all 15 comments

[–]Frakk4d 3 points4 points  (7 children)

I've seen this software before. It doesn't actually work, just "crashes" on launch then lurks in the background waiting for you to copy a BTC/eth address. When you do, it swaps it for their own so you end up sending your coins to them.

[–]_jstanley 3 points4 points  (6 children)

Absolutely right.

I checked out the source in the git repo, and the binary release, and there is absolutely no way the binary was generated using the source in the repo.

The binary release is launched via some .bat files, which are neither present nor generated by the Makefile in the repo.

The .bat files execute a file at includes/APIs/cvsrvc32.exe which is neither present nor generated by the Makefile in the repo.

The includes/APIs/ directory also contains a bunch of syntax highlighting configuration files (for no apparent reason) which are neither present nor generated by the Makefile in the repo.

100% scam.


It has a whole load of BTC addresses inside cvsrvc32.exe; it seems to map the first 3 characters of your paste to a Bitcoin address that they control that begins with the same first 3 characters:

[–]Frakk4d 2 points3 points  (5 children)

Yeah, given OPs lack of post history, I suspect it's actually a bought account, and they posted this as a "warning" with a convenient link straight to the GitHub repo. OP is hoping people will download this to check it out and rekt themselves in the process.

Edit: good detective work. Crafty malware too, would catch out a lot of people who only eyeball verify the first couple of characters.

[–]martingore2017 0 points1 point  (4 children)

Yeah, given OPs lack of post history

daisypiggy? Loads of history

[–]_jstanley 1 point2 points  (3 children)

Not sure if sarcastic or shill, but this is almost 0 history.

[–]martingore2017 0 points1 point  (2 children)

sorry.. i am new on reddit. just a month but i see : 6,001 post karma 3,573 comment karma or am i missing something?

[–]Frakk4d 1 point2 points  (1 child)

Yes, they have lots of karma but they have deleted all their previous posts and comments that earned that karma. IMO it's because the OP bought the account and deleted all the existing posts and comments because they had nothing to do with crypto.

[–]martingore2017 0 points1 point  (0 children)

oh. didnt know you can do that..

[–]martingore2017 0 points1 point  (3 children)

why doesn't github take that down? or are there legit uses for that program?

[–]_jstanley 2 points3 points  (2 children)

If it did what it said on the tin, I'd say it's fine for it to continue to exist.

Unfortunately the source in the repo is nonsensical, and the binary release is malware. It should be taken down by github.

[–]martingore2017 0 points1 point  (1 child)

so why is it not? does someone need to email them and let them know about it?

edit: "Thanks for getting in touch with us! We’ll get back to you shortly." well ive emailed them..

[–]_jstanley 2 points3 points  (0 children)

I emailed them too and I haven't received a response yet.

[–]no_face 0 points1 point  (1 child)

Use hardware wallets to store majority of your coins. Solves most problems

[–]_jstanley 1 point2 points  (0 children)

Wouldn't protect you against this malware. When you copy anything into the clipboard, it checks for a BTC address, and if present, substitutes it for one that begins with the same 3 characters, as in this paste:

You need to check the entire address you paste is correct, not just the first 3 characters. Applies just as much whether hardware wallet or software wallet.

[–]PenzancePirate 0 points1 point  (0 children)

TIL howsoever is a word.