FA+
Shop
Don't fall for this Discord scam!
2 years ago
The big soul devouring dragon has an announcement to make... Follow every command... if you love your soul~
Whatever you do, don't fall for the scam on Discord with someone searching for someone to 'test a game'. I am seeing more and more of these Journals coming up recently.
This is almost 100% malware, which can steal your Discord account and other private data.
In some cases even browser cookies and sessions, which then enable access to most of your accounts without even needing your passwords or 2FA.
Depending on the scam/malware, it can even encrypt your data, steal it, or leak it. Every. Single. File.
I was approached by a guy on Telegram a while ago because he wanted to use my name "@Shadowcloud" on there for his 'business' of selling stolen data because he wanted to call it ShadowCloud (duh). He invited me to take a look at it, which I did under special precautions, even if it was still highly dangerous.
He shared 200-500MB zip files in his channel for free, and he also had a paid service. The zip files contained the country code of the country they were stolen from. Data ranged from simple stuff, like location, time zone, Windows profile name, etc., to uncensored screenshots, passwords, web cam images, and other account info in clear text as well as extracted browser cookies to use. To be fair, most of those screenshots showed some dumb RoBux scam, for free Roblox currency when I took a look at some samples, but that doesn't mean that those 'game developers' on Discord won't sell your data to such data-crawling malware sellers as well. I probably don't have to mention, that I didn't try to use any of the data I found, nor did I save any of the contained information.
From what I have seen, most of these scammers on Discord, try to lure you with 'free Nitro' or getting paid to test their game, but the reality is that they are either trying to steal your data or just simply your Discord account in order to scam more people. Report those people immediately! Don't click on any links!
EDIT: I am unsure what and if you can even do something if you already fell for it, but I am trying to see what can still be done.
Try to change ALL your passwords EVERYWHERE and activate "2 Factor Authentification" via "Google Authenticator" or "Authy" for example, even SMS is usually still fine.
___________________________________________________
If you want more information about the topic, as well as a demonstration of what such a 'game' will do to your PC, data, and possibly your ordinary life, look here:
https://www.youtube.com/watch?v=FLFuuxhx3RQ
So TL;DR: Don't fall for this scam. There are more and certainly different scams out there, but if it is too good to be true, then it probably isn't true! Think before you click links or run files! Activate 2FA where available and keep your passwords safe and complicated! Even if that sucks, but that's what password managers are for.
Please share this with your friends if you can. Especially those who aren't as tech savvy, because they are mostly endangered to fall for such things.
You can also ask me about a few things about this, but I am certainly not an expert in this field. However, I can give you general tech advice and suggestions with easy explanations if you need any help.
This is almost 100% malware, which can steal your Discord account and other private data.
In some cases even browser cookies and sessions, which then enable access to most of your accounts without even needing your passwords or 2FA.
Depending on the scam/malware, it can even encrypt your data, steal it, or leak it. Every. Single. File.
I was approached by a guy on Telegram a while ago because he wanted to use my name "@Shadowcloud" on there for his 'business' of selling stolen data because he wanted to call it ShadowCloud (duh). He invited me to take a look at it, which I did under special precautions, even if it was still highly dangerous.
He shared 200-500MB zip files in his channel for free, and he also had a paid service. The zip files contained the country code of the country they were stolen from. Data ranged from simple stuff, like location, time zone, Windows profile name, etc., to uncensored screenshots, passwords, web cam images, and other account info in clear text as well as extracted browser cookies to use. To be fair, most of those screenshots showed some dumb RoBux scam, for free Roblox currency when I took a look at some samples, but that doesn't mean that those 'game developers' on Discord won't sell your data to such data-crawling malware sellers as well. I probably don't have to mention, that I didn't try to use any of the data I found, nor did I save any of the contained information.
From what I have seen, most of these scammers on Discord, try to lure you with 'free Nitro' or getting paid to test their game, but the reality is that they are either trying to steal your data or just simply your Discord account in order to scam more people. Report those people immediately! Don't click on any links!
EDIT: I am unsure what and if you can even do something if you already fell for it, but I am trying to see what can still be done.
Try to change ALL your passwords EVERYWHERE and activate "2 Factor Authentification" via "Google Authenticator" or "Authy" for example, even SMS is usually still fine.
___________________________________________________
If you want more information about the topic, as well as a demonstration of what such a 'game' will do to your PC, data, and possibly your ordinary life, look here:
https://www.youtube.com/watch?v=FLFuuxhx3RQ
So TL;DR: Don't fall for this scam. There are more and certainly different scams out there, but if it is too good to be true, then it probably isn't true! Think before you click links or run files! Activate 2FA where available and keep your passwords safe and complicated! Even if that sucks, but that's what password managers are for.
Please share this with your friends if you can. Especially those who aren't as tech savvy, because they are mostly endangered to fall for such things.
You can also ask me about a few things about this, but I am certainly not an expert in this field. However, I can give you general tech advice and suggestions with easy explanations if you need any help.
Scams usually use the same approaches every time, trying to act like a friend who needs to be done a favor, no matter what. Be it to vote for a CSGO team on Steam, which redirects you to a phishing site. Or just stuff like this here.
What is new about it though, is the fact that they're now actively selling your data. Not just on the DarkWeb, no. In plain sight, with shady selling providers that don't give a shit about a takedown request. They live with this 'business model'.
I wouldn't be surprised if the the fool was somebody who hated LOS content and wanted to prevent us from getting our saving grace.
While I don't think that it is something with a hatred for the Spyro franchise, it is incredibly easy to reverse-engineer a community like furries or a small interest of gamers. When people join a discord for a certain indie game for example, an attacker at least knows that they might like this kind of game, and if they claim to be furries, they can use exactly this in the same way, probably getting more believable with each message.
Thankfully the lead dev was able to regain access and purge the hackers influence, the most they did was create a headache for everyone involved. They didn't even join the discord server although they somehow had a screenshot of it, and they just contacted the lead dev in private from what I've heard.
The only legacy that idiotic hacker will ever leave is a community in joke.
I wouldn't necessarily call those people 'hackers', as they simply use social engineering to gain access to this kind of information. 'Real' hackers seek for vulnerabilities in soft- or hardware, though if you consider people to be some kind of hardware with flaws as well, they could potentially be considered hackers xD
Social engineering references makes me think of an analogy about these" hackers" hacking the human mind/ psychology.
While I usually don't click on links on my main PC, curiosity often strikes my mind to still do so.
Though if you are tech savvy enough, or have some hardware to space, you could, potentially, try it our on a different computer or a virtual machine, even though I wouldn't suggest it, because browsers have the tendency to sync stuff and there are certain malware that can travel to other devices in your home network.
It's always good to have protection. Not just against people logging in into your accounts, but also Phishing protection. There are home-network solutions, browser add-ons and even phone apps, that can potentially prevent you from being redirected to a malicious site, that is if you know how to set them up. While I can still do that, the ordinary user might not. People are not necessarily dumb for falling for such scams, especially not if they're very well engineered, they are just not prepared... and maybe a little less careful sometimes.
I am not perfect either, I really don't wanna say that, but I am an avid user of anti-Phishing scripts, external password managers, 2FA where possible and goddamn complicated passwords that I can't even remember myself. If it helps anything? Not sure. So far none of my accounts was breached in the past 6 years.
https://www.furaffinity.net/journal/10671628/
Firefox also uses a combination of these two services and many anti virus services get their data from these services.
Usually when they flagged it as malicious, it comes up with a big red message, telling you not to proceed. Though with itch.io being a lerger site, I think Google would either flag the downloads as malicious, the specific site as Phishing, or contact the itch.io team about it, even if they have their own "Report abuse" button, I think.
I saw a couple journals coming up over the past few days and I figured I'd drop some knowledge :P
I usually know of these threats long before they go 'mainstream' because I am reading a lot of IT news and watch YouTube videos to such topics a lot!
Scammer will always be present. It's just a matter if we can fix our weakest links in security, which usually are those people, who don't know about these threats, because most information is always overly complicated. So I usually offer to explain and help with such things! So if you need any tech advice, I am usually up-to-date with most things!
Find their location
Step on them
Ez gg no re