Suspicious website cryptocurrencysecurityadvice.com - probably hosting malware

This website have only one page (the homepage) and is using the logo of Coin Telegraph (probably without permission).

It advertises and hosts suspicious .exe files. I tested them with VirusTotal and some of the antivirus programs detect trojans.

Links on the header and on the footer are not working (except the link to CoinTelegraph). Also the "subscribe" feature is fake.

Screenshot of the cryptocurrencysecurityadvice.com:

Screenshot of the original Coin Telegraph:

According to signatures the files are signed by AGM 1980 Limited:

Links to VirusTotal reports:

https://www.virustotal.com/en/file/584024a88ccf88842991aba9c8574c569c4ff9dba79c6533ac3f1d4dcae68fdf/analysis/1513447866/
https://www.virustotal.com/en/file/9e776b006cdd8d8c8870b8697535011d84be7d4ca5d899e435533c194d060455/analysis/1513447905/
https://www.virustotal.com/en/file/960f77194f0e91ff4fa5419cf99046e75860ed4d8e2c84a8ebf9f7a5676abfdb/analysis/1513448162/
https://www.virustotal.com/en/file/43b730509250afb38027e9ae51097b3a257029abe3e870d9e1e5e6d56279a18f/analysis/1513448218/

Archive of the website: http://archive.is/2eLVZ

Looks like it's hosted by Digital Ocean:

valentin@computer:~$ ping cryptocurrencysecurityadvice.com -c 1
PING cryptocurrencysecurityadvice.com (178.62.112.207) 56(84) bytes of data.
64 bytes from 178.62.112.207: icmp_seq=1 ttl=55 time=69.4 ms

--- cryptocurrencysecurityadvice.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 69.480/69.480/69.480/0.000 ms
valentin@computer:~$ whois 178.62.112.207 | grep abuse
% Abuse contact for '178.62.0.0 - 178.62.127.255' is 'abuse@digitalocean.com'
valentin@computer:~$ 

The domain name registrar is publicdomainregistry.com:

valentin@computer:~$ whois cryptocurrencysecurityadvice.com | grep abuse
   Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
valentin@computer:~$ 

I reported it also to CoinTelegraph because of possible trademark infringement.

This website is advertised on Facebook:

I just sent a report to Comodo.

Comments

  1. I am regular reader, how are you everybody?
    This article posted at this site is genuinely nice.

    ReplyDelete

Post a Comment