Jump to content
  • 0

WARNING -- Phishing/Hacking Attempts


Question

Posted (edited)

Hello All,

It looks like SSgt. Marchese's steam account has been compromised. If you receive a message "WTF Dude?" with a link to a "screen-pictures" site, DO NOT FOLLOW IT. You will download a virus, if not some sort of keylogger or malicious software. Steam community says it steals all your trade-able DLC and resends the virus to your friends list.

omithacked_zps9d32ca43.png

I can PM the URL if anyone feels like getting hacked and/or wants to debug it! :lol:

If you did download or follow the link, run a virus scan and change your steam password ASAP!

Being in IT has taught me to be wary of unknown links from others, and to NEVER download unknown files. When I saw the link, I immediately googled the site for legitimacy and the list of warnings and infection reports on the Steam Community threw up the red flag. Please be cautious and browse safely! If anyone has issues, please post a request for help and our MSO team will help you out!

Thanks,

Lt. Col. Yamagata

Edited by Candy 1st MRB

23 answers to this question

Recommended Posts

  • 0
Posted (edited)

Hello all. I knows it's been a while but I am quite aware of the situation and will confirm. Apparently someone from my friends list had this virus and like a dope I fell for it and I am sorry for any problems this might of caused. I have changed my password to my steam account and am running antivirus I would advise you do the same. I did run antivirus on the file before opening it and it revealed no malware so that why I launched the fake jpeg. Ya think I would know better being in IT but guess I had a brain fart.

Edited by Marchese 1st MRB
  • 0
Posted (edited)

If you get a message from someone on steam that says:

WTF Dude?

definitely do not click on that.

It would be a virus. It almost got me until the img asked me for permission to run it....

Edited by Cannon 1st MRB
Removed the link - Cannon
  • 0
Posted (edited)

SSgt. Grant seems to have been affected by this as well. If ANYONE sends you this message DO NOT CLICK ON IT!!!!!

Also post who you get these messages from, that way we can contact them on the forum about there compromised account.

Edited by Griswold 1st MRB
  • 0
Posted
What if you clicked the link with your phone, but it didn't open the website because its not a real website or download anything.

I would say you would be good, probably built for a different operating system. But just make you pay attention to when/if you plug your phone into your computer next time. Make sure nothing fishy starts happening.

  • 0
Posted

REMEMBER GUYS ALSO LET THE PERSON WHO IS UNDER THE VIRUS KNOW THAT THEY ARE EFFECTED

BECAUSE THEY MIGHT NOT KNOW THAT THEY ARE

AND WILL CONTINUE TO GO ABOUT THEIR BUSINESS

WITHOUT SCANNING FOR VIRUSES OR FIXING THEIR PASSWORDS

  • 0
Posted

Anti-viruses work off of databases of "known" malware, that's why you need to update your protection so often, there are set definitions of viruses. In addition, it's using steam and your browser as a means to infect your computer, these are already "green-lit" by all your anti-virus programs. If it's new, it's not going to flag it as a known threat, this is where you, the user, needs to be diligent and check the source. Before I even clicked the link, I googled screen-picture or whatever the site hosting this "wtf dude" image. That's where I hit the "unknown site certificate" and pre-existing steam community posts results.

Google is your friend!

  • 0
Posted

Smart people have already debugged the virus! In case anyone was curious:

The method form the code is thus..

Hook into steam,

steal cookies,

get auth token,

get friends list,

send all items etc as per line + (753:gift;570:rare,legendary,immortal,mythical,arcana,normal,unusual,ancient,too

l,key;440:unusual,hat,tool,key;730:tool,knife,pistol,smg,shotgun,rifle,sniper rifle,machinegun,sticker,key) ,

send message to all friends = ("WTF Dude? http://♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥.com/DELETEDFORSAFTEY/")

Nothing thing else is mentioned in the code... Wanted to check to make sure it never got my password for steam..

Note* it uses the steamapi to send authenticated requests with the stolen cookies, for the trade transactions*

Well it steals the cookie which means the attacker can change the password on you in theory.

It's prudent to deauthorize your SteamGuard computers and change your password as a precaution.

  • 0
Posted
Smart people have already debugged the virus! In case anyone was curious:

The method form the code is thus..

Hook into steam,

steal cookies,

get auth token,

get friends list,

send all items etc as per line + (753:gift;570:rare,legendary,immortal,mythical,arcana,normal,unusual,ancient,too

l,key;440:unusual,hat,tool,key;730:tool,knife,pistol,smg,shotgun,rifle,sniper rifle,machinegun,sticker,key) ,

send message to all friends = ("WTF Dude? http://♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥.com/DELETEDFORSAFTEY/")

Nothing thing else is mentioned in the code... Wanted to check to make sure it never got my password for steam..

Note* it uses the steamapi to send authenticated requests with the stolen cookies, for the trade transactions*

Well it steals the cookie which means the attacker can change the password on you in theory.

It's prudent to deauthorize your SteamGuard computers and change your password as a precaution.

I was going to ask if someone could pm me the file url (or dropbox the file to me if the site has already been taken down) so that I could run it through IDA, but it looks like someone on the steam forums has already decompiled and analyzed it. I would still be interested in looking at it anyways, so if someone could hook me up with the file, that would be awesome.

  • 0
Posted

Today i recieved a PM from a friend of mine, While i neglected to take a screenshot it read as "Hey, I want to trade with you! Check My trade inventory @ *Link Removed*" then he logged out" I wont post the link, But research done on it says its not a trusted site and is most likely a scam / Phisher link.

  • 0
Posted

Tifrobond has seemed to have come down with this virus, if anyone has him on there friends list check your recent messages with him. If you opened any link from him, SCAN YOUR COMPUTER NOW!!!!

  • 0
Posted
Why do people suck so bad?

Real question should be why did it take so long for someone to look for a way to do this to someone? Steam for a long time had been a really good platform, why steal someones digital shit?

Steam is just like any other digital platform, why did it take so long for viruses that specifically target Steam to come out?

  • 0
Posted
Why do people suck so bad?

Real question should be why did it take so long for someone to look for a way to do this to someone? Steam for a long time had been a really good platform, why steal someones digital shit?

Steam is just like any other digital platform, why did it take so long for viruses that specifically target Steam to come out?

Hats.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Recent Posts

    • Can confirm, I did exchange conversation with this individual. Furthermore, this individual displayed good communication skills. 
    • MARINE CORPS ENLISTMENT OFFICE Camp Pendleton, CA   RECRUITMENT LETTER     Hello Gleumi, Thank you for taking interest in joining the 1st Marine Raider Battalion.   During your trial period the following will occur: Once accepted as a Recruit, you will remain as a Recruit for 2 weeks from the day of your acceptance until the next BCT Class is offered. During your time as a recruit, it is highly encouraged to play within the Public Server and join Discord with our other members. Upon acceptance, you will be contacted by one of our DIs when the next available BCT is scheduled via the appropriate Discord channel.   We have a BCT class every two weeks. Please keep an eye out for when the next one is made available once you've completed your time requirements!   Upon stating that you understand all the information here, an admin will change your forum name and login to be :   (Doe) 1st MRB   Take the time now to change your Steam and in-game name to:   Rec. (J. Doe) [1st MRB]     Please make sure to verify your forum account by checking your email. Also, please respond below with a reply showing that you have read and understand these rules. You cannot be fully accepted until you do so. We have a limit on the time to reply, if you do not do so within 48 hours, your application will be denied. Once you reply, you will be approved for your trial period unless otherwise posted.  
    • gleumi's application for Enlistment Form Questions Name: gleumi Timezone & Country/Region: NA west Platform Type Steam Steam ID (Use 17 Digit SteamID 64 / PC Game Pass Account Username): 76561199013530895 Age: 16 Do you have a microphone? Yes Which game title are you applying for? Hell Let Loose If you've selected Hell Let Loose, do you understand that this game is currently not cross platform capable and only PC players currently may apply? ( Steam or PC Game Pass) Yes Why do you wish to join the 1st Marine Raiders? I want to join because both my friend and I are new to hell let loose and we want to find a community that can help us learn to play and have fun Did any of our current members play a part in you enlisting? If so, who? no This unit offers more than just a place to play games with each other, do you have any online skills you think would be useful? I think just talking in general would be useful Do you have any Leadership experience that you think will be helpful? no I do not Have you ever been in a realism unit before, and if so, which unit was it? No i have not, this is my first How did you hear about us? my friend By posting this Enlistment form, I acknowledge the instructions completely, declare that I am 16 years old or older, and agree that I have and will follow server and unit rules maturely and respectfully or face immediate rejection. Yes   Application stats UserId: 898228794698133544 Username: gleumi User: @gleumi Duration: 265 seconds Joined guild at: 18 hours ago
    • killagoof's application for Enlistment Form Questions Name: Sawyer Lee   Timezone & Country/Region: Pacific   Platform Type: Steam   Steam ID (Use 17 Digit SteamID 64 / PC Game Pass Account Username): 76561199134329361   Age: 17   Do you have a microphone? Yes   Which game title are you applying for? Hell Let Loose   If you've selected Hell Let Loose, do you understand that this game is currently not cross platform capable and only PC players currently may apply? ( Steam or PC Game Pass): Yes   Why do you wish to join the 1st Marine Raiders? Seemed interesting, never really played these types of realistic shooters before Did any of our current members play a part in you enlisting? If so, who?: Muthas, Smith, Arsenault   This unit offers more than just a place to play games with each other, do you have any online skills you think would be useful? uhhh i don't think so   Do you have any Leadership experience that you think will be helpful? Nah I'm more of a yes man than anything   Have you ever been in a realism unit before, and if so, which unit was it? nope I have not   How did you hear about us? I just searched online to see if these groups still existed or not   By posting this Enlistment form, I acknowledge the instructions completely, declare that I am 16 years old or older, and agree that I have and will follow server and unit rules maturely and respectfully or face immediate rejection. Yes Application stats UserId: 793704846921957406 Username: killagoof User: @Rec. S. Lee Duration: 661 seconds Joined guild at: 11 hours ago
×
×
  • Create New...