Keylogger?

Moonhorse

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,606
There's keylogger / phishing client on the download, why are these sites allowed for months without google safe browsing or any extension / av filter to completely block them?

VirusTotal

I have friends who keep getting phished through this kind of sites, usually, I've tested many and always google safe browsing blocked them but this one has been up for months?

Where can I report this kind of sites? I can contact the game company but not sure will it help at all
 
Last edited by a moderator:
  • Like
Reactions: upnorth, stefanos, Allego and 2 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
Reserved to provide analysis details

EDIT: I couldn't find any evidence of active keystrokes monitoring. Are you sure the client has an integrated keylogger? What's your base on it?

If you or any friend found their account compromised after logging into the game with this specific client, then that does not mean a keylogger is included, but they intercept the credentials before logging you into the game. It's a third party launcher to a popular game, the jar client can have internal code to intercept the credentials on their server and then redirect to the original server. This does not mean a keylogger is introduced into the system. And since the jar client is obfuscated there is no way to check the hosts and servers used. Stick to the original client.
 
Last edited:
  • Like
Reactions: ForgottenSeer 72227, upnorth, stefanos and 1 other person
Moonhorse

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,606
RoboMan said:
Reserved to provide analysis details

EDIT: I couldn't find any evidence of active keystrokes monitoring. Are you sure the client has an integrated keylogger? What's your base on it?

If you or any friend found their account compromised after logging into the game with this specific client, then that does not mean a keylogger is included, but they intercept the credentials before logging you into the game. It's a third party launcher to a popular game, the jar client can have internal code to intercept the credentials on their server and then redirect to the original server. This does not mean a keylogger is introduced into the system. And since the jar client is obfuscated there is no way to check the hosts and servers used. Stick to the original client.
Click to expand...
These clients are very common way to get their login details and steal the gold/items from their accounts and sell on blackmarket for real money. I dont know is there keylogger included, but theres some way they can steal login info still. Maybe the site and client is safe to use but the creator have access to see peoples login details ? Usually third party gameclients are allowed to use on own risk and theres few of legit ones. Also so called keylogging is avoidable by using 2 step authenticator on email/account

Runescape / world of warcraft are popular games with chinese gold farmers making real life currency out of them

heres fun example of them:
No.1 Runescape Gold Farming Factory in China
 
  • Like
Reactions: ForgottenSeer 72227, RoboMan and stefanos
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
Moonhorse said:
These clients are very common way to get their login details and steal the gold/items from their accounts and sell on blackmarket for real money. I dont know is there keylogger included, but theres some way they can steal login info still. Maybe the site and client is safe to use but the creator have access to see peoples login details ? Usually third party gameclients are allowed to use on own risk and theres few of legit ones. Also so called keylogging is avoidable by using 2 step authenticator on email/account

Runescape / world of warcraft are popular games with chinese gold farmers making real life currency out of them

heres fun example of them:
No.1 Runescape Gold Farming Factory in China
Click to expand...
Yes sir, you got that right. In order for the jar client to work, it needs an active internet connection. So it can surely connect to the malicious server first, drop the credentials, and then redirect to the original server. That's why it's potentially dangerous. Same fact applies to bot clients (like EpicBot to automatize your playing on Runescape). When I was a kid and played RS, I got my game bank hacked twice before I realising what I was doing lol
 
  • Like
Reactions: Moonhorse

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
New Update Optimizing Safe Browsing checks in Chrome
Replies
1
Views
227
Chrome & Chromium
Bot
Bot
Moonhorse
    • Like
Social Engineering Phishing page alive for 14 days, not single vt engine detected
Replies
8
Views
588
Malware Analysis
Kongo
Kongo
Ink
    • Like
    • +Reputation
    • Thanks
Google is persistently pushing Enhanced Safe Browsing to users; and Should You Enable It?
Replies
10
Views
2,111
News Archive
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top