ELR Home   Create recipe   Resource page   My recipes/favorites

Alltheflavors and Bitcoin mining


#1

So quetue has kind of been lying about his use of bitcoin mining. said it was opt-in only at first, then he said he removed it entirely but people found coin script codes still inside and investigated…

cointinued here…

edit: looks like darkjester may have found something worse than just a miner which has the potential to open users to trojans and hackers.
any thoughts?


#2

Heard some buzzing about that quite a while ago. Is this more recent?


#3

ya this happened hours before I posted.
the short version for people who don’t want to read it is
a user was asking why his AV trend micro blocked and flagged ALLtheflavors website
for bitcoin mining. The response was that it used to be an opt-in option for people who wanted to support ATF but has since been taken down and that there was some left-over code being flagged by AV.
This looks like it was true since a few user noted it was not activating
but a different user found evidence of ATF using https://webminepool.com/
a javascript miner. which is a playground for hackers to upload viruses and trojan’s possibly even injecting them into the website without the owners knowledge.


#4

This is one of the many things posted from darkjester89 on reddit

False positives or random/planned execution whenever they want to be activated, i mean… it’d be easier to prove that “yeah, we dont do that anymore” by removing it… instead of just lip service of "yeah, it’s inactive… trust us " and probably doing it anyway.

I got the trojan warning of from webminepool.com on 3 separate starts as soon I opened ATF.com, I refreshed each time 10 times, and it only activated the first 3 times. That’s a controlled scenario, not random “false positives” To say that “no, its not doing that”, but a widely known ABUSED resource for mining, especially for activating javascript… is present in its code and activating several times for several users… linking to a webminepool.com (a is a mining service allowing you to monetize your sites and applications with a JavaScript miner. Probably best coinhive alternative.)

…come on now… really?? You think we are stupid?


#5

@DarkJester89 :wink:


#6

thanks! I didn’t know he was a member here too I should have checked


#7

He is, and a very good guy… I have known him for a very long time. :smile:


#8

Wow, this turned around fast haha it happened just yesterday!

I’d be happy to discuss with shields/folks in charge/etc the TLDR version of this, but I don’t think it’d be proper (due to any conceived bias/conflict of interest kind of thing) if I respond to this without their blessings.


#9

I just happened to be on reddit as it was unfolding.
upvoted you so your posts wouldn’t get hidden/drowned out by the ATF fanboy circle-jerk.
I’m mixsomnia on reddit.


#10


#11

I always have a reason for not visiting certain pages. I never went to atf, but thanks for now giving me a reason to completely avoid it lol. Then again I do use ublock and what not on my pc, but still, this reason is better than I don’t like the people over there… :rofl:


#12

LOL!! Yup.


#13

So what was QueTue’s,or whatever his name is, response to this?


#14

well first he said it had been removed. then the code itself was posted then he said “oh well yea its there, but its inactive” he used his laziness as an excuse… also saying people complained because they wanted to mine-race etc its a series of bad excuses that devolved into nonchalant smirky sarcasm and name calling.
its a good read.


#15

So ok guys. I’m not a tecky kind of person here. Can someone put this in layman’s terms for me? Is ATF hacked or something? I certainly don’t want to be somewhere that I’m getting Trojans and viruses!!! It’s totally not worth it to me


#16

I think the short answer is there is a slight risk and we don’t know for sure.


#17

The owner/operator of ATF is suspected of continued participation in some shady practices, for which he was caught doing in the past


#18

Oh Wow! That makes me nervous cuz I’m on there but I think it’s time to go off! It’s not worth that at all. Thank goodness for ELR!


#19

Reddit member posted up that ATF activated his/her malware and asked for input. The results were really varied, but several stated “Yes, I get it” and others said “No, its not true”

I saw it, tried it out and got the malware alert myself. I thought it was a false positive, I retried 10 separate attempts. It activated, indicating a malware code was alive.

I F12’ed (pulled up developer tools of the site) and found a bitmoining code, down in the 6000 line’s which I have screenshot of and posted it. I then brought this to the thread (post on reddit) and the normal users/moderators started denying it, saying “trojans aren’t malware”, “it only activates if you click it”,

The reddit team defending trojans as “not being malware” falls into two categories.

• 1.They have no idea what malware is

• 2.They ARE aware, and part of the scam.

The code itself is bitmining, basically forcing computers to do problem solving in the form of a game to mine electronic currency. The dangers of it is that it can introduce viruses, but they can monetize from it.

Either the site manager was lying about an “inactive code” to the community,

or he was lying to the ATF team and has 2 codes in place.

-1. A decoy code that’s push start and just a store front
-2. A code in hiding that he’s monetizing personally from, that ATF isn’t aware of/ATF IS aware and getting a part of it.

Regardless, The site manager did he following

  • he admitted to scamming people, (sarcastic or not),
  • he delted the code rather quickly (deleted out of guilt? Deleted-because-someone-finally-noticed?) That’s not for me to figure out, but…
  • started accusing me of “find something better to do”, “being mean”, “full of shit”.

…maybe this was TLDR as I thought, but that’s it in a short version.

But eh, what does this mean for an average user? To deactivate this decoy code,you had to “sign in” to turn it off. Sign in, being you had to pay/premium to log in and deactivate it.

Bitmining is a revenue generated, usually used in place of ads to take spot on a website and is usually in place of ads, not used in conjuction with them

. The unusual part of this is, the site manager/ATF team gets paid in three ways.

1= Site ads, automatically soon as you get on the site
2= Malware/Bitmining code= automatically as soon as you get on the site
3= Paying for premium to turn the decoy code off

An average user is basically paying the site to not have ADS AND to not have malware.

Take this for how you want to receive it, but…just be careful out there and make sure your computer has some kind of monitoring system, because the site manager reported that he used the same tactics that pirate bay users were doing (piracy sites) and “stopped doing it to avoid notice”, AND that credit card companies have denied working with him because they refused to operate on a malware-positive site.
(Malware = place you input credit card information for subscription is how you get your identify stolen)

Tread at your own risk and be safe. :confused:


#20

@DarkJester89 I was looking at something different. Do you have a screenshot ??

<script>
  (function() {
    window._pa = window._pa || {};
    var pa = document.createElement('script'); pa.type = 'text/javascript'; pa.async = true;
    pa.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + "//tag.marinsm.com/serve/58ab7b33db5fd18a00000110.js";
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(pa, s);
  })();
</script>