Jump to content

Account Hacked (Do not use the undercutting SCRIPT)


SmokE

Recommended Posts

style-console's npm page links to another package. I went ahead and installed it from npm myself and I'm fairly sure I found it.

 

Now I'm not sure what *exactly* this does, but I'm 100% certain that this doesn't have anything to do with some nice console output. See for yourself...

Bildschirmfoto 2018-01-28 um 14.53.46.png

Link to comment
Share on other sites

  • Replies 143
  • Created
  • Last Reply
4 minutes ago, Volcyy said:

style-console's npm page links to another package. I went ahead and installed it from npm myself and I'm fairly sure I found it.

 

Now I'm not sure what *exactly* this does, but I'm 100% certain that this doesn't have anything to do with some nice console output. See for yourself...

Bildschirmfoto 2018-01-28 um 14.53.46.png

 

i think you have found it, fyi that code has been run through a obfuscation tool to make it unreadable and hard to understand. You can see the code is making a request and constructing an URI

Link to comment
Share on other sites

For anyone who did not understand, he basically had a dependency called style-console in his code which reached out to a github repo to download, on first glance that looks fine too, it was a dependency in that one that had the code which exported the whole config of the user :( 

Link to comment
Share on other sites

2 minutes ago, « SɱokEy » said:

can U give me the IP please I wanna check if its the same for the marketplace.tf login

 

the IP is at the bottom of the script if you want to check for yourself

Link to comment
Share on other sites

2 minutes ago, Volcyy said:

 

the IP is at the bottom of the script if you want to check for yourself

And this can keep all my personnal information ? (Name,Surname,Password) ?

 

Link to comment
Share on other sites

23 minutes ago, Enzotoy2 said:

And this can keep all my personnal information ? (Name,Surname,Password) ?

 

 

As I mentioned before, I'm not entirely sure how this works. It's obfuscated JavaScript and even after running it through a deobfuscator, it's still insanely hard to find out what the hell it's doing. 

 

Looking at the code though, it appears (read: *no idea how exactly this works*) to create obfuscated RegEx-es (simply put, something you use to extract text from other text).

The malicious function is called exactly once in the entire codebase, namely right after the bot has logged on:

 

client.on('loggedOn', function() {
  DEBUG1 && console.info("Logged into Steam");
  });

 

 

That didn't turn out as readable as I intended it to be, but anyways. I think this is also why SmokEy lost his items even after running the bot for only 30 minutes.

console is the imported malicious module style-console:

 

var console = require('style-console');

 

Since the only input it receives here is "Logged into Steam", I assume that the obfuscated function somehow grabs a hold of text containing the credentials somewhere, matches the important bits via RegEx, and then sends it to the server. @Enzotoy2 back to your question, I assume it """just""" sends the credentials in that you had config.json. Again, take this with a grain of salt. I have no idea how exactly it works, and it will probably take some time until someone figures it out. Fact is, you should take this as a lesson to not trust any code you see online, just because it's open source, until you've fully read it yourself and understood what it does. 

Link to comment
Share on other sites

3 minutes ago, Volcyy said:

 

As I mentioned before, I'm not entirely sure how this works. It's obfuscated JavaScript and even after running it through a deobfuscator, it's still insanely hard to find out what the hell it's doing. 

 

Looking at the code though, it appears (read: *no idea how exactly this works*) to create obfuscated RegEx-es (simply put, something you use to extract text from other text).

The malicious function is called exactly once in the entire codebase, namely right after the bot has logged on:

 

client.on('loggedOn', function() {
  DEBUG1 && console.info("Logged into Steam");
  });

 

 

That didn't turn out as readable as I intended it to be, but anyways. I think this is also why SmokEy lost his items even after running the bot for only 30 minutes.

console is the imported malicious module style-console:

 

var console = require('style-console');

 

Since the only input it receives here is "Logged into Steam", I assume that the obfuscated function somehow grabs a hold of text containing the credentials somewhere, matches the important bits via RegEx, and then sends it to the server. @Enzotoy2 back to your question, I assume it """just""" sends the credentials in that you had config.json. Again, take this with a grain of salt. I have no idea how exactly it works, and it will probably take some time until someone figures it out. Fact is, you should take this as a lesson to not trust any code you see online, just because it's open source, until you've fully read it yourself and understood what it does. 

 

oh wow ty for this reply

Link to comment
Share on other sites

8 minutes ago, Volcyy said:
client.on('loggedOn', function() {
  DEBUG1 && console.info("Logged into Steam");
  });

 

 

That didn't turn out as readable as I intended it to be, but anyways. I think this is also why SmokEy lost his items even after running the bot for only 30 minutes.

console is the imported malicious module style-console:

 

var console = require('style-console');

 

 

2

I am not much of a coder myself but I wanted to know how it works I did read through the code and dint understand most of the shit. 

Link to comment
Share on other sites

6 minutes ago, Volcyy said:

Fact is, you should take this as a lesson to not trust any code you see online, just because it's open source, until you've fully read it yourself and understood what it does. 

yes totally my bad for using it even though it was just to understand how his stock limits worked. should have made someone who is very good with codes go through it 1st

Link to comment
Share on other sites

Yeah it's blindly obvious that it's axle getting his revenge.. He took 50$ from me aswell.. I have literally used that script for about 10 minutes and deleted it

I'm sorry for who lost more.. 

Link to comment
Share on other sites

36 minutes ago, Mr. Sympathy said:

revenge

Revenge warrants him being wronged by the other party. In this case, none of the victims had done anything to him. So calling it revenge is undermining it.

 

This is straight up cyber crime and granted pursuing it in a legal standpoint won't fetch much but at least it gets his name out there and MAYBE valve gets involved.

Link to comment
Share on other sites

10 minutes ago, Lucif3r said:

Revenge warrants him being wronged by the other party. In this case, none of the victims had done anything to him. So calling it revenge is undermining it.

 

This is straight up cyber crime and granted pursuing it in a legal standpoint won't fetch much but at least it gets his name out there and MAYBE valve gets involved.

Actually I believe that this is a cybercrime attack + theft of intellectual and private data. I think it’s easily life in any USA prison? Not sure about the country he’s in.

Link to comment
Share on other sites

2 hours ago, SapienS said:

This looks like a mass fraud (Crime against property)
The victims should consider to reach their local cybercrime police

 

Like i said !!! This guy must not play cowboys within the TF2 community without any repercusion.

 

Fisrt of all, report his email to google, paypal, steam....

Also i recommand to build a case against him since this involve thousands of $$$

Make a list of the victims with the stolen value.

Link to comment
Share on other sites

Exactly. The last thing people should do right now is forget about this. No one should be allowed to just make off with that much stolen money without any repercussions and I mean REAL repercussions.

 

Think the community as a whole should fight back against a cyber crime of this magnitude. I mean if any of you are in contact of a lawyer and can bring them in here it would be great to hear what options the victims have here. Pretty sure Axle will piss his pants if he sees a lawyer getting involved.

Link to comment
Share on other sites

4 minutes ago, Lucif3r said:

Exactly. The last thing people should do right now is forget about this. No one should be allowed to just make off with that much stolen money without any repercussions and I mean REAL repercussions.

 

Think the community as a whole should fight back against a cyber crime of this magnitude. I mean if any of you are in contact of a lawyer and can bring them in here it would be great to hear what options the victims have here. Pretty sure Axle will piss his pants if he sees a lawyer getting involved.

Lol the amount that Axle stole is not sufficient to pay a lawyer.

Link to comment
Share on other sites

If anyone knows a person in the field of law, speak to him/her about this. 

See what can be done.

Valve should get involved in this, although I don't know how.

Link to comment
Share on other sites

1 minute ago, Bill Doritos said:

Lol the amount that Axle stole is not sufficient to pay a lawyer.

You'd be surprised how little a lawyer will go after as long as he gets his percentage of what is recovered.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...