One more attack on web3 developers:
Through
The attack scenario is as follows:
โ Ads, offers for artists and moderators are posted in the group-chat rooms (pic).
โ An operator communicates with a person and asks verification questions (creating the appearance of filtering and selection).
โ Then invited to Discord, where it is offered to download the game client and check the game (pic).
โ For downloading, they send the user to the site (link above), where instead of playing the game, the user downloads malware (pic).
Discord has about 3667 users and 24 boosters for now. Discord users send messages when you're online (gm/hi). Moreover, they fill chats history with fake conversations from multiple users. Without deep thinking, it is very nature.
Virus-total Report is https://www.virustotal.com/gui/file/0c547caa2a441a4ee10cc04e68473ffa768303fab7f7658ad4efc2c84476f7da?nocache=1
C&C // C2 (server used to collect stolen data) is
Little bit about AMOS Stealer: https://telegra.ph/Atomic-Stealer---Obzor-loga-06-27
I think that next time, ICO/IEO investors may be targeted.
Never, never installs any software from recruiters or job offerers. Never send your private keys.
Pay attention and protect yourself, have a good night, my dear stranger!
Through
https://playcrypterium.io (don't open) and https://discord.gg/MyZgrYnh (don't open) they distribute AMOS malware (OS X, Linux, Win) that steals cryptocurrency wallets.The attack scenario is as follows:
โ Ads, offers for artists and moderators are posted in the group-chat rooms (pic).
โ An operator communicates with a person and asks verification questions (creating the appearance of filtering and selection).
โ Then invited to Discord, where it is offered to download the game client and check the game (pic).
โ For downloading, they send the user to the site (link above), where instead of playing the game, the user downloads malware (pic).
Discord has about 3667 users and 24 boosters for now. Discord users send messages when you're online (gm/hi). Moreover, they fill chats history with fake conversations from multiple users. Without deep thinking, it is very nature.
Virus-total Report is https://www.virustotal.com/gui/file/0c547caa2a441a4ee10cc04e68473ffa768303fab7f7658ad4efc2c84476f7da?nocache=1
C&C // C2 (server used to collect stolen data) is
http://185.106.93.154/ (don't open)Little bit about AMOS Stealer: https://telegra.ph/Atomic-Stealer---Obzor-loga-06-27
I think that next time, ICO/IEO investors may be targeted.
Never, never installs any software from recruiters or job offerers. Never send your private keys.
Pay attention and protect yourself, have a good night, my dear stranger!
๐คฌ5๐4๐คฏ4๐ฉ1
SoK: Web3 Recovery Mechanisms (source)
This study explores Web3 account recovery challenges due to key pair usage. Solutions for improved usability and security are developed, with future research directions suggested.
https://eprint.iacr.org/2023/1575.pdf
This study explores Web3 account recovery challenges due to key pair usage. Solutions for improved usability and security are developed, with future research directions suggested.
https://eprint.iacr.org/2023/1575.pdf
โค3
Hi, strangers ๐ !
Turkish internet provider (Comnet) blocked outbound connections on 22 port: the are all Turkish developers and administrators cannot use GitHub, GitLab, BitBucket with ssh! (Source)
Be brave and stay calm in our adventures!
Turkish internet provider (Comnet) blocked outbound connections on 22 port: the are all Turkish developers and administrators cannot use GitHub, GitLab, BitBucket with ssh! (Source)
Be brave and stay calm in our adventures!
Please open Telegram to view this post
VIEW IN TELEGRAM
๐คฏ3
https://www.youtube.com/watch?v=-evIyrrjTTY what can we do to stop all the wars?
YouTube
This Land is Mine
Reference and original, including an explanation about each character in this video: http://blog.ninapaley.com/2012/10/01/this-land-is-mine/
It tells the story of the wars in the land called Israel/Palestine/Canaan/the Levant, since the cavemen until todayโฆ
It tells the story of the wars in the land called Israel/Palestine/Canaan/the Levant, since the cavemen until todayโฆ
๐ข2
Hi, my dear ๐ !
New day, new attack on web3 developers and artists.
At this time, the scam link is
Attackers send this link in comments (for example, in our group, too) (pic)
This site is looks like free-mint landing (do you like free minting?).
But instead, the site asked users to send their liquidity to a target address. 0x02b73dcA543Adf4061CA45ec118CD13ee37Bf2db (debank)
After, the site sends report to a telegram chat group using a special bot.
The bot credentials is
The invite link to the telegram chat group is https://t.me/+AHq8y1C9GWMxMjg0 (pic)
The chat group created on 27 September 2023.
The report chat has two telegram users:
- @nothingnessssssssss (tg id 5549919234)
- @mutuNFTs (tg id 6444639769)
Another users:
- @bothfs (tg id 6437252778) โ owner of pandra tg chat group
- @LUNPEP (tg id 6236128085) โ invited into log report chat by owner
All sites that are used to deceive visitors:
-
-
-
- nftboxes.co
-
-
Found scaminessman's addresses:
-
-
-
-
-
Log reports endpoint is:
Update: I think they are Armenian
Update2: add
Update3: decryptor https://gist.github.com/kalloc/c81e8c63fbb56d42d3df93803d8ed006, add few domains, the scammers still continue their attack
--
Stay safe my friends!
New day, new attack on web3 developers and artists.
At this time, the scam link is
https://fluffmania.com/.Attackers send this link in comments (for example, in our group, too) (pic)
This site is looks like free-mint landing (do you like free minting?).
But instead, the site asked users to send their liquidity to a target address. 0x02b73dcA543Adf4061CA45ec118CD13ee37Bf2db (debank)
After, the site sends report to a telegram chat group using a special bot.
The bot credentials is
bot6522192634:AAHy8NqRdYBBaoTJSH5N5K2HQRktKMqegSU (pic) (getMe, getUpdates)The invite link to the telegram chat group is https://t.me/+AHq8y1C9GWMxMjg0 (pic)
The chat group created on 27 September 2023.
The report chat has two telegram users:
- @nothingnessssssssss (tg id 5549919234)
- @mutuNFTs (tg id 6444639769)
Another users:
- @bothfs (tg id 6437252778) โ owner of pandra tg chat group
- @LUNPEP (tg id 6236128085) โ invited into log report chat by owner
All sites that are used to deceive visitors:
-
fluffmania.com-
pandra.io
- cyberconnect.fi
-
bigtime.wtf- nftboxes.co
-
fewos.io-
layerzero.catFound scaminessman's addresses:
-
0x3D684317b03BC4248A0EeE8C2Ed0B3b0c3a7F58d-
0x375Fa8d7a500aBEfb0eB18B2Cb9f4e68db01F398-
0x02b73dca543adf4061ca45ec118cd13ee37bf2db-
0x00005C99BA69Ca6a18be16234F95850F2C100000-
0x00002020429F161E2B3c3f5845a836f06E550000Log reports endpoint is:
moralis-api.zipUpdate: I think they are Armenian
Update2: add
layerzero.cat and fewos.ioUpdate3: decryptor https://gist.github.com/kalloc/c81e8c63fbb56d42d3df93803d8ed006, add few domains, the scammers still continue their attack
--
Stay safe my friends!
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐5
Forwarded from Uhtred Ragnarson
This media is not supported in your browser
VIEW IN TELEGRAM
๐6โค1
Just got achievement โ ban from @farm42. The debt is paid.
๐5