional (endless DNS loop, no block syncing)

No working explorer or block height confirmation exists

The GitHub project has no verified maintainers, no build verification, and no signed binaries

purncli.exe lacks basic commands like getinfo or getblockheight, suggesting immaturity or obfuscation

✅ What I Did After Detection:
Deleted all PURN-related files and wiped %Temp%, %AppData%, and Windows temp directories

Ran full system scans with Windows Defender and Malwarebytes

Cleared scheduled tasks and startup entries

Reset all passwords used since the executable launch

Rebooted and monitored network activity for outbound connections

🔒 Final Recommendation:
🛑 DO NOT RUN PURN BINARIES until the project can provide:

Verifiable signed builds

A working block explorer and syncable nodes

A full security audit or third-party confirmation

An explanation from the developers regarding this RAT alert

I strongly encourage other users to scan their systems and post their own findings here. If this turns out to be a deliberate malware deployment disguised as a “new coin,” we must act quickly to protect the community.

To the PURN developers:
If this was a mistake, supply a SHA256 hash of a clean build and a signed explanation ASAP. If not, this project may be flagged as malicious across multiple platforms and repositories.

Stay safe out there. If you value your keys, wallets, or system integrity — treat new coins with extreme caution.