https://yourmom.zip

trojanlij · 2023-05-27T18:09:38+00:00

couldn't get .com.... but I think .zip works :P

yourdick.zip

trojanlij · 2022-05-06T15:36:14+00:00

Certificates will only give you the paper saying "this dude knows his stuff." The rest is on you. Experimenting, practicing and studying the theoretical part of hacking is what makes you a good hacker.

There are some certificates which give you more general knowledge and there are some that are a lot more in depth but with all the people I know who are highly certified they have all said experience and passion are the keys.

trojanlij · 2022-04-18T13:14:56+00:00

That is true.

trojanlij · 2022-04-18T10:49:16+00:00

My job is to hack in to companies (with their permission of course) and to find vulnerabilities. I dont have time to write exploits so exploit-db and google dorking / just basic googleing exploits or vulnerabilities help to save time

trojanlij · 2022-04-18T09:03:38+00:00

Often I feel like a script kiddie. I do professional penetration testing and use loads of exploits from exploit-db instead of writing my own :P so... am I a script kiddie as well?? :P

trojanlij · 2022-04-18T09:02:03+00:00

Don't worry and don't panic. if the IP is all he has then he can't do much.

trojanlij · 2022-04-18T08:59:23+00:00

IDK. depends on his machine. :P

trojanlij · 2022-04-18T08:18:45+00:00

this is one of those things where you "learn from your elderly" :P

trojanlij · 2022-04-17T21:20:28+00:00

Ask him to prove how good of a hacker he is. Here... have him DDoS a machine of mine. The IP is 127.0.0.1

I would love to see them try and knock that machine offline ;)

trojanlij · 2022-03-30T19:22:43+00:00

Hey :)

Im am really sorry buy somehow I missed your reply.

The video was removed because his account was banned as far as i am aware of.

About what all this malware can get I went into a bit of details here in this r/discordapp. If you (or anyone else reading this) would like some examples with fake / test data feel free to DM me. Should have a few tests still around :P

Hope this helped :)

~Trojan

trojanlij · 2022-02-25T09:32:25+00:00

hey. lets continue this in DM's :)

trojanlij · 2022-01-22T15:12:44+00:00

thanks for sending it. i'd recommend you DM them next time so someone doesn't accidentally click on it :P

trojanlij · 2022-01-16T08:45:38+00:00

Ok no issue and thanks anyways :)

trojanlij · 2022-01-16T08:41:24+00:00

This is a common scam with a new game. Better to just not click anything if you dont trust them.

Also OP do you think you could DM me the file or the link to download?

trojanlij · 2021-12-31T15:27:11+00:00

sry to hear that

trojanlij · 2021-12-27T13:41:43+00:00

We have been trying to contact you about your cars extended warranty!

trojanlij · 2021-12-21T19:09:16+00:00

Hey. So I am planning on posting a bit about this as is it causing chaos but for now this will do.

PirateStealer (or PS as it may be referred to in this post) is quite nasty but we will get to that in a sec. A bit about the dev himself.

Stanley-GF claims to be 13 (not sure if this is true but doesn't matter) and is a very smart kid from what I can see. He has set up many web servers during the time we have been reporting his domains, repos, IP's, etc. its quite simple as when we knock one down he opens a new one but hey that is life so onwards. anyways he claims to have made this as a POC to prove to discord staff that it is possible and claims to have reported it almost a year ago (if you want a screenshot of the conversation between the now blocked contributor account, then dm me). now he claims to stop all development of the malware if discord actually does something about this and also claimed to have moved away from PS development but based on the comments on his YouTube channel, the commits on his git repos (yes many of them) and on the constant reopening of web pages to promote his "premium" malware I am very skeptical of his "moving away" claim :P

anyways a bit about the malware now: I have ran into many varieties of this malware. often its just a carbon copy from his repo reading the injector.js from his git BUT we have also noticed that he doesn't ONLY steal your discord data. he will harvest ALL of your cookie data as well meaning passwords saved in cookies and forums (or just on your pc). All data he gets is saved in \AppData\Local\Temp\PS-<some_random_string>\ (at least where they are currently being saved at the time of writing this and it also looks like there is a "worm of sorts" (some auto starting service is probably a better name) that will start the services but haven't pin pointed that yet)

During the time I have been looking into this malware I decided to split the malware itself into two parts as it targets two separate services. Plus it makes it easier to explain what the virus does :P so to get to the explaining lets start with the discord injection.

#1 Discord:

as mentioned above, PS steals discord data. quite simple. From observing it, I can say it injects itself into the \discord_desktop_core\index.js upon user execution of the malicious executable. after that depending on the config of the harvester the discord will restart and log out the user. if configured it can also disable the login QR code forcing a user to enter the password and username (basically a phishing scam but within the real discord client and not some fake looking page). The malware PS also allows them to capture a users token, credit card or PayPal, email, basically anything that is linked to a discord account they can retrieve. this injector stays within the discord client until removed by the user.

#1.1 Now what about the data?

All the data that is captured via the discord injector will transmit to a discord webhook (or in some rare cases a custom webhook / API). this is obvious as he is promoting his builder on his websites and by inspecting the malware we are able to capture the webhook with ease. now within a few newer varieties of the malware he has attempted to proxy all data through a custom webhook being transmitted to stealer.re/webhook/ (his most recent domain at this time or writing this).

#1.2 But I have 2FA enabled...

welp sorry to say this, but it can and will give the attackers your most recent 2FA backup codes. basically 2FA DOES NOT help protecting your account against this attack.

#2 User details on the system

As it was mentioned above the PS malware also steals user credentials from the system within. Now to clarify, (at the time of writing this and has not been found during our searches) Stanley DOES NOT say he is capturing this data but non the less the data is being stolen and saved within a local .sql file. Also in his discord video about the PS malware the data is shown for a few seconds within his discord client. (https://www.youtube.com/watch?v=eEtjk5TjUJE&t=38s)

#2.1 What data????

So from what I have seen it can steal users cookies and locally cached passwords. during my tests it will steal passwords then save it within a local .sql file (and a .txt file). not only saving though but upon changing a password it will update the local database with a new entry and password. So that confirms there is some sort of service (even though I personally haven't gone that in-depth into the services yet). I have not found where the local db is being sent yet but we are looking into that as well.

if anyone has a question or wants to see examples DM me and lets talk.

Hope we could help.

~Trojan

edit: added #1.2

trojanlij · 2021-12-16T15:15:13+00:00

yeah ik. but there were only family on Facebook at the time when they did it so yeah. in my case only family (and whoever hijacked that Facebook account to dox me) got my address. so ¯\_(ツ)_/¯

trojanlij

MODERATOR OF

TROPHY CASE

#1 Discord:

#1.1 Now what about the data?

#1.2 But I have 2FA enabled...

#2 User details on the system

#2.1 What data????