From: noreply@dirge.harmsk.com   
      
   as someone posted back in may . . .   
      
   Date: Tue, 27 May 2025 09:52:15 +0000   
   >Message-Id: <20250527.095215.9aa06e66@yamn.paranoici.org>   
   >References: <64664778e2937035506b5458a5e1f21158b75aa8@i2pn2.org>   
   >Newsgroups: alt.privacy.anon-server   
   >...   
   >>I proposed long ago to the Nym developers to support Monero.   
   >>   
   >   
   >   
   >And what works for Tor and Bitcoin ...   
   >   
   >Nym is a scam and a honeypot.  Though they try hard   
   >to make big money with their snake oil they'll fail.   
      
   which seemed worth looking up, especially in the context of what could   
   possibly be motivating these "tuta-tor/mini-tor/mini-mailer" promoters   
   beyond their _eternal september_ onslaught against anonymous remailers,   
   could these troll farm operatives be enticed by perks, fringe benefits,   
   rewards for their unwavering allegiance to the almighty powers that be   
   (a significant portion of their vast troll farm apparatus must be a.i.)   
      
   over three decades of non-stop continual belligerence against anything   
   indicates pathological contempt, financial gain, or more probably both   
   i.e. at least where their mere mortal humantm work force are concerned   
   (and the bible explains that no one can have their cake and eat it too) . . .   
      
   (using Tor Browser 14.5.4)   
   https://dl.acm.org/doi/10.1016/j.cose.2019.101684   
   >Deanonymizing Tor hidden service users through Bitcoin transactions analysis   
   >Published: 01 February 2020 Publication History   
   >ACM Digital Library   
   >Abstract   
   >With the rapid increase of threats on the Internet, people are continuously   
   seeking   
   >privacy and anonymity. Services such as Bitcoin and Tor were introduced to   
   provide   
   >anonymity for online transactions and Web browsing. Due to its pseudonymity   
   model,   
   >Bitcoin lacks retroactive operational security, which means historical pieces   
   of   
   >information could be used to identify a certain user. By exploiting publicly   
   available   
   >information, we show how relying on Bitcoin for payments on Tor hidden   
   services could   
   >lead to deanonymization of these services¢ users. Such linking is possible by   
   finding   
   >at least one past transaction in the Blockchain that involves their publicly   
   declared   
   >Bitcoin addresses.   
   >To demonstrate the consequences of this deanonymization approach, we carried   
   out a   
   >real-world experiment simulating a passive, limited adversary. We crawled   
   1.5K hidden   
   >services and collected 88 unique and active Bitcoin addresses. We then   
   crawled 5B   
   >tweets and 1M BitcoinTalk forum pages and collected 4.2K and 41K unique   
   Bitcoin   
   >addresses, respectively. Each user address was associated with an online   
   identity along   
   >with its public profile information. By analyzing the transactions in the   
   Blockchain,   
   >we were able to link 125 unique users to 20 hidden services, including   
   sensitive ones,   
   >such as The Pirate Bay and Silk Road. We also analyzed two case studies in   
   detail to   
   >demonstrate the implications of the information leakage on users anonymity. In   
   >particular, we confirm that Bitcoin addresses should be considered   
   exploitable, as they   
   >can be used to deanonymize users retroactively. This is especially important   
   for Tor   
   >hidden service users who actively seek and expect privacy and anonymity.   
   >References   
   >...   
   https://dl.acm.org/doi/abs/10.1145/3589335.3651487   
   >Deanonymizing Transactions Originating from Monero Tor Hidden Service Nodes   
   >Published: 13 May 2024 Publication History   
   >Get Access   
   >WWW '24: Companion Proceedings of the ACM Web Conference 2024   
   >Deanonymizing Transactions Originating from Monero Tor Hidden Service Nodes   
   >Pages 678 - 681   
   >ACM Digital Library   
   >Abstract   
   >Monero is a privacy-focused cryptocurrency that incorporates anonymity   
   networks (such   
   >as Tor and I2P) and deploys the Dandelion++ protocol to prevent malicious   
   attackers   
   >from linking transactions with their source IPs. However, this paper   
   highlights a   
   >vulnerability in Monero's integration of the Tor network, which allows an   
   attacker to   
   >successfully deanonymize transactions originating from Monero Tor hidden   
   service nodes   
   >at the network-layer level.   
   >Our approach involves injecting malicious Monero Tor hidden service nodes   
   into the   
   >Monero P2P network to correlate the onion addresses of incoming Monero Tor   
   hidden   
   >service peers with their originating transactions. And by sending a signal   
   watermark   
   >embedded with the onion address to the Tor circuit, we establish a   
   correlation between   
   >the onion address and IP address of a Monero Tor hidden service node.   
   Ultimately, we   
   >correlate transactions and IPs of Monero Tor hidden service nodes.   
   >Through experimentation on the Monero testnet, we provide empirical evidence   
   of the   
   >effectiveness of our approach in successfully deanonymizing transactions   
   originating   
   >from Monero Tor hidden service nodes.   
   >Supplemental Material   
   >MP4 File   
   >Supplemental video   
   > Download   7.23 MB   
   >  https://dl.acm.org/doi/suppl/10.1145/3589335.3651487/suppl_file/shp4046.mp4   
   >References   
   >...   
   [end quoted excerpts]   
      
   found this while searching bitmessage, monero, tor, backdoor, etc . . .   
      
   (using Tor Browser 14.5.4)   
   https://cybersecurity88.com/news/new-backdoor-malware-exploits-p   
   bitmessage-p2p-protocol/   
   >New backdoor malware exploits PyBitmessage P2P protocol   
   >May 22, 2025   
   >The AhnLab Security Intelligence Center (ASEC) has discovered a new backdoor   
   >malware strain bundled with a Monero cryptocurrency miner. Unlike other   
   malware   
   >that uses HTTP or IP-based communication, this malware uses PyBitmessage   
   library   
   >to communicate over a peer-to-peer (P2P) network, encrypting its traffic   
   between   
   >endpoints.   
   >What is PyBitmessage?   
   >Bitmessage is a protocol designed for anonymity and decentralization,   
   preventing   
   >interception and masking both sender and receiver identities. The attackers   
   >exploit PyBitmessage, a Python-based implementation of this protocol, to   
   exchange   
   >encrypted packets disguised as regular network traffic to evade detection.   
   >Attack Chain   
   >The Monero miner and backdoor are embedded in the top-level executable’s   
   >resources and encrypted using XOR. Upon execution, the malware decrypts these   
   >components and stores three key files   
   >  config.json   
   >  WinRing0x64.sys   
   >  idle_maintenance.exe   
   >in the %Temp%\3048491484896530841649 directory.   
   >Monero is commonly used in such attacks due to its strong privacy features,   
   >allowing attackers to profit anonymously by hijacking system resources for   
   mining.   
   >Upon launch, the PowerShell-based backdoor installs PyBitmessage to handle   
   POST   
   >requests via localhost port 8442. It attempts to download PyBitmessage from   
   its   
   >GitHub release page, or from a Russian-based file hosting service likely   
   linked   
   >to the attacker.   
   >PowerShell script   
   >The PyBitmessage package, bundled via PyInstaller, creates .pyc, .pyd, and   
   >related module files in the %TEMP%\_MEI~~ directory upon execution.   
   >Among them is QtGui4.dll, which appears to be patched (with a specific offset   
   >zeroed out) to disable its standard functionality, potentially as an evasion   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)