SmokE Posted January 28, 2018 Share Posted January 28, 2018 Not sure if this is the right place in the forums to post this, but Posting it here as this section gets the most attention. Almost 12 hours ago my steam account was hacked and logged in by the hacker who stole all my TF2 items (3300$) and items on my steam inventory section (emoji's backgrounds etc) which was around 25$ in 2 different trade offers The items were sent as a trade offer to this steam account http://steamcommunity.com/profiles/76561197963829343 The hacker also logged into my marketplace.tf account using steam and withdrew every item that was selling - stole those too. He dint just stop there he added a new Email to my marketplace.tf payouts section and withdrew the 32.97$ I had in my account Email id used -- [email protected] Which was removed thanks to help from woifilicious and geel (Screenshots below) The steam screenshot is from the sent offer history section and not the incoming trade offers. (The hacker never changed my email password or any other details, He just logged sent all the items to his account and left)How did this happen? Do you guys remember the Alex Bot scam? The guy who got scammed of 7000$ from his bot. I have reasons to believe that it could be Axle himself behind this Because I was not the only victim 2 of my friends on steam (and god knows how many others got baited)https://backpack.tf/profiles/76561198130990555https://backpack.tf/profiles/76561198275484308 2 of my friends on steamhttps://backpack.tf/profiles/76561198405190853 and this botWhat did we have in common? All 4 of us have used his undercutting script which he released the source code a few weeks ago after getting site banned on all his 4 bot accounts My 2 friends and this bot were actively using it when the scam happened, But I only used it on that day for less than 30 mins when he released the source code just to check it out. Removed and even deleted it after checking So I believe that our login details along with the identity secret were leaked to him by the script. When I (we) logged into the bot for the first time. More reason to believe that he is the guy is that https://steamcommunity.com/id/76561198127915163/ The guy who made the script Axle himself, was on my friend's list until yesterday night and today I check he has removed and blocked me. Derpy was not even on his friend's list but derpy has also been blocked by this guy which made it more clear that it was him. So if any of you guys are still using that script and if you still have your items. Please remove your steam guard authenticator as that's the only way to prevent it. IF you lost everything like me I am sorry for what happened. I am not linking the GitHub link for that scritp here for obvious reasons and woifi already removed his thread about the script. Well, no point in talking about it now The damage has been done. We lost everything in one night, Was our mistake to use it (or even try it out) If you guys know anyone else who got ripped off like this about 12 hours ago please do reply or comment here about it, as for now I just know the 4 of us who have used the script and there could be lot more as that thread had over 1000 views. Link to comment Share on other sites More sharing options...
dyna Posted January 28, 2018 Share Posted January 28, 2018 Can we blame backpack.tf admins for this ? They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts. Link to comment Share on other sites More sharing options...
appy Posted January 28, 2018 Share Posted January 28, 2018 6 minutes ago, dyna said: Can we blame backpack.tf admins for this ? They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts. That is highly flawed logic. With that logic since we allow cash traders on the forums and allow for reps on the site, since people get paypal scammed all the time, so all cash traders should be banned right? Btw alex was banned all along Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 13 minutes ago, dyna said: Can we blame backpack.tf admins for this ? They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts. No, I don't blame anyone but me Link to comment Share on other sites More sharing options...
Enzotoy2 Posted January 28, 2018 Share Posted January 28, 2018 hello, this acc i use now has been scam too, The Kawaii bot, i lost about 300$ Link to comment Share on other sites More sharing options...
Argylekicks Posted January 28, 2018 Share Posted January 28, 2018 1 hour ago, appy said: That is highly flawed logic. With that logic since we allow cash traders on the forums and allow for reps on the site, since people get paypal scammed all the time, so all cash traders should be banned right? Btw alex was banned all along I guess he was salty for being scammed himself, sucks to hear this happened... I almost used this myself Link to comment Share on other sites More sharing options...
zol Posted January 28, 2018 Share Posted January 28, 2018 you put your login/pass into script ? or how does it work ? Link to comment Share on other sites More sharing options...
Clarıty. Posted January 28, 2018 Share Posted January 28, 2018 Sad to hear this happen, looks like you have to start all over again for trading, all the best! Link to comment Share on other sites More sharing options...
AdamWTS Posted January 28, 2018 Share Posted January 28, 2018 Scamming spree or not, I would've never installed a bot managing my account, if it was made by person who got their items stolen due to a bot "loophole" in a first place. Like, who could think it was a good idea? Link to comment Share on other sites More sharing options...
Derpyyyy Posted January 28, 2018 Share Posted January 28, 2018 Can confirm that this happened to me. Lost ~ $2000 and two years of hardwork in a matter of minutes. Prior to this, I've not had any connections with Axle on Steam. Suspecting something after I lost everything, I tried adding him on Steam, but to no avail. It's still a mystery as to how he got hold of my login details, my identity_secret and password. There is no one else to blame but the people who used his damned script. I urge all of you reading this post to NOT USE HIS SCRIPT EVER. I guess it was his passion to see this game's economy to crash, and he has succeeded (somewhat). I have raised the issue with Steam and provided proof of the trades. Those of you who have lost items due to this exploit/hack should do the same. I've also changed all my details again and will hope to get back to trading soon. Good luck, and thanks. Link to comment Share on other sites More sharing options...
zol Posted January 28, 2018 Share Posted January 28, 2018 3 minutes ago, Derpy McDerpton said: It's still a mystery as to how he got hold of my login details, my identity_secret and password. why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 42 minutes ago, zol said: you put your login/pass into script ? or how does it work ? the script takes over a steam account, it's me like using backpack.tf automatic you give all your details on the script's config.json file and it will run the steam account as the BOT. https://gyazo.com/ebdf4a4c3b0adb86458760fc6127166d Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 7 minutes ago, zol said: why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand Yeah, the mystery is how was it sent to him? the files and details are on our PC's Somewhere in the script it must be hidden I guess (I dont know) It was our fault to use it in the 1st place. and as for me, I only used it on that day around a month ago once and then removed it Link to comment Share on other sites More sharing options...
Derpyyyy Posted January 28, 2018 Share Posted January 28, 2018 It's a mystery because I've never shared that file (config.json) with anyone. How did he get hold of it? Waved a magic wand and it magically appears in his hard disk? Link to comment Share on other sites More sharing options...
Derpyyyy Posted January 28, 2018 Share Posted January 28, 2018 11 minutes ago, zol said: why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand ^^ Link to comment Share on other sites More sharing options...
zol Posted January 28, 2018 Share Posted January 28, 2018 maybe coz of cookies Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 2 hours ago, Enzotoy2 said: hello, this acc i use now has been scam too, The Kawaii bot, i lost about 300$ so here is the 5th victim, There should be more. Talked to this user and the items were moved to the very same account. Link to comment Share on other sites More sharing options...
Enzotoy2 Posted January 28, 2018 Share Posted January 28, 2018 Yeah it's me x: Link to comment Share on other sites More sharing options...
Administrators fisk Posted January 28, 2018 Administrators Share Posted January 28, 2018 I can't believe running a script made by someone who is disgruntled and banned from everywhere had repercussions Wowee For what it's worth, I had a look through the originally-posted autoprice script and I couldn't find anything that was obviously malicious. Despite a few unrelated security vulnerabilities I discovered (e.g. a naively configured config could allow some unwanted accounts to have admin access), there are no obfuscated payloads or HTTP requests to anything other than Steam and backpack.tf, and the user's credentials aren't handled in a way that could be deemed suspicious. That is, however, the version of the software that was last updated on Github 11 days ago. If you were affected by this, I suspect you were asked to use an updated version that wasn't hosted on GitHub, and that might've contained a malicious payload which sent off your credentials. Edit: payload was contained in an external dependency Link to comment Share on other sites More sharing options...
SVENNEN123 Posted January 28, 2018 Share Posted January 28, 2018 I know this feeling of loosing thousands of USD for nothing! It sucks, best of luck to you all victims! Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 17 minutes ago, fisk said: If you were affected by this, I suspect you were asked to use an updated version that wasn't hosted on GitHub, and that might've contained a malicious payload which sent off your credentials. I never used it After the day of release. Just tried it once that day and I was done with it as I have my own bot. (My mistake was to try to use it on my own account, I just wanted to see how it worked and how he managed stock limit and stuff) About others, I don't know what version they all used, Everyone who got ripped has been actively using the script from that date until yesterday night. Link to comment Share on other sites More sharing options...
SapienS Posted January 28, 2018 Share Posted January 28, 2018 This looks like a mass fraud (Crime against property) The victims should consider to reach their local cybercrime police Link to comment Share on other sites More sharing options...
Diamond jozu Posted January 28, 2018 Share Posted January 28, 2018 the only bot thing i used was the steam inventory helper but woifi warned us about the spyware so i no longer use anything...rip boi Link to comment Share on other sites More sharing options...
SmokE Posted January 28, 2018 Author Share Posted January 28, 2018 19 minutes ago, fisk said: (e.g. a naively configured config could allow some unwanted accounts to have admin access) If the hacker was able to set admin access on an account, he can take out the items, right? My steam was logged in and items were sent from my account to the hackers alt Same for marketplace.tf he logged into mp.tf from my account and stole stuff. SO my account details were leaked and a friend of mine found out that in his code that there are sockets used. Copy paste of his msg below one of those are https://www.npmjs.com/package/style-console , which was uploaded 2 weeks ago made by "some dude" So most likely a script like something undercover? sending my private info to the hacker like when I ran it after full installation took 2-5 mins to start it downloaded some shit Link to comment Share on other sites More sharing options...
Diamond jozu Posted January 28, 2018 Share Posted January 28, 2018 2 minutes ago, « SɱokEy » said: If the hacker was able to set admin access on an account, he can take out the items, right? My steam was logged in and items were sent from my account to the hackers alt Same for marketplace.tf he logged into mp.tf from my account and stole stuff. SO my account details were leaked and a friend of mine found out that in his code that there are sockets used. Copy paste of his msg below one of those are https://www.npmjs.com/package/style-console , which was uploaded 2 weeks ago made by "some dude" So most likely a script like something undercover? sending my private info to the hacker like when I ran it after full installation took 2-5 mins to start it downloaded some shit perhaps in the script thingy,a spyware was inside just like the steam inventory helper Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.