Closed wadawada closed 3 years ago
@Stellarspace I dont know if it could be an extension however its a script because the code can be viewed easily and theirs no automatic updates to be abused.
Why was this closed? It is certainly an ongoing issue, as long as there are still people who aren't aware - for example, I only today found out that my instagram was compromised through this.
I think it's appropriate to have closed this, as the incident itself has ended, and the scope of the impact has been determined by community reports within the first couple days. Many of the comments after that devolved into 1:1 support and allegations about compromises (or compromise attempts) which do not appear to be related to Nano Adblocker/Nano Defender. The chance that there is another site which has been abused or accessed by the developers on many users' machines which has not been discovered is currently considered to be "low" unless additional evidence is posted. Though to be clear, I still definitely welcome new evidence, either posted here or disclosed privately.
Why was this closed? It is certainly an ongoing issue, as long as there are still people who aren't aware - for example, I only today found out that my instagram was compromised through this.
Wrong repository to talk about this issue and politics has no place on GitHub. Change your password and it will sign you out of all sessions, including the session that was hijacked. Enable 2FA if you don’t have it enabled already. Session hijacking is unavoidable on any platform when your computer is infected by malicious software.
I think it's appropriate to have closed this, as the incident itself has ended, and the scope of the impact has been determined by community reports within the first couple days. Many of the comments after that devolved into 1:1 support and allegations about compromises (or compromise attempts) which do not appear to be related to Nano Adblocker/Nano Defender. The chance that there is another site which has been abused or accessed by the developers on many users' machines which has not been discovered is currently considered to be "low" unless additional evidence is posted. Though to be clear, I still definitely welcome new evidence, either posted here or disclosed privately.
Microsoft accounts have long been targeted by malicious actors and there will always be unsuccessful login attempts that show up in the security logins. On that note, it’s become political.
Confirming Instagram, Microsoft, GitHub, each with failed login attempts as Location mismatch. Phew!
Anyone found out which cookies or request headers were leaked? Only from pages accessed in the past 14 days, or all of them?
@Windowsfreak here is some information that will help. First, did you log in to your Instagram, Microsoft, or GitHub between October 15 and October 16? If not, it is almost certainly not related to this infection. See note:
Account login attempts are suspicious, but you would have had to perform the login yourself while infected with this malware in order to divulge your password or 2FA codes (in the request headers). If you know you didn’t log in during the time frame you may have been infected, those login attempts are currently understood to be not related to this event.
If so, while the malware operator could have attempted to steal your credentials, they haven't been known to. There is additionally no way to say for sure what cookies of yours have been leaked. Both of these are because of how the malware operates.
The operator would need to send a specific event (or multiple specific events) to your browser to begin targeting those accounts of yours. They could do this per-user by sending events only to you, so there's no way to know for sure whether or not other accounts of yours were targeted unless you have traffic logs of the incident. However, they haven't been known to do so and they would have needed to send those events before you were logged in to those accounts, which the operator can't monitor, predict, or force.
Please READ the following web page for help and a detailed explanation of what happened https://github.com/jspenguin2017/Snippets/issues/5#issuecomment-713028839 https://github.com/jspenguin2017/Snippets/issues/5#issuecomment-712599645 https://chris.partridge.tech/2020/extensions-the-next-generation-of-malware/help-for-users/
other info: https://github.com/jspenguin2017/Snippets/issues/2#issuecomment-712448295 info in session cookies
If you want to rant, you can go to https://github.com/jspenguin2017/Snippets/issues/4 For other issues, you can also go to https://github.com/jspenguin2017/Snippets/issues/3 or https://github.com/jspenguin2017/Snippets/issues/2 You may have one or more or none accounts affected
If one or more of your accounts of some websites/apps has suspicious activities recently, you can use the following format to help report/confirm being compromised,
Websites already confirmed to be compromised
Instagram You can check suspicious activities by On Instagram Mobile, Settings > Security > Login Activity On Instagram Website, Settings > Login Activity On Instagram Mobile, Settings > Account > Posts You've Liked to see if you have unauthorized likes Question: need a way to remove unauthorized likes A solution: https://github.com/jspenguin2017/Snippets/issues/5#issuecomment-713626427
Websites that may be compromised, needs confirmation if it is related to this incident
Github: check the security log to see if there are failed attempts to login recently https://github.com/jspenguin2017/Snippets/issues/2#issuecomment-712522905 (2 confirmed suspicious activity with failed login) https://github.com/settings/security-log
Microsoft/Outlook account (2 confirmed suspicious activity with failed login) https://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a56-a50177863357
Twitch (Question: maybe no way to check login sessions?) https://help.twitch.tv/s/article/account-hacked?language=en_US