Keylogger?

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,726
There's keylogger / phishing client on the download, why are these sites allowed for months without google safe browsing or any extension / av filter to completely block them?

VirusTotal

I have friends who keep getting phished through this kind of sites, usually, I've tested many and always google safe browsing blocked them but this one has been up for months?

Where can I report this kind of sites? I can contact the game company but not sure will it help at all
 
Last edited by a moderator:

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,473
Reserved to provide analysis details

EDIT: I couldn't find any evidence of active keystrokes monitoring. Are you sure the client has an integrated keylogger? What's your base on it?

If you or any friend found their account compromised after logging into the game with this specific client, then that does not mean a keylogger is included, but they intercept the credentials before logging you into the game. It's a third party launcher to a popular game, the jar client can have internal code to intercept the credentials on their server and then redirect to the original server. This does not mean a keylogger is introduced into the system. And since the jar client is obfuscated there is no way to check the hosts and servers used. Stick to the original client.
 
Last edited:

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,726
Reserved to provide analysis details

EDIT: I couldn't find any evidence of active keystrokes monitoring. Are you sure the client has an integrated keylogger? What's your base on it?

If you or any friend found their account compromised after logging into the game with this specific client, then that does not mean a keylogger is included, but they intercept the credentials before logging you into the game. It's a third party launcher to a popular game, the jar client can have internal code to intercept the credentials on their server and then redirect to the original server. This does not mean a keylogger is introduced into the system. And since the jar client is obfuscated there is no way to check the hosts and servers used. Stick to the original client.
These clients are very common way to get their login details and steal the gold/items from their accounts and sell on blackmarket for real money. I dont know is there keylogger included, but theres some way they can steal login info still. Maybe the site and client is safe to use but the creator have access to see peoples login details ? Usually third party gameclients are allowed to use on own risk and theres few of legit ones. Also so called keylogging is avoidable by using 2 step authenticator on email/account

Runescape / world of warcraft are popular games with chinese gold farmers making real life currency out of them

heres fun example of them:
No.1 Runescape Gold Farming Factory in China
 

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,473
These clients are very common way to get their login details and steal the gold/items from their accounts and sell on blackmarket for real money. I dont know is there keylogger included, but theres some way they can steal login info still. Maybe the site and client is safe to use but the creator have access to see peoples login details ? Usually third party gameclients are allowed to use on own risk and theres few of legit ones. Also so called keylogging is avoidable by using 2 step authenticator on email/account

Runescape / world of warcraft are popular games with chinese gold farmers making real life currency out of them

heres fun example of them:
No.1 Runescape Gold Farming Factory in China
Yes sir, you got that right. In order for the jar client to work, it needs an active internet connection. So it can surely connect to the malicious server first, drop the credentials, and then redirect to the original server. That's why it's potentially dangerous. Same fact applies to bot clients (like EpicBot to automatize your playing on Runescape). When I was a kid and played RS, I got my game bank hacked twice before I realising what I was doing lol
 
  • Like
Reactions: Moonhorse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top