Sophisticated Backdoor sent by Reputable Seller

[Nightqueenallie]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

(I'm doing this on my phone since no computer anymore atm while I backup certain files and wipe my system)

Information
######################
Purchase Date: 1/27/22
Date the problem began: 1/27/22
Method of Contact Used (chat program): Discord
Instant Messenger username of the person you're accusing: Tazsa#2917 (499405846959095809)
Your Instant Messenger ID:

Only staff can view this content.

Other information:


DISPUTE Information
######################
Link of transaction thread (URL, Epicnpc thread): https://www.epicnpc.com/threads/swords-of-legends-power-leveling-boosting-service.1995206/
Approximate value of property: $0 USD
Was Trade Guardian used? NO
If yes, what is the Trade Guardian ID? NO

What is the dispute about?
This isn't a typical dispute. You just don't have a category for it. This member has been going around on discord messaging an extremely sophisticated & malicious .exe to previous buyers on the pretense that it's for school. Honestly since it was Javascript I thought nothing of it at first since the game (snake) could be built on Javascript. Also thought nothing of it because this person is incredibly respected in here and I only had good interactions with them in the past.

Upon usage of the .exe: It forcefully logged me out of Discord, closed it, then reopened to try and get me to type in my password. That was a faux process. After immediately disconnecting my internet I attempted to figure out what it was doing.

Upon indepth examination of the .exe it is potentially backdoor built on axios, building its own http client, and using that to package and send itself data.

Why is this worth mentioning? Virustotal won't detect anything nor will any major av software that's not on VirusTotal. Backdoors don't get detected that well. And with how sophisticated this was and how it almost tricked me entirely into thinking it was only after discord (which it didn't want in the first place).

Other details / notes:
This is more like a comment. I've spent my entire day so far figuring out what this was to figure out if any sensitive material (work related) was affected.

I've also reported it to the discord safety team as well as Google, and every server I share with this person.

Proof
######################
You MUST provide proof or your claim will not be valid!

Screenshots (make sure the accused email is visible):

Account Recalls
######################
N/A


-------------------------------------------------------------------------------------------------------
If you are not involved, please do not post in the thread.

Here you can find information about our Dispute rules and how we investigate disputes.
https://www.epicnpc.com/threads/90442-Dispute-FORUM-RULES

 

[Nightqueenallie]

Only staff can view this content.

 

[Nightqueenallie]

Hasn't responded to me since and I'm still actively trying to figure out what has been affected.

 

[SaltnVinegar]

@Tazsa Respond here, you've been online and looking at the OPs profile

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

hi sorry. that wast me

My discord was got hacked
someone previous buyer asking same program like that too
not sure he was getting hacked or not
i gotten hacked after i install it, same as you and all my discord info got changed.
you can in my email and also im try to retive it back

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

@Tazsa Respond here, you've been online and looking at the OPs profile

my discord just got hacked too

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

sorry i still cant open my discord
i dont have any screenshot of my chat there

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

yea im installed the program too because he was my buyer and im trying to help
now my discord got hacked and i no longer can use it

 

[SaltnVinegar]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

Any damage caused from your Discord hacking will be your responsibility. Recover your discord info asap.

 

[Lucids]

Any damage caused from your Discord hacking will be your responsibility. Recover your discord info asap.

im trying, i was wating for reply from them

 

[Nightqueenallie]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

For further information on the hack used against me:

It does not hack my discord it simply uses that as a mask to make me think it was (found that out after about 190k lines into the code).

Somewhere in the 200k range i found this out: In the background it is essentially makes my system into a node, discreetly sending all sorts of information into packed files to a couple dozen pgps. Looking at the sophisticated code it was made and released publicly to script kiddies hence all of the comments (the '//' is a comment) so even children could understand without needing to understand the code. And they're given instructions that only "this and this" needs to be changed. Whereas really, all of my sensitive information is being sent to the creator of the back door.

That means any accounts I have sold may or may not be compromised. I THANKFULLY never saved any of my clientele's log in information so they're all safe from the looks of it. I also haven't finished checking the sheer amount of damage it cause in the 11 minutes it was connected to the internet.

I have a lot of sensitive information on my computer especially an unreleased MMORPG (that's currently being worked on by myself) and if that got out I would suffer approximately 15 million USD in damages just on what I have. That's not including what I have access to.

So let's cross our fingers and hope they didn't get any of that.

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

For further information on the hack used against me:

It does not hack my discord it simply uses that as a mask to make me think it was (found that out after about 190k lines into the code).

Somewhere in the 200k range i found this out: In the background it is essentially makes my system into a node, discreetly sending all sorts of information into packed files to a couple dozen pgps. Looking at the sophisticated code it was made and released publicly to script kiddies hence all of the comments (the '//' is a comment) so even children could understand without needing to understand the code. And they're given instructions that only "this and this" needs to be changed. Whereas really, all of my sensitive information is being sent to the creator of the back door.

That means any accounts I have sold may or may not be compromised. I THANKFULLY never saved any of my clientele's log in information so they're all safe from the looks of it. I also haven't finished checking the sheer amount of damage it cause in the 11 minutes it was connected to the internet.

I have a lot of sensitive information on my computer especially an unreleased MMORPG (that's currently being worked on by myself) and if that got out I would suffer approximately 15 million USD in damages just on what I have. That's not including what I have access to.

So let's cross our fingers and hope they didn't get any of that.

sorry but im not sure what transaction we had before

it seem my first time seeing your discord
can you provide your previous chat with me

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

im not putting 2FA for my discord
now its kinda hard to recover it back
unless they already reply my email

and this is first time too knowing about discord hack and that stuff

i will reply here once i get reply from them

 

[Nightqueenallie]

sorry but im not sure what transaction we had before

it seem my first time seeing your discord
can you provide your previous chat with me

Too much and on my phone (still no PC because of this). But here's the key snapshots of me purchasing and you completing.

Only staff can view this content.

 

[Lucids]

ok sorry for that and for damage i cause
i also victim too with that kind of program

and my bad i was not install AV in my PC also not very know about those kinda hack programs

hope you dont get trouble so much

 

[Nightqueenallie]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

ok sorry for that and for damage i cause
i also victim too with that kind of program

and my bad i dont put my AV in my PC also not very know about those kinda hack programs

hope you dont get trouble so much

What you got to lose access to your discord was most likely a phishing link. You can only stay safe by examining the link and not blindly clicking any. Only AV software that actively scans web pages when opening them will catch that and not all do. Most actually dont.

What happened to me wasn't a discord hack or a virus, but a backdoor to my system. It won't get picked up by AV software. So thankfully I work as a game developer or they would have gotten away with A LOT more than 11 minutes of internet being up.

As I previously said though, I don't know the extent of the damage yet. If it even remotely touched the unreleased MMO then I will be facing 15 million USD in losses and a decade of work.

 

[Nightqueenallie]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

I will admit it is my fault for not examining the .exe before clicking it, but most if not all hacks on discord aren't nearly this sophisticated.

 

[Nightqueenallie]

@SaltnVinegar

Anyone that did click that .exe needs to turn off their internet ASAP, backup any files they absolutely need, then completely wipe their system and pray nothing important was taken.

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

What you got to lose access to your discord was most likely a phishing link. You can only stay safe by examining the link and not blindly clicking any. Only AV software that actively scans web pages when opening them will catch that and not all do. Most actually dont.

What happened to me wasn't a discord hack or a virus, but a backdoor to my system. It won't get picked up by AV software. So thankfully I work as a game developer or they would have gotten away with A LOT more than 11 minutes of internet being up.

As I previously said though, I don't know the extent of the damage yet. If it even remotely touched the unreleased MMO then I will be facing 15 million USD in losses and a decade of work.

no im not clicking any psihing link

i was getting fooled too
someone text me with that kind of stuff to install the program
it was not random people, it was my also my previous buyer
he was buying my seven knight 2 account back then

after i install it my discord gotten logout
and i retype my login info after that everything got changed including my email address

 

[Nightqueenallie]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

What you got to lose access to your discord was most likely a phishing link. You can only stay safe by examining the link and not blindly clicking any. Only AV software that actively scans web pages when opening them will catch that and not all do. Most actually dont.

no im not clicking any psihing link

i was getting fooled too
someone text me with that kind of stuff to install the program
it was not random people, it was my also my previous buyer
he was buying my seven knight 2 account back then

after i install it my discord gotten logout
and i retype my login info after that everything got changed including my email address

If you clicked that link and logged in again, that means its still affecting you. Whats under that initial discord "hack" is actually by far more malicious than you think. You need to turn off your internet to your computer, backup important files, and wipe your system.

 

[Lucids]

@SaltnVinegar

Anyone that did click that .exe needs to turn off their internet ASAP, backup any files they absolutely need, then completely wipe their system and pray nothing important was taken.

is it that bad?

i already installed AV and Scan my PC
it has found trojan or something and i already delete it

 

[Nightqueenallie]

is it that bad?

i already installed AV and Scan my PC
it has found trojan or something and i already delete it

It's not detected as a Trojan. It's not detected at all. I had to manually dig through the code to figure out what it was.

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

It's not detected as a Trojan. It's not detected at all. I had to manually dig through the code to figure out what it was.

ah ok i see that
sorry it cause so much trouble


think im gonna reinstall my PC and hope my discord recover soon

Sorry again for the trouble

 

[SaltnVinegar]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

There's no way for us to track how many and who would be affected and quite simply its not our area to be caring of it either since its not our platform that its been shared around on.

You'll need to contact discord support and be hopeful that they do something to stop it, but I'm doubtful.

I believe Tazsa is not the original sender of this and its most likely someone not even on our platform so im going to move this to a more suitable sub forum.

I encourage you guys to continue discussing regardless so others can be warned.

 

[Lucids]

WARNING! Off-site contact information posted. Most scams occur off-site. Please contact members directly via EpicNPC chat. We do not investigate disputes if you communicate off-site.

There's no way for us to track how many and who would be affected and quite simply its not our area to be caring of it either since its not our platform that its been shared around on.

You'll need to contact discord support and be hopeful that they do something to stop it, but I'm doubtful.

I believe Tazsa is not the original sender of this and its most likely someone not even on our platform so im going to move this to a more suitable sub forum.

I encourage you guys to continue discussing regardless so others can be warned.

thank you for understanding

i will inform it once i got my discord back

 

[Lucids]

@Nightqueenallie @SaltnVinegar

My disord already recovered to my origin email again
i wont getting fooled by that again and i already reinstalled my PC. hope there is no harmful software again
just reminder to becareful, the hacker is so smart can pretending as someone you know

guys sorry for trouble especially to @Nightqueenallie hope everything fine as used to