Jump to content

Spyware that stole my discord info, my search history and site passwords

-JustAguy-
 Share

Recommended Posts

-JustAguy-

-JustAguy-

Posted
Posted (edited)

everything happened on discord 
A person wrote to me in dm asking me to play his “game” so that I could review it later
he sent me the site where you can download the game and instead of the game there was only one file that caused some kind of java error and then this person who send the game send my discord data, search history and all my passwords from sites

image.thumb.png.b4650c4a4cce1516e63b3155ad4c15dd.png

the github page for the games site 

 https://playarenawarsgame.github.io/

 

password is ARENAWARS

video gameplay:

 

there was also github page of the game:  

https://github.com/playarenawarsgame/playarenawarsgame.github.io

 

and even malware github page by the same guy:  

https://github.com/playarenawarsgame/jhgfdsadsw/blob/main/kjhgvfcds.js

 

a person helped me partially deobfuscate the malware code and showed me these segments from it:

 image.png?ex=66dc2ab4&is=66dad934&hm=1f7e8960980c032baf57099381235713fd1392a38a8a70efd0ea405b5e7c13cf&image.png?ex=66dc2ae4&is=66dad964&hm=17de8b5eb39ff3e12c73f47ca84ea1fa0c2968e08b1e9a0c4a51fe872d4938f5&

I checked netplwiz in run command and didn't find other suspicious users

it also installed a logger of some sorts, I deducted that from the malware's code and that screenshot

also in two suspicious programs were also found in the task manager in startup (Launcher and startApp.vbs)

3963.png?ex=66dc38ff&is=66dae77f&hm=45ffcaa200c506983f22e9771d91b7904fa6dd5d9cac740dc8ce230611e34eb0&3964.png?ex=66dc38ff&is=66dae77f&hm=ccec200de793cf399618fffc982507b22a1bce1e680ad7f43e53669c7d6904a2&=

inside startapp vbs was this: Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "C:\Users\899A~1\AppData\Local\Temp\1cffed197ac052e9cb0c4c1e27c0e275.exe", 0
Set WshShell = Nothing

the path leads to nothing

What do I do now?

 

Edited by AdvancedSetup
Disabled hyperlinks
Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello @-JustAguy- and :welcome::

Thank you for the attachments.

Let us get the information to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let us go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process.

Then, sequentially follow each step in the order provided. Unless otherwise asked, please attach all logs.

 

Please make the following system changes:  Please pay close attention to the instructions in all the following links.

  • If you have not done so already, Enable System Protection and create a NEW System Restore Point.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed.
  • Disable-Fast-Startup.
  • Show-Hidden-Folders-Files-Extensions.

Please run the following scans:  Please pay close attention to the instructions in all the following links.

  1. Click the following link and run a Scan with AdwCleaner Alternative AdwCleaner download.
  2. Click the following link and run a Scan with Malwarebytes Alternative MB5 download. Please check for application and Update Package updates.
       RESTART the computer
  3. Click the following link and run a Scan with Farbar Recovery Scan Tool.
     

Example image of where to click to attach the 5 files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted (edited)

Thank you @-JustAguy-

This is another example of the "try my Beta game" ploy affecting so many we see here that is spam'd via email, SMS and Discord Direct Message.  It is not a game but an Electron based password and data stealer and is an Ageo Stealer.

RE:     Fake Game password and data stealer

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.