ISSUE REGARDING ONGOING DISCORD HACK

[pmcdonough8133]

Hi all, IAmTheBlackMetal here, I am a Chuu bot mod on discord. I figure Ish may post something here when he has a chance but until that point I would recommend removing the official Chuu bot (local instances should be fine) from your discord and warning your users about an ongoing hack that has destroyed the Chuu server.

Details: https://twitter.com/PhleBuster/status/1439285455267188741

I wish I had a better method for getting this info out but the server was destroyed before any of us could figure out what was going on.

[pmcdonough8133]

This is exactly the case and the link is in regards to how the hack works and steps to take. The issue is that the account that was stolen has access to the official Chuu bot and until we can fully survey the damage, we do not know if the bad actors have access to the bot and can thus use it to spread the hack through Chuu. Until that time, my best suggestion is to kick Chuu until we can confirm she is safe to use again. You can always re-add the bot later on.

[th0mk]

@sam-ward42 the account that owns both the server and the chuu bot itself was compromised through a token grabber like in the tweet. The token of the bot itself has also been changed by the hacker

[IzzyDotExe]

rip

[jslpc]

Thanks for the update! I wish there was a better way to let all users of the bot know about this but I'm sure that's out of the question given the situation. Really lame stuff, hope it gets fixed soon and nothing too damaging happens.

[macks2008]

Did y'all have Malwarebytes Antimalware or Norton running by any chance? curious if antiviruses have caught on to these token grabbers yet...

[liessdow]

Did y'all have Malwarebytes Antimalware or Norton running by any chance? curious if antiviruses have caught on to these token grabbers yet...

One of the tweets linked above mention that AVs fail to catch this yet.

[Prathyush-KKK]

This is just sad

[JaMeS3609]

Hi all, IAmTheBlackMetal here, I am a Chuu bot mod on discord. I figure Ish may post something here when he has a chance but until that point I would recommend removing the official Chuu bot (local instances should be fine) from your discord and warning your users about an ongoing hack that has destroyed the Chuu server.

Details: https://twitter.com/PhleBuster/status/1439285455267188741

I wish I had a better method for getting this info out but the server was destroyed before any of us could figure out what was going on.

Hi there, I am one of the staff over at Chuu'topia, a Chuu server. We are getting a fair few people join looking for your bot, we are going to try corral them together for now. Would some of your staff be interested in joining for a while to keep people updated if you intend on making another bot?

[fucksophie]

Hi all, IAmTheBlackMetal here, I am a Chuu bot mod on discord. I figure Ish may post something here when he has a chance but until that point I would recommend removing the official Chuu bot (local instances should be fine) from your discord and warning your users about an ongoing hack that has destroyed the Chuu server. Details: https://twitter.com/PhleBuster/status/1439285455267188741 I wish I had a better method for getting this info out but the server was destroyed before any of us could figure out what was going on.

Hi there, I am one of the staff over at Chuu'topia, a Chuu server. We are getting a fair few people join looking for your bot, we are going to try corral them together for now. Would some of your staff be interested in joining for a while to keep people updated if you intend on making another bot?

Hi, I'm in a server where chuu is used 24/7, and we'd like it back. We want some like, yk news about it? Like maybe throw together a chuu support server 2?

[teiraaa]

Hi all, IAmTheBlackMetal here, I am a Chuu bot mod on discord. I figure Ish may post something here when he has a chance but until that point I would recommend removing the official Chuu bot (local instances should be fine) from your discord and warning your users about an ongoing hack that has destroyed the Chuu server. Details: https://twitter.com/PhleBuster/status/1439285455267188741 I wish I had a better method for getting this info out but the server was destroyed before any of us could figure out what was going on.

Hi there, I am one of the staff over at Chuu'topia, a Chuu server. We are getting a fair few people join looking for your bot, we are going to try corral them together for now. Would some of your staff be interested in joining for a while to keep people updated if you intend on making another bot?

Hi, I'm in a server where chuu is used 24/7, and we'd like it back. We want some like, yk news about it? Like maybe throw together a chuu support server 2?

Second this, one of my servers used Chuu a lot and this has kinda left everyone in the dark, it would be really nice to have a new server to discuss it more openly and post any new info there whenever possible. :)

[ishwi]

Hi, main developer here.

First, I wanted to comment on why I didn't comment anything here yesterday. I was busy trying to protect and fix my system in order to protect from the hack that I was subjected to.

Then, I have updated the README with the current status. And with the current support server in which I will try to keep everyone updated from now on. The current server can be found in https://discord.gg/3tYsPMWvQG. As of now, I have sent 6 emails to the discord support, with no response. Is the only way I found that can be used for the issue that happened. So I'll try to wait if they respond and update them with all the information I can provide.

Additionally, I would want to apologize to everyone for the problems caused, and I'm deeply sorry for what has happened. Hope we can sort it with the discord support shortly.

[missdeath666]

Hi all, IAmTheBlackMetal here, I am a Chuu bot mod on discord. I figure Ish may post something here when he has a chance but until that point I would recommend removing the official Chuu bot (local instances should be fine) from your discord and warning your users about an ongoing hack that has destroyed the Chuu server.

Details: https://twitter.com/PhleBuster/status/1439285455267188741

I wish I had a better method for getting this info out but the server was destroyed before any of us could figure out what was going on.

Ahhhhh help so my dumb brain decided to click dat free nitro link and i was gonna create account and was in the middle of the process to be done then i thought what if it doesnt and its a scam tjen i left that link and where talking about hack and stuff so i downloaded an antivirus app and turned on extra protection for my discord. Idk if i will still get hacked 😭😭😭😭😭 help

[Eratuk]

i hope everything ends well, because this is a very good bot 😞

[xencrown]

is the bot back? i see that it is online on discord...

[ishwi]

is the bot back? i see that it is online on discord...

No I still don't have any control over the bot nor my account. The person that has hijacked my account must have put it online, and it is 100% running a different code or functionality than of the Chuu bot, probably aimed with a malicious intent. Even if it doesn't send any message, it could be scanning all the messages of the servers is in trying to recover sensitive data such as pictures, passwords, credit cards that might be lying around on discord servers.

So be aware of any possible thing that the bot might do, and as said, it is recommended to kick it from all the server that is in.

[xencrown]

is the bot back? i see that it is online on discord...

No I still don't have any control over the bot nor my account. The person that has hijacked my account must have put it online, and it is 100% running a different code or functionality than of the Chuu bot, probably aimed with a malicious intent. Even if it doesn't send any message, it could be scanning all the messages of the servers is in trying to recover sensitive date such as pictures, passwords, credit cards that might be lying around on discord servers.

So be aware of any possible thing that the bot might do, and as said, it is recommended to kick it from all the server that is in.

ok thanks, praying all goes well

[idontknowshark]

Well, that sure sucks. Any way someone could build chuu clone bot from the source code? I get that I'm asking for too much, but I really don't see any other way. RIP Chuu.

[Alipoodle]

You'd be glad to know that it's currently not being used for 100% bad stuff at the moment. Just DMed a bunch of people on a YouTube Music focused group.

Currently using Masked Links to fake a "Giveaway" although it's only to a Discord server for all the links, so not like it's getting people to download anything or go to a sketchy site.

[th0mk]

@Alipoodle Yes, its currently being used for bad stuff/ phishing by the people that have hijacked the devs account. The developer has sent multiple emails to Discord and has tried other ways of getting in touch with support faster, but no response so far. There is no way for bot developers to get priority support so we just have to wait until Discord notices the ticket, knowing Discord this can take a while/

Also just as a reminder for everyone, do not click the link and do not enter any account details.

[macks2008]

Did y'all have Malwarebytes Antimalware or Norton running by any chance? curious if antiviruses have caught on to these token grabbers yet...

I found one of them a couple of weeks ago, downloaded it through the Discord games library and then copied the files to my virtual machine. No anti-virus I have installed on there caught it so I doubt any would rn. I reported this to Discord weeks ago. It's sad nothing has been done and it's gotten as bad as a bot developer getting caught out by it

@sam-ward42 Well that's disappointing. Might want to send that file to Malwarebytes at least, via their reporting pipeline? (I shouldn't need to explain why, even if I wanted that responsibility, I don't have the executable in question)

[sowietsaufen]

Could it have hacked me if I clicked the link on my iPhone? It added me to a server and I immediately left it, I’m really worried because my Microsoft account on my phone has a lot of money spent on it and I don’t want to lose it, maybe I’m just paranoid though

[twiggobb]

i have info that probably is new. today my friend's server had a random bot invited. i was concerned, so i checked logs. turns out, chuu created a new role with admin perms, then created a new invite, then a user (Emery#1827 user id 882855159342968842) that appears to be involved in this scamming joined, was given the new role by chuu, invited another bot (Giveaways#6864 user id 824071297935605760), then user left, and chuu bot deleted the evidence. will attach the server's logs. important info is highlighted, such as time stamps to show that this was all one event that happened at the same time. left has chuu creating role + invite, user adding bot. right has new bot creating an invite thats kinda sus, and chuu bot deleting evidence

[V3ntus]

PSA: Don't give bots admin role UNLESS you are 100% confident in their security. Audit your servers. Make sure if one bot is compromised, it's not able to spread and cause more damage

@ishwi Ish, I suggest you offshore the new bot token to a hidden developer account nobody knows in the future

[ishwi]

Since it has been finally resolved with discord support, I'm closing this issue. Thanks to all for the support and help during this few weeks <3.

[macks2008]

Could it have hacked me if I clicked the link on my iPhone? It added me to a server and I immediately left it, I’m really worried because my Microsoft account on my phone has a lot of money spent on it and I don’t want to lose it, maybe I’m just paranoid though

you might be okay, but please for your own sake do not stop being paranoid. Paranoia makes you more careful, and that's exactly what these scammers want people not to do: think carefully. If you're uncertain about that Microsoft account, change your password, long out of it, and log back in. If you invalidate the session token, they can't hijack the session even if they have a clone of your phone somehow (which is unlikely).

@ishwi Glad everything is resolved. Thanks for the bot :-) @EveryoneThatGaveTheBotPermissionsItDoesntStrictlyNeed for you, I only have a Wikipedia article and this emoji