Jump to content

Account Hacked (Do not use the undercutting SCRIPT)


SmokE

Recommended Posts

Not sure if this is the right place in the forums to post this, but Posting it here as this section gets the most attention.

Almost 12 hours ago my steam account was hacked and logged in by the hacker who stole all my TF2 items (3300$) and items on my steam inventory section (emoji's backgrounds etc) which was around 25$ in 2 different trade offers
The items were sent as a trade offer to this steam account http://steamcommunity.com/profiles/76561197963829343

 

The hacker also logged into my marketplace.tf account using steam and withdrew every item that was selling - stole those too. He dint just stop there

he added a new Email to my marketplace.tf payouts section and withdrew the 32.97$ I had in my account 
Email id used -- [email protected] Which was removed thanks to help from woifilicious and geel

(Screenshots below)
The steam screenshot is from the sent offer history section and not the incoming trade offers. (The hacker never changed my email password or any other details, He just logged sent all the items to his account and left)

How did this happen?

Do you guys remember the Alex Bot scam? 
The guy who got scammed of 7000$ from his bot. I have reasons to believe that it could be Axle himself behind this 
Because I was not the only victim  2 of my friends on steam (and god knows how many others got baited)

https://backpack.tf/profiles/76561198130990555
https://backpack.tf/profiles/76561198275484308
2 of my friends on steam
https://backpack.tf/profiles/76561198405190853

and this bot

What did we have in common?

All 4 of us have used his undercutting script which he released the source code a few weeks ago after getting site banned on all his 4 bot accounts
My 2 friends and this bot were actively using it when the scam happened, But I only used it on that day for less than 30 mins when he released the source code just to check it out. Removed and even deleted it after checking So I believe that our login details along with the identity secret were leaked to him by the script. When I (we) logged into the bot for the first time.

More reason to believe that he is the guy is that https://steamcommunity.com/id/76561198127915163/ The guy who made the script Axle himself, was on my friend's list until yesterday night and today I check he has removed and blocked me. Derpy was not even on his friend's list but derpy has also been blocked by this guy which made it more clear that it was him.

 

 

So if any of you guys are still using that script and if you still have your items. Please remove your steam guard authenticator as that's the only way to prevent it. IF you lost everything like me I am sorry for what happened. 
I am not linking the GitHub link for that scritp here for obvious reasons and woifi already removed his thread about the script.
Well, no point in talking about it now The damage has been done. We lost everything in one night, Was our mistake to use it (or even try it out)

If you guys know anyone else who got ripped off like this about 12 hours ago please do reply or comment here about it, as for now I just know the 4 of us who have used the script and there could be lot more as that thread had over 1000 views.

sdadasdasaaaaaaaaaa.jpg

b9119cffbff0ac80ccd3bcb974754efb-png.jpg

d53f4c04bc9302c52b545bad345d2030-png.jpg

aaaaaa.jpg

Link to comment
Share on other sites

  • Replies 143
  • Created
  • Last Reply

Can we blame backpack.tf admins for this ?

They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts.

Link to comment
Share on other sites

6 minutes ago, dyna said:

Can we blame backpack.tf admins for this ?

They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts.

 

That is highly flawed logic. With that logic since we allow cash traders on the forums and allow for reps on the site, since people get paypal scammed all the time, so all cash traders should be banned right? Btw alex was banned all along :P

Link to comment
Share on other sites

13 minutes ago, dyna said:

Can we blame backpack.tf admins for this ?

They allowed undercutting scripts on this site. These incidents could be avoided before if users got ban who used this and freely distributed these scripts.

No, I don't blame anyone but me

Link to comment
Share on other sites

1 hour ago, appy said:

 

That is highly flawed logic. With that logic since we allow cash traders on the forums and allow for reps on the site, since people get paypal scammed all the time, so all cash traders should be banned right? Btw alex was banned all along :P

I guess he was salty for being scammed himself, sucks to hear this happened... I almost used this myself

Link to comment
Share on other sites

Scamming spree or not, I would've never installed a bot managing my account, if it was made by person who got their items stolen due to a bot "loophole" in a first place. Like, who could think it was a good idea?

Link to comment
Share on other sites

Can confirm that this happened to me.

 

Lost ~ $2000 and two years of hardwork in a matter of minutes. 

 

Prior to this, I've not had any connections with Axle on Steam.

Suspecting something after I lost everything, I tried adding him on Steam, but to no avail.

It's still a mystery as to how he got hold of my login details, my identity_secret and password.

There is no one else to blame but the people who used his damned script. 

 

I urge all of you reading this post to NOT USE HIS SCRIPT EVER.

 

I guess it was his passion to see this game's economy to crash, and he has succeeded (somewhat). 

 

I have raised the issue with Steam and provided proof of the trades. Those of you who have lost items due to this exploit/hack should do the same.

I've also changed all my details again and will hope to get back to trading soon.

 

Good luck, and thanks.

Link to comment
Share on other sites

3 minutes ago, Derpy McDerpton said:

 

It's still a mystery as to how he got hold of my login details, my identity_secret and password.

 

why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand

Link to comment
Share on other sites

7 minutes ago, zol said:

why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand

Yeah, the mystery is how was it sent to him?
the files and details are on our PC's

Somewhere in the script it must be hidden I guess (I dont know)

It was our fault to use it in the 1st place. 
and as for me, I only used it on that day around a month ago once and then removed it 

Link to comment
Share on other sites

It's a mystery because I've never shared that file (config.json) with anyone. How did he get hold of it?

Waved a magic wand and it magically appears in his hard disk? 

Link to comment
Share on other sites

11 minutes ago, zol said:

why its a mystery ? you just logged into script using you log pass or its just script which is dont need it ? i cant understand

^^

Link to comment
Share on other sites

2 hours ago, Enzotoy2 said:

hello, this acc i use now has been scam too, The Kawaii bot, i lost about 300$

so here is the 5th victim, There should be more. 
Talked to this user and the items were moved to the very same account.

Link to comment
Share on other sites

  • Administrators

I can't believe running a script made by someone who is disgruntled and banned from everywhere had repercussions

 

Wowee


For what it's worth, I had a look through the originally-posted autoprice script and I couldn't find anything that was obviously malicious. Despite a few unrelated security vulnerabilities I discovered (e.g. a naively configured config could allow some unwanted accounts to have admin access), there are no obfuscated payloads or HTTP requests to anything other than Steam and backpack.tf, and the user's credentials aren't handled in a way that could be deemed suspicious.

 

That is, however, the version of the software that was last updated on Github 11 days ago. If you were affected by this, I suspect you were asked to use an updated version that wasn't hosted on GitHub, and that might've contained a malicious payload which sent off your credentials.

 

Edit: payload was contained in an external dependency

Link to comment
Share on other sites

17 minutes ago, fisk said:

If you were affected by this, I suspect you were asked to use an updated version that wasn't hosted on GitHub, and that might've contained a malicious payload which sent off your credentials.

 

I never used it After the day of release. Just tried it once that day and I was done with it as I have my own bot. (My mistake was to try to use it on my own account, I just wanted to see how it worked and how he managed stock limit and stuff)
About others, I don't know what version they all used, 
Everyone who got ripped has been actively using the script from that date until yesterday night.

Link to comment
Share on other sites

the only bot thing i used was the steam inventory helper but woifi warned us about the spyware so i no longer use anything...rip boi

Link to comment
Share on other sites

19 minutes ago, fisk said:

(e.g. a naively configured config could allow some unwanted accounts to have admin access)

 

 

If the hacker was able to set admin access on an account, he can take out the items, right? 

 

My steam was logged in and items were sent from my account to the hackers alt
Same for marketplace.tf he logged into mp.tf from my account and stole stuff. SO my account details were leaked

and a friend of mine found out that in his code that there are sockets used.
Copy paste of his msg below 
one of those are https://www.npmjs.com/package/style-console , which was uploaded 2 weeks ago
made by "some dude"

So 

most likely a script like something undercover?
sending my private info to the hacker like when I ran it after full installation took 2-5 mins to start 

it downloaded some shit
 

Link to comment
Share on other sites

2 minutes ago, « SɱokEy » said:

If the hacker was able to set admin access on an account, he can take out the items, right? 

 

My steam was logged in and items were sent from my account to the hackers alt
Same for marketplace.tf he logged into mp.tf from my account and stole stuff. SO my account details were leaked

and a friend of mine found out that in his code that there are sockets used.
Copy paste of his msg below 
one of those are https://www.npmjs.com/package/style-console , which was uploaded 2 weeks ago
made by "some dude"

So 

most likely a script like something undercover?
sending my private info to the hacker like when I ran it after full installation took 2-5 mins to start 

it downloaded some shit
 

perhaps in the script thingy,a spyware was inside just like the steam inventory helper

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...