r/cybersecurity_help

Hi,
Tuesday night I wanted to download some software through lets say unofficial channels. When I tried to install it, Defender detected some wierd behaviour and stopped the process. So I deleted the files and went to bed, thinking nothing more of it. Turns out I should‘ve because at around 3pm yesterday Google notified me about a potential security threat on my account. When I got home and tried to start up steam my account was gone. I then started all the steps to secure my Accounts, changing Passwords, running a full system Check etc.
What I really want to know is how did they get access to my Mail Account? Like how did they figure out my password within This very Short time that they had access to my machine? And how Can I be absolutly sure that they don’t have access anymore?

I downloaded a suspicious link from the internet in attempt to download things for the Sims 4, very, very stupid of me.
So, I used both the Windows Security Manager and Malwarebytes to scan my laptop over and over and over, obsessively, and get rid of the virus. Malwarebytes told me it was a Trojan virus in particular. After that, I re-installed windows, but now I’m just completely wiping the computer, just in case. When I re-installed windows, I ran the Windows Security scan a few times over again, and everything came up clean. McAfee also showed no signs of the Trojan.
From what Malwarebytes initially showed me, I think the virus was accessing my google account information—so I changed the passwords to absolutely everything, and added 2FA to every account I could. I also changed some bank info and shut off my card, just in case. I should be somewhat okay now, right? Is there anything else I should do? I’m not very tech-savvy; I was doing some reading and people were saying to re-install windows with a usb stick, but I don’t have another windows device to do that with, and it all sounded very complicated. I’m nervous!!

Hi, is there a way for me to ask for a real report on my account and ping. I have been digitally attacked and i have made all the precautionary measures involved in securing both my computer and network to the best of my abilities. I am not that well versed in cyber security and has the bare minimum knowledge on the subject matter. Can someone at least report my ping or account to the right person or entity. There is real burden on my mental health on the subject matter because people are using "websocket and soundboards to harass me while i browse the web. they use these as a dumb way to ping points of interest and are forcing a crooked version of reinforced learning on an unwilling test subject" I have already tried using a secure password and even to the extent of going through the process of securing my computer. they even generate forced AI content on my youtube vids. while the only thing i installed is a single extension ublock origin" I cant seem to find the right medium to report this problem and it seems like local authorities are having a connivance on the subject.

a few days ago i came here to ask help for my steam account getting hacked, 3 weeks ago my instagram and gmail also got hacked but i enabled 2fa and changed my passwords and nothing happened after that.

i think this virus came from something shady that my brother downloaded, and i resetted my computer alltoghether(without using usb cus idk how that works) and after that i ran a windows defender which said i was in clear and i never connected my computer to internet nor logged in with my new information

today, i got an email like this and after changing the password like email wanted reddit just says there is an error and i cant log in to my that account, does anyone knows whats happening?

email that i got;

At Reddit, we're always watching out for your privacy, safety, and security. Recently, after detecting some technical irregularities on your account, we took the extra precaution of locking your account.

To unlock your account, reset your password now.

We recommend choosing a new password that you haven't used on Reddit or another website or app before.

To prevent your account from potential misuse, you won't be able to take part in communities or update the majority of your settings while your account is locked. Also, when you log in you'll see a red warning and a security message like this one asking you to reset your password.

If you have have questions about locked accounts or your Reddit security, check out our FAQs:

I downloaded a cracked game on d*di-repack some days ago, and got pwned by a stealer.

I've more than 80 accounts with unique password stored in my Chrome Password. I also use Windows Hello to unlock the Chrome Password.

I've Windows Defender latest update, and all modern security features enabled (kaslr, iommu, stack guard, ...). Windows Defender raised an alarm after program run, but not before - so the stealer had executed already. Network permission were also asked.

Chrome is also sandboxed, and with the latest version and Application Bound Encryption, it shouldn't be easy even if you suspend the process to do "whatever" you want with it like code injection.

The thing is, even with unique password and 2FA (SMS or Google Authenticator validation on a second device), my Amazon + Discord + Instagram account where pwned and the hacker sent cryptoscam to all my contact and bought Norton Antivirus on Amazon.

To solve this, I did :

1. A complete Windows 11 reset, without saving any documents from previous installation (outside of Windows.old directory that I deleted).
2. I changed my 80 accounts unique password, all of them. I also kicked all devices that were previously connected to such account.
3. I did setup 2FA everywhere (was missing on Discord and Instagram).

I know that a usermode program can still do a lot of stuff when it come to process memory injection and filesystem, so I should avoid running random program without containers/sandbox/vm with custom permission to ensure a program can never interact with something it isn't supposed.

My questions :

- Do we have per-desktop-app sandboxing on Windows 11 ? Kicking a fresh vm every single time you want to run a desktop app is heavy and fat, so I expect a lighter solution.

- What can I do better ? If a stealer run code on my machine, how can I ensure this can not steal session and cookies ? I know that some desktop app like Discord save the session into a file, which is trivial to copy for session stealing. Once you steal a session, you don't need any password or 2fa verification since you are already logged in.

- Some web application doesn't support 2FA, nor kicking logged device. Changing password may invalidate all active sessions, but who know. Can't we have a physical

- I disabled cookies on Chrome browser, but even with that setting I stay logged in when I close the browser. Can't we have something built-in like Tor security settings to ensure cookies are deleted on the browser close. Without such feature, this make the browser a prime target for cookies and session stealing.

For reverse engineering purpose, if you want to run the malware that stole my data, it's here : https://file138427.cloud05y.cfd/ downloadable in zip format (be carefull to not execute the setup, don't run it on your computer, use a virtual machine or a sandbox to do the analysis).

Edit : it seem the malware website is already down. But not really : they generate unique link every single time when you download a game such that you can't inspect the website. On d*di-repack when you download the game, it redirect to https://go.zovo.ink/venNqJlW then when you click the download button a single time you'll be redirected to an unique instance of the malware website. The malware website has always a "cloud" domain. Click 3 times and you are redirected to the correct game download page. This is the trick they do to spread their malware.

Note : I also downloaded a cracked IDA from Tor some month ago, and a taxi game on f*tgirl, but I would be extremely surprised if this come from here. Or my old android mobile phone (where I install only play store app).

I fell for a fake Australian sports site Rebel, who claimed to have a sale on shoes and I placed 2 orders. I only found out it was a scam because my chiropractors brother fell for the same thing, same ad on Tiktok. Completely flew past my head.

https://www.reddit.com/r/cybersecurity\_help/s/l9sNnMxrLz this guy had also been scamed, but his card blocked him but ours didn't.

So I guess the damage report is

- US credit card, which if it needs replaced will have to be sent to US relatives then to Australia

- Fake email

- 2 Australian personal phone numbers

- My address

Since I'm usually smart about this, and have never been scammed and I'm very pissed at myself for falling for it. I don't know what to do besides disputes and seeing if I receive any telemarketing on my phone. The fake email address was lost a long time ago but I constantly ignored warnings on the website about phishing to get the tracking information (the shoes have been in Hong Kong for awhile now, I don't think they've sent anything)

Virus total came clean.

www.revelsports.com.au is real

The actual site that was not real was rebelsports-aus.shop (do not visit please)

So basically i used to download stuff from pirated sites like i was tryna download cracked versions of editing softwares cuz i can't buy them. So anyways i used some shady stuff and did it half asleep which led to me getting hacked. Anyway the first time it was pretty big like they got access to my discord,gmail,microsoft email and steam. Nothing major happened as in usage of my mail or microsoft atleast afaik and the first time was like 1 month or 2 ago. All they did was use my steam to play a free game for 4 hours and use my valorant account with cheats which led to false ban until June. Fast forward next time i did same stupid thing but i learnt my lesson and decided to stop but this time my discord and insta got hacked as i could see another device logged in and a post posted from my ig by them. Anyways i changed password and reset my device both the time. I thought this was the end of it a few days back. The issue is i got a mail from riot ( valorant) that there was a suspicious login from brazil yesterday, the thing is that's not me and the account's banned. So somehow someone still got access without mfa, without me downloading anything. Can someone tell me ways to ensure nobody gets access again because i am tired of resetting and changing passwords. MFA doesn't work for me as i have authentication softwares of my phone but they somehow bypass it. I believe they might be getting access to my mail as well somehow which is how maybe they bypass mfa somehow but i am buns at security so take my beliefs with a grain of salt.

I just moved and won’t have home internet for a week or so. I also just picked up a new MacBook! I’d like to get started with setting that up (ex: downloading Office) and then start migrating stuff from an external hard drive.

Is it safe to do that over public wi-fi (Starbucks)? Or should I just wait and do everything when my internet is up?

TIA

Hi, so recently I downloaded something off a friend that was also hacked (I had no idea) and they were able to get into my main gmail, which also allowed them to get into my discord. They made it seem like my gmail account was a minor's account, allowing them to set their email as the parent email. Now any attempt of recovery won't work because I have no access to that parent email. Google support has been practically no help so far, but I wanted to know if anyone else went through this or knows a way I can potentially get it back

between work emails, texts, and group chats i deal with a lot of links and im never fully sure which are safe. hovering to read the url helps a bit but the lookalike domains are getting really hard to spot, and on mobile i cant hover at all.

what i currently do: hover on desktop to check the domain, and sometimes paste suspicious ones into virustotal. but virustotal feels clunky for everyday use and i dont always trust a "clean" result. is there a more reliable workflow?

So, I was trying to download a Launcher for a Game today. I just typed in the name online and downloaded the first thing. There was no blue warning screen for unknown publisher when I clicked on the setup.exe

It loaded and I was watching YouTube. That's when the window suddenly closed. I closed the setup.exe and opened the Browser again.

That's when I realized that a online Electronic Shop Website was on my 'Recently Visited' Tab and some random guy tried buying an iPhone.

I was messing with his stuff the entire time. Log off the website, take the order out of the shopping cart, changing the temporary email he used...

I then disconnected my Wi-Fi and Ethernet and I am now running a full Windows Scan. Malwarebytes already discovered 13 Trojans and deleted them, but that wasn't enough. The Windows Scan discovered 2 infected files.

I'm not sure what kind of hack that is, and I know I messed up by downloading the random launcher. Is there any other way that would help me get rid of this?

As of now my emails haven't been touched and no money has been taken. I can also just import important stuff from my PC on a USB Stick, I don't have much files, and completely reset the PC. But would that be necessary?

I had a token stealer malware, mainly my gaming accounts got attacked as they stole the tokens from all my apps installed on my pc, i spent a day recovering a whole bunch of my gaming accounts and steam wallet.

A week later everything seems fine except for damn EA app. Because they changed my email account (which i could instantly reverse thank god) its locked me from updating it for 30 days to a new safe one.

I've reformatted my PC, removed my microsoft password altogether and have only authenticator app that lets me in, logged out of it on my PC to be sure they dont have tokens again some how.

Yet they reset my password with emails twice a day on average, i see the email notification on my phone then its as if they get it and delete the email. This is crazy. The only thing i can think of is the security reset codes are being forwarded to them or they have access inside my email which i cannot comprehend.

Anyone here have any answers I'm at a loss for words how they are doing it

Hi all,

My sister has left an abusive marriage where she has fears that her husband was using her phone to monitor/stalk her. He is an IT professional and will have had physical access to her phone.

She's bought a new phone and wasn't sure whether to let Apple transfer her old phone to her new phone. Is it possible that any kind of spyware could get transferred from her old phone to her new phone if she does that? I've told her to err on the side of caution and not do it, which is obviously inconvenient but hopefully safer. Is that necessary or can she take the easy route and use the transfer system?

One of my friend is being blackmailed by another person who got his nudes via omegele , the person is threatening that he will share those screenshots to the knowns , need some advice or somebody who can assist me and help in this matter , please help

I received a ZIP file from a WhatsApp contact whose account appears to have been hacked. I extracted it and it contained 2 .bin files and 1 .exe file. The application closed immediately when I ran it.

Later I found that the folder couldn’t be deleted because a process called “Sandboxie COM Services (CryptSvc)” was using a file (SandboxieCrypto.exe). I ended the process in Task Manager and deleted the folder successfully.

I uploaded the file to VirusTotal and it shows 0/64 detections with a valid Sandboxie signature. My antivirus scan also found nothing.

Should I still be concerned that my PC was compromised, or does this look like a legitimate Sandboxie component? What additional checks would you recommend?

Hi guys,

I have multi factor authentication on my Microsoft and Google accounts so I haven't been hacked. However in the past few weeks I've gotten several notifications of attempted sign ins from all over the world. Of course I deny them. I've changed my passwords, but I have never gotten these attempted sign in notifications before. I haven't downloaded anything sketchy recently or changed any of my online behaviors.

Why are people suddenly trying to get into my accounts? What can I do to stop it further than what I already have? It's making me really nervous that these accounts are now under constant attack.

Thank you all!

Someone is spamming in my outlook mail with my account sending junks, idk how to stop them :( the junks are massive now its up to 60k+ mails

So my uncle recently told me that someone is using a Telegram account connected to my mother’s phone number, but neither my mother nor anyone in our family ever created a Telegram account before.

I asked my mum about it and she has no idea about it. I tried deleting the account, but the confirmation code only gets sent through Telegram itself, so I can’t log in or access it. I already reported the account to Telegram support, but I still haven’t received any reply.

What should I do in this situation? Is there any way to force delete the account connected to her number ? I’m worried someone else might be using it for something suspicious.

My device is an Apple iPhone. My Yahoo email address was found on the dark web a few months ago according to my bank provider. This morning I was trying to block and delete an email from my junk file and accidentally long pressed it and the contents showed. It contained naked pictures. I immediately clicked out of it but now I am concerned that my phone got compromised. Also, the email subject line was weird because it said 28+ and had 18 crossed out in red. By the way, I am a female and sometimes these email subject lines are addressed to a “Thomas.”

Should I worry? What should I do now? Is there anything to do to stop these emails from coming?