Plugin
This material is an invention of one of the spammers who wrote to me six months ago. Spammers have the opportunity to use the extension for Google Chrome, which has the ability to remove the available balance from popular wallets and exchanges. The purpose of this plugin is to manage funds on your account, but some wanted to use it in order to force the victim to install the extension and lose bitcoins.
What the installation process looks like on behalf of the victim
The victim goes to the trading page, presses the button
After that, it is thrown either to a store in Google Store, where you can install the extension in two clicks, or to a site where you can download the archive with the plug-in and upload it manually (with instructions). The second one works if the plugin is removed by complaints from Google, therefore it is called "offline installation".
Having installed the extension, if a person goes into his wallet, he can be debited from the balance: somewhere, for example, Blockchain, this is done simply, somewhere (Binance, Coinbase) requires the participation of the creators of the extension.
The creators of the plugin take 20% of the withdrawn, the spammer receives 80% of the remaining amount, which is 12-15% less than the percentage of deposit. Also, extension administrators will not remove the balance if it is below the threshold specified on the channel.
How to access the admin panel of the plugin?
To do this, you need to earn at least a few deposits from different victims.
I will say right away: the site panel and the plugin panel are different things, we are not the creators of the extension, but only cooperate with their creators. Since the manual is fiction, I can’t attach screenshots either.
After receiving and entering the panel, go and create promotional codes, create your own.
It is needed so that, after following the link with the promotional code, the victim will be attached to you in the plugin panel. Our sites do not associate with extension sites in any way, and the browser add-on site cannot find out that a user with a specific IP is yours. That’s why you can give a support link with a refka (promo) in support, or you can make it smarter and easier: create a promo on the plugin’s site and paste it into the settings on our website.
After this action, your user may not search for links, but simply click on the "Start trading" button in the corresponding section, after which he will see the same thing, but he will be bound to you after installation.
Some good methods
Quote from that scammer:
"Often, the plugin is served after several deposits, when there is no choice to deposit money. Have you used the first deposit, commission and premium, but the premium commission and insurance? That's great. Enter the plugin, if the victim is not broke, you can check this in the tracking, clicking on the action itself.
- How to make it? What to say victim in support ?
There are several options, you can pretend that this is a plugin for security / transfer (???) / withdrawal / trading. A ton of things to help here. Let's look at a situation where you know that the victim is buying bitcoin or just owns it in his wallet. If you have not exhausted the user's strength limit and the victim is not very tired of fussing with deposits, then you can safely write that synchronization of an external (external) wallet and internal (internal, the one on which he is currently communicating with you) is necessary. According to story, synchronization is done through the corresponding plug-in, which can be taken in the trading part of the site. Bytes on the installation, after it you look at the balance. Fits limits and suits you? Fuck you. Turn on auto-capture and write to the creators of the plugin or admins, since you don’t know the contacts first. I would write right from the ip: it improves responsiveness.
If you see that the victim, roughly speaking, is fucked up, communication with her becomes like a game with fire. In this case, you say almost the same thing, only present otherwise. "Your account has been unlocked, use the appropriate plugin for withdrawal," and so on. A victim in 90% will ask what kind of plug-in and where to get it, here, I think, it is not necessary to teach. By examining and installing the extension, the victim can take a break and move away from the process of putting money into deposits, which is good. If the balance is empty - here we already say that the wallets cannot be synchronized, because the difference in the balances is too large and for withdrawal it is necessary to have at least xxx% of the balance on the fake site (see the amount and percentage yourself).
Important points
- Do not forget to change the error to the situation. The output button is that jerk where the victim will check the possibility of getting bitcoin, and he will check constantly. Prepare mistakes in advance, think through everything at least 3 steps forward.
- Check the withdrawal amount in front of the factory. They are considerable, because you don’t need to redirect everyone to the plugin.
- If a person doesn’t use wallets being removed, make him do it. Ask if she knows about the blockchain, if she saw such a wallet before. It is beautiful: the minimum wage is acceptable, and access will be permanent regardless of changing the password, setting 2fa and other crap. Even with the remote plugin. It is important to access only once.
- A plugin is not a loot button. Everything can be more complicated than described in the manual, therefore, if you work with the cryptocurrency, after you see a checkmark in the status of the log, you can focus on removing the plugin. "
That's all. It was a story from a scammer that I heard six months ago. We ourselves are always against the spread of malware and believe that the extension will be used only to manage our own balance.
P.S. if some devil takes this manual for his people aside in another project - I will find out about it in a few days, and the subproject will fly to black, on the site - abuses, wherever possible, and for the most intelligent - the load on the system, and no host change, no personal domains and pads will help. It’s bad to steal manuals, yes, a fan of putting “24” in each domain? ;)