Author Topic: [Scam] PTS messenger / All4coins  (Read 3148 times)

0 Members and 1 Guest are viewing this topic.

Offline yago

  • Full Member
  • ***
  • Posts: 188
    • View Profile
What happened: All4coins sent several PM with a link to a supposed "PTS messenger", but it seems to be a trojan keylogger.
Scammers Profile Link: https://bitsharestalk.org/index.php?action=profile;u=5056
Reference Link: none
Amount Scammed:  none to me, unknown to others.
Payment Method: none
Proof of Payment: none
PM/Chat Logs:
Quote
Hey yago,

i would like to support PTS.
I´m a programmer and was thinking about what could be a nice unique feature for a coin.
Now i have codet a PTS messenger.
It´s a messenger like msn or icq but here u will add people with ur wallet id.
And u can see the btc & PTS price everytime.
Also i´m thinking about a giveaway option like "for every day using messenger = 0.01 PTS or something".
Also i linked ur domain, qt download and other stuff of PTS in the messenger.


PTS Messenger Login:

http://s1.directupload.net/file/d/3485/ihjcszew_png.htm


PTS Messenger Buddys:

http://s1.directupload.net/file/d/3485/zxodayrm_png.htm


PTS Messenger Conversation:

http://s7.directupload.net/file/d/3485/jcwetf8g_png.htm



Download:

ProtoShare Messenger v1.0.2


I hope u like it if u have some suggestions what i can add or somethink what i have to change let me know.
I´m waiting for ur judgement and suggestions before i will share the messenger in the forum.

Here is your test Account for the messenger because the registration is closed at the moment i´m working on my server.

ID: testid
Password: testaccount

You can add me for testing the chat if u like
My ID: admintest

friendly greetings All4coins
(sry for my bad english :D)

Additional Notes: Tested that exe on virustotal, raised a lot of keylogger flags:
https://www.virustotal.com/en/file/761f1927eb3ae938b99fc15a885f0c821d73410406cd9ec215abd3ae30fcfefb/analysis/1388398539/

Malwr dynamic analysis:
https://malwr.com/analysis/YzliN2NlMGUzZTAyNDY4Yzk0OTA2NDk4ZjJlNmZlMDQ/

It tries to connect to flowfawfafwf1.no-ip.biz, collects information to fingerprint the system and installs itself for autorun at windows startup.

Seems that this guy is trying to steal other alt coins too:
https://encrypted.google.com/search?q=all4coins+messenger
http://bitsharestalk.org/donate.html  <---- Donate to the BitShares Forum ----> PforumPLfVQXTi4QpQqKwoChXHkoHcxGuA