| Page 1 of 1 |
headshot
VIP Member
Posts: 34275
Location: UK
|
 Posted: Sun, 30th Sep 2018 09:25 Post subject: Bitcoin Ransom Malware Trojan Crap |
|
 |
I could probably have posted this in the Bitching Session but here is probably best as I’m looking for help and/or advice please!
So earlier today MalwareBytes notified me of a number of infected files on my PC. Upon checking these I found one in programdata called passwords.txt. I opened it to find it contained a fuck ton of logins from my Google Chrome account with this at the top.
| Quote: | [=======================================================]
[==================== Arkei Stealer =========================]
[=======================================================]
[================= Develop by Foxovsky =====================]
[=======================================================]
[====================== Buy Arkei: ========================]
[================== t.me/arsenkooo135 =====================]
[=======================================================] |
I immediately deleted it and began cleaning as best I could as well changing all the passwords which took a good couple of hours!
Whilst checking my junk mail as some password resets were not coming through to the inbox I found this.
| Quote: | Hello!
I'm a member of an international hacker group.
As you could probably have guessed, your account [my googlemail account] was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for [my googlemail account] is [my password].
Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.
We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...
Transfer $700 to our Bitcoin wallet: 18QGMXBte2fVodcq9xCwvPWiBEd98LwHwS
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.
I guarantee that after that, we'll erase all your "data" 
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself. |
The above email had my actual Google account email address and actual password but I removed them for obvious reasons.
I was quite concerned upon until I Googled it and found articles including this one and some subreddits that others had received similar emails.
http://uk.businessinsider.com/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7
I’m still concerned that I found a text document clearly created by software for stealing login credentials via a trojan and I’m not convinced that is related to the email I received.
Should I disregard everything and assume it will be fine or is there something I should be doing other than scanning for malware and trojans and changing passwords.
Advice / discuss please ...
May the NFOrce be with you always.
|
|
| Back to top |
|
|
couleur
[Moderator] Janitor
Posts: 14081
|
| Posted: Sun, 30th Sep 2018 09:55 Post subject: |
|
|
How long ago did you last change your password to your gmail account?
"Enlightenment is man's emergence from his self-imposed nonage. Nonage is the inability to use one's own understanding without another's guidance. This nonage is self-imposed if its cause lies not in lack of understanding but in indecision and lack of courage to use one's own mind without another's guidance. Dare to know! (Sapere aude.) "Have the courage to use your own understanding," is therefore the motto of the enlightenment."
|
|
| Back to top |
|
|
Frant
King's Bounty
Posts: 24433
Location: Your Mom
|
| Posted: Sun, 30th Sep 2018 09:57 Post subject: |
|
|
http://www.spywaretechs.com/remove-trojan-arkeistealer/
Arkei Stealer can disable AV, hide itself very well, create "false" hits in AV-tools etc. making it very difficult to even find since it leaves no noticeable trace unless you are really good at delving deep into the system and registry.
The best tool I've ever used to remove difficult-to-remove-crap is UnHackMe. Just make sure you get it from a trusted site like the developers own page.
http://www.greatis.com/unhackme/
I haven't been infected with Arkei Stealer so I can't say if it will clean your system from Arkei but it's been amazing the few times I've been hit.
You must be very sure you're rid of it before even bothering changing passwords. Go offline once you've got the tool/tools you need as well as manual cleaning. If you have a system restore point that you know is okay (ie. from before you were initially infected), restore to that point AFTER you've gotten rid of any rootkits, trojans etc. OR a fresh install (preferred).
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
"Thank you to God for making me an Atheist" - Ricky Gervais
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 30th Sep 2018 12:16 Post subject: |
|
|
clean install, once a system was compromised you can never trust it again
on the other hand i dont think you got it due to a drive-by attack, should be almost impossible with current systems,avtools and browser. you must have installed something with clicking on it by accident
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 30th Sep 2018 12:27 Post subject: |
|
|
Clean your system and only then reset all passwords starting with the email. I wouldn't worry TOO much about it.
If you can't find the infection or if you suspect it's not clean then you have to backup your stuff and do a clean reinstall.
I use HitmanPro and MalwareBytes.
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Sun, 30th Sep 2018 22:39 Post subject: |
|
|
yeah, same here..i also suggest to backup the important files on an external, Format the PC and clean the MBR, etc...
Then scan the shit our of the backuped files.
Install Clean Windows, add backuped (CLEAN) files again...
Gladly i never had such issues...
Can i ask, do you use any form of advanced Firewall? Or did you not? Did you had any security software istalled? if yes, wich ones? im just interessted in what software didnt catch it, etc..just to understand it..
greetz
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::.. 
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 30th Sep 2018 22:47 Post subject: |
|
|
Shouldn't 2nd step (phone) gmail protection help even if theifs know the password ?
3080, ps5, lg oled
Sin317-"im 31 years old and still surprised at how much shit comes out of my ass actually ..."
SteamDRM-"Call of Duty is the symbol of the true perfection in every aspect. Call of Duty games are like Mozart's/Beethoven's symphonies"
deadpoetic-"are you new to the cyberspace?"
|
|
| Back to top |
|
|
Morphineus
VIP Member
Posts: 24883
Location: Sweden
|
| Posted: Sun, 30th Sep 2018 23:34 Post subject: |
|
|
That mail is quite copy paste... except your mail address and password bit.
Maybe some tracker/forum/site had a breach and they added that info and tried their luck?
Had one I think a week ago (on one of my mail addressed I used for anything spammy), in Swedish, talking about webcams/microphones/porn sites...
Firstly: I never communicate in Swedish, I don't have a webcam nor a microphone. So yeah, that started of pretty well. 
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Oct 2018 11:10 Post subject: |
|
|
Have you double checked
https://haveibeenpwned.com
to see where they might have got your email and password? I got a similar email in the last few weeks but I can't remember if it had a password listed or if it did it was one I changed long ago after a data breach report plus like Morphineus I do not have a webcam or Mic setup so unless they are outside my window with a video camera, good luck posting any video of me in front of the computer.
|
|
| Back to top |
|
|
Nec
Posts: 232
Location: Israhell
|
| Posted: Mon, 1st Oct 2018 11:40 Post subject: |
|
|
Seriously, activate 2FA wherever you can. Sometimes it's a joke, but every added security layer can help.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 2nd Oct 2018 11:47 Post subject: |
|
|
Lol I just got the same message in my spam folder!
But it has a completely wrong password in it (kantafjern89). Clearly some fake shit
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 3rd Oct 2018 00:31 Post subject: |
|
|
me too password was wrong on mine too
|
|
| Back to top |
|
|
zmed
Posts: 9234
Location: Orbanistan
|
| Posted: Thu, 4th Oct 2018 02:05 Post subject: |
|
|
Just got the same mail. The password was something back from the early 2000s. And of course there's no indication that anything other than my desktop or my phone accessed my google account in the past couple years....so yeah, check your account login activity, and don't stress about it.
Just enable 2-step wherever you can, and use a password manager.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 5th Oct 2018 22:51 Post subject: |
|
|
This e-mail is phising. Old leaked e-mails and passwords.
i5 6600k @ 4.3 GHz | MSI z170 Gaming M7 | 32GB Kingston HyperX Fury | 850 Evo 500GB | EVGA 1070 SC | Seasonic X-660 | CM Storm Stryker
|
|
| Back to top |
|
|
JBeckman
VIP Member
Posts: 34480
Location: Sweden
|
| Posted: Sat, 6th Oct 2018 00:13 Post subject: |
|
|
Hey I wasn't the only one who got that!
Yeah old password from several years back probably from Facebook or something and all sorts of inaccuracies.
Who the fuck subscribes to porn for one thing, plus the old ass password long since replaced and then something about a web camera (Never had one.) and friends. (What are those?)
They wanted a 1000$ though in my case and I think the bitcoin address is the same.
HaveIBeenPwned or what the service site is called is pretty useful for looking up affected mail addresses though as long as you change more sensitive site passwords periodically it should be fairly safe. (Just about any website can be compromised though and some are really fidgety about reporting it or taking action unfortunately.)
|
|
| Back to top |
|
|
Karmeck
Posts: 3339
Location: Sweden
|
| Posted: Fri, 12th Oct 2018 19:25 Post subject: |
|
|
|
|
|
| Back to top |
|
|
garus
VIP Member
Posts: 34200
|
| Posted: Fri, 12th Oct 2018 19:27 Post subject: |
|
|
snip
Last edited by garus on Tue, 27th Aug 2024 21:29; edited 1 time in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
