me_irl

7631 readers

3066 users here now

All posts need to have the same title: me_irl it is allowed to use an emoji instead of the underscore _

founded 2 years ago

MODERATORS

herrwoland@lemmy.world

210

me_irl (lemmy.radio)

submitted 5 hours ago by sanitation@lemmy.radio to c/me_irl@lemmy.world

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] fartsparkles@lemmy.world 13 points 3 hours ago* (last edited 3 hours ago) (1 children)

I had to help a buddy pick up the pieces after he ran a pirated game which had, unbeknown to him, been bundled with an infostealer.

He saw a momentary CMD window too.

A couple of minutes after he ran the game, the infostealer had vacuumed up all his credentials saved in his web browser including the session token for Microsoft.

The actor behind it took control of his MS account and removed the account recovery settings he’d set (since with the session token, they didn’t even need to authenticate). Lost his email, cloud backups, Xbox everything, etc.

Microsoft weren’t much help but they did transfer his Xbox profile. Everything else, they wouldn’t help with.

Don’t run software you don’t trust, kids. At the very least run it in a sandbox or something and scan the files it unpacks with a security product or three.

[–] Droechai@piefed.blahaj.zone 3 points 1 hour ago (1 children)

I bet if he ran NetBSD he wouldnt have lost the information /joke

[–] fartsparkles@lemmy.world 3 points 57 minutes ago* (last edited 57 minutes ago) (1 children)

Funnily enough, given the payloads were .PS1 and .EXE, he probably wouldn’t have.

[–] Droechai@piefed.blahaj.zone 1 points 46 minutes ago* (last edited 45 minutes ago)

A windows (edit: Microsoft) session key would be a bit harder to extract though since he wouldnt use chromium