#support not replying

34 messages · Page 1 of 1 (latest)

minor stratus Apr 14, 2024, 4:21 PM

First thing I would do is contact your bank and order a new bank card. The rest is just waiting for them to respond I guess, could always give the live chat a try.

white oriole Apr 14, 2024, 4:22 PM

Support are closed over the weekend, you’ll hear back tomorrow. You can also try the live support tomorrow morning, available via the chat box on account webpage.

minor stratus Apr 14, 2024, 4:24 PM

How did the "hack" happen is it a simple password leak or did you download something you shouldn't have?

Shouldn't have is the wrong term, I mean something you didn't know exactly what it was

2fa on your shadow login?

Then he must either a) have your active cookies or b) have access to your machine and using reverse dns

If you ran a cookie logger, chances are it has execution functions (not 100%) so he can then upload more malware. I would do a fresh install making sure to FORMAT ALL DRIVES when it asks in the windows setup just to be safe. If he's got past 2fa there is deffo something weird going on

What do you think it was that caused it? run a file? website?

Any chance you still have to the link to the github repo? It's cool if you don't, but yeah github is a known place for people to spread malware especially if they aren't posting the source code as well (even then it can still turn out to be malware hidden deep inside it somewhere) it deffo does sound like to me they have remote access because the cookies they steal would have to be new(ish) in order for them to login, the fact they bypassed 2fa is strange like really strange. Where do you usually login to the shadow website? is it on the pc in question or do you use a seperate device like a laptop/phone etc

I would say this is the culprate

Hmm, probably good I didn't post the link tbf, but if you look at literally one of the first lines in the index.html calls for async to be downloaded it seems HUH if you google Async you'll see its a RAT and this is more than likely what has happened pepi_sus_think

he literally named it "async src" as well like not even trying to hide it KEK

Honestly I would cancel the card and order a new one immediately, let your bank know what has happened in terms of your computer was compromised.. Next you need to download an official windows iso from microsofts website they have a "media creation tool" and re-install windows from a usb and as I said before make sure to format all the drives in the machine when you get the option to inside the windows setup

Doesn't help that it's not in english either tbf KEK

Try something quickly before

download netlimiter for me (you can google and see it's a legit program)

and if you can send some screenshots here of everything from the top to the bottom

Hmm okay everything looks normal tbf, I would just do as I said before though I know it's a pain but it does seem like your pc is compromised and they will have access to your machine until you get it off your machine

Make sure you're using an official windows iso when you re-install you can get their media creation tool from official microsoft website

also if you need any help along the way feel free to shoot me a DM FeelsThumbsUpMan I will be online for a few hours soooo

No problem at all, and yeah it's a really popular place for malware it proper kills the platform imo

It can be yes but not primarily for that, and yes that's correct

It's strange that malwarebytes didn't take care of it tbf pepeThink probably using some sort of cryptor to bypass antivirus or something

Oh, so you did get it then

It does sound like you got it then tbf, do you save your bank details inside your browser by any chance or do you manually put the details in when needed? Also just ask yourself if you ran other stuff like that before as not ever bad actor will make it known they have access to your machine like they did now and some are a lot harder to get rid of

Have you had any other transactions declined for something that wasn't shadow?

Was that from them accessing your paypal to where the card was saved, or they tried using your details to pay for something via paypal vendor

Yeah you should be alright then in terms of your card, most banks have pretty good security when it comes to unauthorized transactions

Just try not to download anything sus from anywhere KEK I know it's hard and we've all done it but hopefully it should open your eyes in the future which overall is a good thing I guess FeelsThumbsUpMan

It's honestly up to you at this point if you want to re-install or not, I personally would but I am the paranoid type so it fits me KEK

If they was actually smart, they would have had all these transactions go through and not only them tbh KEK

So I think you got off lucky kekl

Good choice honestly KEK

Might even run it in a VM and see if I can get their RDP ip address and let the host know they are using it for malicious purposes KEK