show more
If it's smart enough, then it could probably get access to accounts outside of discord.
O trusted abraker and wanted to help him “fix” it. The thing is, I still have access to my discord and I don’t know how to proceed
I managed to contact abraker on another platform. DO NOT CLICK THAT CRAP.
Block him in discord too.
i forgot that he's a GMT
So, when abraker got hacked and lost access to his account, he tried messaging through Angie. The message was deleted by the fake abraker.
I just trolled the guy.
time to save OT
In case you ask, we're talking through MAL.
Update
Otherwise it is probably a Discord token grabber and nothing more.
LastPass and 1Password are great tools, and Microsoft Edge also has a password manager for making secure passwords and not remembering them.
Spinning up VirtualBox soon.
im not gonna read all of that, but i assume you know what your doing
Only by inserting the installation disk while the system is off, then booting right into the installer, or by using a DVD/Blu-ray disc to install your OS, would it guarantee to work; A virus would be able to infect the files of a read-write medium (USB drive) if you insert it while the OS is running. (Even a Linux installer could be infected.)
Do not trust any program in your old partition/harddrive. A well-made virus could infect all of them.
(I assumed the BIOS couldn't be infected. BIOS infections aren't common nowadays.)
How do people fall for that still, really baffles me.
show more
Noooo it was not me i totally didn't lock abraker out of his accounts because he locked the thread
I repeat it was not mw
I repeat it was not mw
I just talked to him a little bit ago on a different account. Please do not accept any links the abraker account may send over the next few days.
This is the most incompetent “hacker” I clicked his link 2 times, and I still have my discord intact lol
Os: you guys know if it does anything else besides the discord thing?
Os: you guys know if it does anything else besides the discord thing?
why the hell would you do that lolPolyspora wrote:
This is the most incompetent “hacker” I clicked his link 2 times, and I still have my discord intact lol
Os: you guys know if it does anything else besides the discord thing?
If it's smart enough, then it could probably get access to accounts outside of discord.
Stomiks wrote:
why the hell would you do that lolPolyspora wrote:
This is the most incompetent “hacker” I clicked his link 2 times, and I still have my discord intact lol
Os: you guys know if it does anything else besides the discord thing?
If it's smart enough, then it could probably get access to accounts outside of discord.
O trusted abraker and wanted to help him “fix” it. The thing is, I still have access to my discord and I don’t know how to proceed
Here's what I might do: Probably log out of everything on the computer you clicked the link on, and on a different device, change your passwords. Keep a close eye on your accounts' activity over the next few daysPolyspora wrote:
Stomiks wrote:
why the hell would you do that lolPolyspora wrote:
This is the most incompetent “hacker” I clicked his link 2 times, and I still have my discord intact lol
Os: you guys know if it does anything else besides the discord thing?
If it's smart enough, then it could probably get access to accounts outside of discord.
O trusted abraker and wanted to help him “fix” it. The thing is, I still have access to my discord and I don’t know how to proceed
alright, so the hack is from something that would never expected it to be
https://prnt.sc/MHWNqAewyzBH
this is one of my friends who got hacked too
https://prnt.sc/MHWNqAewyzBH
this is one of my friends who got hacked too
Topic Starter
I managed to contact abraker on another platform. DO NOT CLICK THAT CRAP.
Block him in discord too.
wait if his discord got hacked than why ist he a gmt anymore
also i want gmt
also i want gmt
cause more than just his discord got hacked.HoosierTransfer wrote:
wait if his discord got hacked than why ist he a gmt anymore
also i want gmt
I will be gmt
hacker kicked me from ot!neus, seems I hit a very small nerve in the nsfw channel.
oh bruh wtf did i woke up to
Sies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
Thanks for the helpsynthwavesquid wrote:
Patatitta wrote:
wait wtf happenedcommunity/forums/topics/1628821?n=1z0z wrote:
wait what
i'll just direct you guys to this thread for context ^
Don't worry, I'm here to save you OT.
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
I guess this event was short-lived.
Sooo death… uhhh when are you gonna update abraker lock thread
Topic Starter
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
checked the audit log and ippe, wither and angiee got banned. wtf happened in the server when it first went down, i was sleepineblf2013 wrote:
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
Wither did some naughty stuff and angie got banned probably for exposing the hackerCerno wrote:
checked the audit log and ippe, wither and angiee got banned. wtf happened in the server when it first went down, i was sleepineblf2013 wrote:
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
Topic Starter
TIL Angie is Abraker's sister.ShinRun wrote:
Wither did some naughty stuff and angie got banned probably for exposing the hackerCerno wrote:
checked the audit log and ippe, wither and angiee got banned. wtf happened in the server when it first went down, i was sleepineblf2013 wrote:
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
So, when abraker got hacked and lost access to his account, he tried messaging through Angie. The message was deleted by the fake abraker.
Letsssss gooooooooeblf2013 wrote:
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
Well, F.
ippe also showed the deleted message through a screenshot, the same one I posted over in community/forums/posts/8745363 (though I cropped it a bit) hacker deleted entire conversation and banned ippeeblf2013 wrote:
TIL Angie is Abraker's sister.ShinRun wrote:
Wither did some naughty stuff and angie got banned probably for exposing the hackerCerno wrote:
checked the audit log and ippe, wither and angiee got banned. wtf happened in the server when it first went down, i was sleepineblf2013 wrote:
What do you mean the OT!neus server is screwed.Stomiks wrote:
I guess this event was short-lived.
So, when abraker got hacked and lost access to his account, he tried messaging through Angie. The message was deleted by the fake abraker.
I just trolled the guy.
anything but thisKarmine wrote:
Time to make manish GMT to save OT
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
death is already here but you can join himSies wrote:
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
in this new era of ot we’ll be having 2 overlordsz0z wrote:
death is already here but you can join himSies wrote:
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
Sies & Me.Cerno wrote:
in this new era of ot we’ll be having 2 overlordsz0z wrote:
death is already here but you can join himSies wrote:
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
u are quite possibly the least qualified person to be in charge of a communityPuck- wrote:
Sies & Me.Cerno wrote:
in this new era of ot we’ll be having 2 overlordsz0z wrote:
death is already here but you can join himSies wrote:
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
it's death and siesCerno wrote:
u are quite possibly the least qualified person to be in charge of a communityPuck- wrote:
Sies & Me.Cerno wrote:
in this new era of ot we’ll be having 2 overlordsz0z wrote:
death is already here but you can join himSies wrote:
:<Clicky- wrote:
oh yeah, SiesCerno wrote:
oh bruh wtf did i woke up toSies probably? I know he checks ot infrequentlyz0z wrote:
in the meanwhile, who would cover for the gmt?
i forgot that he's a GMT
time to save OT
McEndu also got phished but be transferred one of his server ownership to me before the hacker can get to it
is this a server attackShinRun wrote:
McEndu also got phished but be transferred one of his server ownership to me before the hacker can get to it
Idek but I like how McEndu trusted me enough even though we only had a handful of interactionz0z wrote:
is this a server attackShinRun wrote:
McEndu also got phished but be transferred one of his server ownership to me before the hacker can get to it
Topic Starter
In case you ask, we're talking through MAL.
i would say that's probably a account abarker forgot about that came in handyeblf2013 wrote:
In case you ask, we're talking through MAL.
Ah, this is the first time I seen a normal abraker.
Context: I joined in Off-Topic right after abraker claimed to be GMT - I guess, so I'm unaffected by his GMT promotion that time.
Context: I joined in Off-Topic right after abraker claimed to be GMT - I guess, so I'm unaffected by his GMT promotion that time.
that was my plan from the start, revengeShinRun wrote:
McEndu also got phished but be transferred one of his server ownership to me before the hacker can get to it
whatManishh wrote:
that was my plan from the start, revengeShinRun wrote:
McEndu also got phished but be transferred one of his server ownership to me before the hacker can get to it
What the fuck?
I just woke up and had the most eerie feeling I was being stalked outside my home, and then I see this thread.
I just woke up and had the most eerie feeling I was being stalked outside my home, and then I see this thread.
wdym? You got hacked too?McEndu wrote:
Various things I can confirm about the hack:I am still trying to identify the damage done to my side. Also, the script kiddie hosted the trojan on itch.io (deadtriggerofficial.itch.io), so try to send itch.io a contact email if you can.
- The program uses JavaScript heavily; its icon even gives it away as a Node.js bundle.
- It gets on to mainly your Discord. People have also confirmed that osu! credentials are stolen.
Quite a few people got hacked about this.Corne2Plum3 wrote:
wdym? You got hacked too?McEndu wrote:
Various things I can confirm about the hack:I am still trying to identify the damage done to my side. Also, the script kiddie hosted the trojan on itch.io (deadtriggerofficial.itch.io), so try to send itch.io a contact email if you can.
- The program uses JavaScript heavily; its icon even gives it away as a Node.js bundle.
- It gets on to mainly your Discord. People have also confirmed that osu! credentials are stolen.
stand back fuckers. edge lord finna send nip pics to this fake ass wanna be without their consent.
I always wonder what the point of these discord hacks are, like, yeah, you grab accounts, but for what
Probably for selling or being used for bots.
No way this was pure coincidence. The moment i joined the discord server a few days ago, Chaos happens 
what is brunxkd anyway
it would be funny if the old server is nuked and make a new one
OT!neus S2
OT!neus S2
just saying, us at NEOS are getting a bit lonely ngl.Clicky- wrote:
it would be funny if the old server is nuked and make a new one
OT!neus S2
Gotta find the link, it's like a puzzle gameClevelandsMyBro wrote:
just saying, us at NEOS are getting a bit lonely ngl.Clicky- wrote:
it would be funny if the old server is nuked and make a new one
OT!neus S2
wdymClevelandsMyBro wrote:
just saying, us at NEOS are getting a bit lonely ngl.Clicky- wrote:
it would be funny if the old server is nuked and make a new one
OT!neus S2
frfr thats the fun of itKarmine wrote:
Gotta find the link, it's like a puzzle gameClevelandsMyBro wrote:
just saying, us at NEOS are getting a bit lonely ngl.Clicky- wrote:
it would be funny if the old server is nuked and make a new one
OT!neus S2
ok i was wondering, how abraker gonna recover his account
get a new email and contact ppyManishh wrote:
ok i was wondering, how abraker gonna recover his account
like forget the previous account for forever?HoosierTransfer wrote:
get a new email and contact ppyManishh wrote:
ok i was wondering, how abraker gonna recover his account
no have ppy change his account email and password to the new emailManishh wrote:
like forget the previous account for forever?HoosierTransfer wrote:
get a new email and contact ppyManishh wrote:
ok i was wondering, how abraker gonna recover his account
i am unable to dpkg the payload
anyone know what to do
edit: it is weird code not compressed
i found this inside of it ["glob","minimatch","node"]
anyone know what to do
edit: it is weird code not compressed
i found this inside of it ["glob","minimatch","node"]
Topic Starter
Update
itt: discord bad
well, this one will go down in history.
I feel like this should be common sense, but I guess it's not. Don't provide links to malware here. If people are interested, use PMs or preferably a different platform please.
I think I can get how his osu! account was screwed...He used the same password on multiple platforms.eblf2013 wrote:
Update
Otherwise it is probably a Discord token grabber and nothing more.
LastPass and 1Password are great tools, and Microsoft Edge also has a password manager for making secure passwords and not remembering them.
Spinning up VirtualBox soon.
Thanks. Though posts that don't have the extracted malware snippets or the GitHub links shouldn't be deleted IMO...Death wrote:
I feel like this should be common sense, but I guess it's not. Don't provide links to malware here. If people are interested, use PMs or preferably a different platform please.
Hiw are you guys talking with abraker
To summarize my current findings:
- The EXE file has a Node.js icon. The version of Node.js is also written in the resources section; I can only remember the major version number 14.
- The program is ran as a command line app. Once it is run, it opens a terminal window, minimizes it, kills your browser and Discord, then reopens Discord. The reopened Discord appears to work normally, but I believe that they injected their code in it.
- The terminal window did not close while the malware is running. My theory for the reason behind is that the terminal window, conhost.exe, is the trojan's parent process, and closing the terminal window kills the trojan. I can't preclude the possibility of installing an operating system service, though.
- Opening the file using a plain text editor, you can find long pieces of plain JavaScript embedded in the middle and at the end.
- You can see the variables PAYLOAD_POSITION and PAYLOAD_SIZE in the script at the end. Doing a Ctrl+F search and you have something more interesting...In the JavaScript data in the middle of everything, the exact same variables are assigned a number.
- Combined with variable names, we have located the actual package that does the dirty work. An invocation of the Unix command dd, and the package is extracted.
- The trailing script should not be discarded yet...The package itself does not contain any info on how to extract from them, and it is in the trailing script. The data is also stored in a very easy to access location -- at the very end of the script. These data gives away the location of each file in the package, and (deduced by analysis of the script) also gives away the compression algorithm used for each file.
- While the package contains many files, it turns out that many of them are dependencies, which I promptly ignored. (Should the actual script portion consist of more files, I would write a script to extract the files.) I used dd to manually extract the core script file, a dependency listing, and a JSON containing a key to somewhere.
- Unfortunately the script is compiled to V8 bytecode, which impeded further analysis as I can't find a good decompiler. I suspect however that it is a GitHub-sourced stealer with minimal modifications.
i was about to say "the world was ending" until i saw thatMcEndu wrote:
Let me summarize the current findings:I am going to put it in a virtual machine some time later.
- The EXE file has a Node.js icon. The version of Node.js is also written in the resources section; I can only remember the major version number 14.
- Opening the file using a plain text editor, you can find long pieces of plain JavaScript embedded in the middle and at the end.
- You can see the variables PAYLOAD_POSITION and PAYLOAD_SIZE in the script at the end. Doing a Ctrl+F search and you have something more interesting...In the JavaScript data in the middle of everything, the exact same variables are assigned a number.
- Combined with variable names, we have located the actual package that does the dirty work. An invocation of the Unix command dd, and the package is extracted.
- The trailing script should not be discarded yet...The package itself does not contain any info on how to extract from them, and it is in the trailing script. The data is also stored in a very easy to access location -- at the very end of the script. These data gives away the location of each file in the package, and (deduced by analysis of the script) also gives away the compression algorithm used for each file.
- While the package contains many files, it turns out that many of them are dependencies, which I promptly ignored. (Should the actual script portion consist of more files, I would write a script to extract the files.) I used dd to manually extract the core script file, a dependency listing, and a JSON containing a key to somewhere.
- Unfortunately the script is compiled to V8 bytecode, which impeded further analysis as I can't find a good decompiler. I suspect however that it is a GitHub-sourced stealer with minimal modifications.
im not gonna read all of that, but i assume you know what your doing
I think that installing a new harddrive, or shrinking the old Windows partition to make space for another OS, could also work. Should the malware autorun, a fresh installation of Windows or Linux wouldn't recognize the old installation's autorun (service) data, and the malware would not be able to plague your system immediately after its installation.eblf2013 wrote:
Update
Only by inserting the installation disk while the system is off, then booting right into the installer, or by using a DVD/Blu-ray disc to install your OS, would it guarantee to work; A virus would be able to infect the files of a read-write medium (USB drive) if you insert it while the OS is running. (Even a Linux installer could be infected.)
Do not trust any program in your old partition/harddrive. A well-made virus could infect all of them.
(I assumed the BIOS couldn't be infected. BIOS infections aren't common nowadays.)
my dumbass cant comprihend whatever tf yall are on about but aight
making space for a fresh install of an os will give leeway to get away from the malware as long as you don't turn on the os itself while installing a osCerno wrote:
my dumbass cant comprihend whatever tf yall are on about but aight
is that me or is the ot-chat back again?
You can't write here... This is also here you can see new peopleAireunaeus wrote:
is that me or is the ot-chat back again?
I quit ot neus since they pass ownerwhip to other person.Aireunaeus wrote:
is that me or is the ot-chat back again?
I have a completely different theory that may blow everyone's minds here.Clicky- wrote:
i have a theory that McEndu is probably the hacker
I am interestedColdTooth wrote:
I have a completely different theory that may blow everyone's minds here.Clicky- wrote:
i have a theory that McEndu is probably the hacker
do it for the vineColdTooth wrote:
I have a completely different theory that may blow everyone's minds here.Clicky- wrote:
i have a theory that McEndu is probably the hacker
Set my virtual machine up, would destroy it now 
(Also want to play Quake II in it, because VirtualBox has some neat 3d acceleration in place)
Also interested in how well can the script kiddie speak chinese (please send him 我想聴你説一句中文,可不可以喵?)
(Also want to play Quake II in it, because VirtualBox has some neat 3d acceleration in place)
Also interested in how well can the script kiddie speak chinese (please send him 我想聴你説一句中文,可不可以喵?)
Test using a virtualized Windows 10:
- The malware process calls itself Node.js JavaScript Runtime.
- The malware requires conhost to run as intended. If the new Windows Terminal is used as the default console program (in place of conhost), the malware would only minimize and fail to go to the background.
- Once it goes into the background, it crashes and reopens Discord. After reopening Discord (now with malicious code injected), the Node.js process exits.
- Until you terminate Discord, everything works fine...but on the next time you open it, any trace of you having logged in would be gone! The QR code also takes infinitely long to load -- acceptable in the communist internet (of China), but definitely weird in America and Europe.
- Task Manager reveals no new startups other than the hijacked Discord.
- You can no longer trust the Discord on the machine. For your safety, reboot, delete the entire Discord folder, then download a fresh installer.
- One last thing...Quake II ran smoothly on the virtual machine.
hahaha what
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
^Serraionga wrote:
hahaha what
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
if someone will say try my game I will try it
If someone advertises their game to me in DM they can fuck offManishh wrote:
good person, if someone will say try my game I will try it
Anyone can fall for scams regardless of their intelligence level. As we get smarter, so do the scammers.
I tried to find out the possible malware service by changing the system language to my native language, Chinese. I then singled out the following running apparently system services whose descriptions are not localized:
and the chain goes on terminating at the actual stupid guy making the blunder
- AppX Deployment Service
- Base Filtering Engine
- Client License Service (ClipSVC)
- CoreMessaging
- Security Accounts Manager
I think abraker actually got the thing from an hijacked account of someone close to himSerraionga wrote:
hahaha what
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
and the chain goes on terminating at the actual stupid guy making the blunder
Still a massive blunder imo, shouldn't even trust close ones or yourself, let alone have them ask the whole ordeal of them hijacking your account w/ a "pls test me game".McEndu wrote:
I think abraker actually got the thing from an hijacked account of someone close to himSerraionga wrote:
hahaha what
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
and the chain goes on terminating at the actual stupid guy making the blunder
How do people fall for that still, really baffles me.
you are underestimating the most important tool for hacking -- social engineeringColdTooth wrote:
Still a massive blunder imo, shouldn't even trust close ones or yourself, let alone have them ask the whole ordeal of them hijacking your account w/ a "pls test me game".McEndu wrote:
I think abraker actually got the thing from an hijacked account of someone close to himSerraionga wrote:
hahaha what
i struggle to believe abraker actually made such a blunder
like, why the fuck would you click random links from strangers in [Current Year]. phishing scams have been a thing long before any of us were born, and people still fall for them somehow
and the chain goes on terminating at the actual stupid guy making the blunder
How do people fall for that still, really baffles me.
people need to know that it's a scam in the first place before they can avoid it at all
even then, other factors still apply
even then, other factors still apply
*insert a neofetch screenshot here*
he's indian.McEndu wrote:
Set my virtual machine up, would destroy it now
(Also want to play Quake II in it, because VirtualBox has some neat 3d acceleration in place)
Also interested in how well can the script kiddie speak chinese (please send him 我想聴你説一句中文,可不可以喵?)
thank you for confirming it! thats what happened to me!McEndu wrote:
Test using a virtualized Windows 10:
- The malware requires conhost to run as intended. If the new Windows Terminal is used as the default console program (in place of conhost), the malware would only minimize and fail to go to the background.