So I’ve been using computers ever since I learned how to move my hands. There are pictures of me, as a baby, in front of a CRT monitor using my grandma’s computer.
Like many of my generation, I’ve done everything - from sharing MIDI files of the Star Wars theme song over ICQ to downloading incredible amounts of pirated content over LimeWire to modifying MSN Messenger to mess with my friends, to (shamefully) cheating on Grand Chase to (failing) to multiply my RuneScape gold.
I’ve installed Russian versions of Windows XP with crazy black and cyan themes and weird screensavers. I’ve cracked Adobe programs with a random file I’ve found somewhere.
I’ve ran my Windows 10 system with Windows Defender disabled, no UAC, no firewall and no updates for half a decade.
And yet, today, on Windows 11 with all the security features enabled (including the whole virtualization layer) I’ve caught my first malware. And it’s totally my fault: I’ve fell for the “Hey long term commercial partner, here’s an invoice for our latest negotiation, I’ve zipped it and the password is xxxxx” and that was about it. As soon as my brain realized what I had just opened, it was too late - even though I immediately disconnected my computer from the internet, the program took my session cookies and all my online accounts immediately started getting hammered with login attempts and several successful ones.
So I’ve just wasted an entire day resetting every single password, revoking all logins, deleting credit card information and changing 2FA - for over 120 online accounts. So yeah, don’t me like me, don’t get too confident - even if you’re familiar with the scam, it can happen to you in a moment of distraction. Also, Windows Defender’s “behavior analysis” is incredibly dumb and won’t save you.
This being Lemmy, let me also make something clear: I use Linux for most tasks, but for work-related reasons I need Windows software so I have a Windows partition that is also synced to my browser (with all the passwords and etc).
Was it an actual zip file that managed to exploit some vulnerability in the program that opened it or was it something like “filename.zip.exe” and windows hid the .exe part?
This is the first time you noticed you caught a malware. I wouldn’t be so confident about never having caught one and Im way more paranoid than you. This one was just really noisy.
Probably - specially during my teenage years. But to be fair, I never had any accounts reporting logins from unknown devices, leaked photos or any other issues to this day, and some of those like my Google account have existed for over 15 years. Except right now with this hack.
Those are just some uses of malwares. It’s not always that noticeable.
You can be the most diligent, tech-savvy, cyber warfare general of nato and all it takes is one second of not thinking and a click…
I totally never accidentally fell for the spam awareness email at Monday at 8am before my caffeine to hangover ratio was balanced while being the admin.
This might have been avoidable using a software firewall that doesn’t defacto allow outbound connections.
That’s a big maybe.
Wait so you were logged into sensitive accounts? If you weren’t, then your accounts wouldn’t have been as compromised?
My work-related accounts do not use a traditional password system, so they were all safe. The session cookies expire super quickly, I need actually robust 2FA to log in, and they all log in using a specific service that will block the suspicious activity quite well (and warn IT). Those were untouched and I’ve monitored any attempted logins and there were zero.
But my personal accounts? Yes, most have been hijacked by the session cookie itself, while many others were stolen directly from Google Chrome’s password manager.
So I’m guessing they grabbed the %appdata% for Chrome and were able to get the passwords out of that?
That’s what I’d guess too, though I’m not a programmer so I don’t really know. All my accounts that were logged in by myself were immediately compromised, while accounts I hadn’t logged in in months (and had no active cookies) started getting logins after about 30 minutes - no passwords being reused at all. So I can only guess they took the data from Chrome, where all passwords were saved.
A cautionary tale from the digital trenches. Good luck with the cleanup.
And here I am, emailing password protected zip files to people when the documents are not to be scanned by my mail provider.
