I had to help a buddy pick up the pieces after he ran a pirated game which had, unbeknown to him, been bundled with an infostealer.
He saw a momentary CMD window too.
A couple of minutes after he ran the game, the infostealer had vacuumed up all his credentials saved in his web browser including the session token for Microsoft.
The actor behind it took control of his MS account and removed the account recovery settings he’d set (since with the session token, they didn’t even need to authenticate). Lost his email, cloud backups, Xbox everything, etc.
Microsoft weren’t much help but they did transfer his Xbox profile. Everything else, they wouldn’t help with.
Don’t run software you don’t trust, kids. At the very least run it in a sandbox or something and scan the files it unpacks with a security product or three.
I had to help a buddy pick up the pieces after he ran a pirated game which had, unbeknown to him, been bundled with an infostealer.
He saw a momentary CMD window too.
A couple of minutes after he ran the game, the infostealer had vacuumed up all his credentials saved in his web browser including the session token for Microsoft.
The actor behind it took control of his MS account and removed the account recovery settings he’d set (since with the session token, they didn’t even need to authenticate). Lost his email, cloud backups, Xbox everything, etc.
Microsoft weren’t much help but they did transfer his Xbox profile. Everything else, they wouldn’t help with.
Don’t run software you don’t trust, kids. At the very least run it in a sandbox or something and scan the files it unpacks with a security product or three.
I bet if he ran NetBSD he wouldnt have lost the information /joke
Funnily enough, given the payloads were .PS1 and .EXE, he probably wouldn’t have.
A windows (edit: Microsoft) session key would be a bit harder to extract though since he wouldnt use chromium