Suspicious website cryptocurrencysecurityadvice.com - probably hosting malware
This website have only one page (the homepage) and is using the logo of Coin Telegraph (probably without permission).
It advertises and hosts suspicious .exe files. I tested them with VirusTotal and some of the antivirus programs detect trojans.
Links on the header and on the footer are not working (except the link to CoinTelegraph). Also the "subscribe" feature is fake.
Screenshot of the cryptocurrencysecurityadvice.com:
Screenshot of the original Coin Telegraph:
According to signatures the files are signed by AGM 1980 Limited:
Links to VirusTotal reports:
https://www.virustotal.com/en/file/584024a88ccf88842991aba9c8574c569c4ff9dba79c6533ac3f1d4dcae68fdf/analysis/1513447866/ https://www.virustotal.com/en/file/9e776b006cdd8d8c8870b8697535011d84be7d4ca5d899e435533c194d060455/analysis/1513447905/ https://www.virustotal.com/en/file/960f77194f0e91ff4fa5419cf99046e75860ed4d8e2c84a8ebf9f7a5676abfdb/analysis/1513448162/ https://www.virustotal.com/en/file/43b730509250afb38027e9ae51097b3a257029abe3e870d9e1e5e6d56279a18f/analysis/1513448218/
Archive of the website: http://archive.is/2eLVZ
Looks like it's hosted by Digital Ocean:
valentin@computer:~$ ping cryptocurrencysecurityadvice.com -c 1 PING cryptocurrencysecurityadvice.com (178.62.112.207) 56(84) bytes of data. 64 bytes from 178.62.112.207: icmp_seq=1 ttl=55 time=69.4 ms --- cryptocurrencysecurityadvice.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 69.480/69.480/69.480/0.000 ms
valentin@computer:~$ whois 178.62.112.207 | grep abuse % Abuse contact for '178.62.0.0 - 178.62.127.255' is 'abuse@digitalocean.com' valentin@computer:~$
The domain name registrar is publicdomainregistry.com:
valentin@computer:~$ whois cryptocurrencysecurityadvice.com | grep abuse Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com valentin@computer:~$
I reported it also to CoinTelegraph because of possible trademark infringement.
This website is advertised on Facebook:
I just sent a report to Comodo.
I am regular reader, how are you everybody?
ReplyDeleteThis article posted at this site is genuinely nice.