u/Crystal_Blister

Hi, probably a stupid question as I assume these kinds of things will probably last a very long time, however it feels like even though I'm on day 16 since I ran the malware by accident the attacker hasn't really slowed in attempts to target me.

I posted a timeline before but just a tldr, before he got into my discord, my ubereats, a family members email, my email, my family members twitter, an old linkedin i had from years ago, and possibly another family members linkedin has been getting suspicious viewings from an account with a similar name to an account the attacker followed on the first family members twitter.

These were during the first 2 weeks, after the discord, ubereats, and emails is when I realised they were in my accounts and I changed those passwords. I had forgotten a couple things which were the linkedin, and my family members twitter, and so I changed those after.

Now since my last post he attempted to login to an apple account that I had back in 2015 that I forgot about (I received a random verification code in my SMS), a Ubisoft account from 2014 that I haven't used in many years (Got an alert of a suspicious login), and so I spent many hours moving everything I could across to a new email address, went in and searched my email for every account I had ever made and changed all those passwords to randomised passwords, changed them to my new email when possible, and I also got a new phone number and moved all SMS 2FA to those, or added them to a new app authenticator if possible. Now today I've received 3 phishing emails (one being a sign up for some porsche account, a very obviously fake voucher for a grocery gift card, and a paypal email which may have been real but I had changed the linked email to my paypal already so I don't trust it) and also a suspicious phone call from another country which I didn't answer in the span of 2 hours today.

This feels like it's getting ridiculous, when doing some searching it said that by day 14 it should begin to slow down and will most likely be automated by bots but obviously that's not going to be accurate all the time, and the phone call really set me over the edge in terms of the feeling of my privacy being violated. Will this ever stop? Do I just need to cancel every account I had so they'll leave me alone? Also they most likely have my address from the ubereats breach, is there any likely major risks that I should take a precaution for? I've already notified my mobile service provider and been to my bank regarding this.

Thanks.

Hi,

Posting this from another sub, trying to make sure I cover all bases so sorry if you see this in more than one subreddit. Sorry in advance if this is a long post, any and all advice is extremely appreciated. For some background I am extremely paranoid, I suffer from horrible anxiety and this has been the most stressful 2 weeks of my life so I am a bit panicked still. I've tried to write down a sort of timeline of the events from memory but I'm still extremely shaken so if I need to clarify anything please let me know.

TLDR; downloaded an infostealer, stole some session tokens and did stuff, got into accounts using saved passwords of mine and a family members, some weird stalking stuff potentially from the same guy to another family member but possibly my paranoia. Don't know if all my procedures were enough as I am paranoid.

21st April at 5 PM I tried to download and run a game (was a visual novel and the file was the infamous renpy one that i now know exists) but ran an infostealer and didnt realise it.

22nd April 3 am Discord mr beast crypto messages sent out, account was restricted from typing messages by discord.

1 pm UberEATS breached, and hacker spent about 300 dollars on ubereats orders to random addresses around the country. When I went to type to a delivery driver it said the hacker sent a message to not make a phone call and to drop off the food without ringing the bell. I sent a message in the chat telling him that my account was hacked and I did not place this order, and to help me get in touch with uber support if possible and the hacker replied on my account "This is none of your concern, this is a normal uber eats delivery order."

Cancelled all bank cards at this point

Potentially Instagram at some point as I got a suspicious sign in blocked alert or something similar, I don't fully remember what it said now.

Tried to reset all my passwords but accidentally missed one email and riot account.

Began doing antiviruses to wipe out the virus.

23rd April Family members email address was breached (was saved to pc didn't realise)

Same family members abandoned twitter was breached, hacker got in via a email verification code as it wasn't saved to my pc. This is how we realised he was in their email.

This is where a really weird thing happened, we checked the twitter and saw it was following an account that hadn't posted since 2019 and its only posts were just links to a facebook account. Another family member of mine recognised the name and said they think they've been seeing that name in their facebook suggested friends and also viewing their linked in. Over the next couple days all of a sudden their work email started getting snapchat phishing emails and then their CEOs email address was masked to send an email to other members of their company. This could be an unrelated thing and this family member may be mistaking the name due to our paranoia being heightened but this terrified us.

30th April 2 AM one of my riot accounts i forgot to change my password on was breached

8 AM my 2nd email address got logged into (no session token, forgot to change password on this one)

The hacker attempted to reset my jagex account via email, jagex couldn't find login and then he deleted the email. This was how I realised he was in my email. Performed mass reset of all passwords again and did sign out on all devices.

1 PM hacker was still in my email as outlook takes 24 hours to log out all devices, got into an abandoned linkedin from over a decade ago that I never even verified my identity on using an email verification as I didn't have this saved to my PC either. Could not get into this linkedin to change details as it still asks for me to submit identity verification which at this point I am not willing to do due to the risk.

At this point did diskpart clean all on all my drives, made USB windows 11 installer on separate computer and booted into this. Did diskpart clean all on OS drive, then removed all partitions on all drives and reinstalled windows.

Proceeded to make new email address on different service and started moving everything across.

2nd May Facebook randomly reverted my email back to old email address, could not find email confirmation of this in current or previous email inboxes, checked logins for suspicious activity and found nothing, checked facebooks emails sent section and could not see any emails sent that evening regarding this. Googled and came up with that facebook could have reverted this automatically. Instagram was no longer linked in account center to facebook, which I found online should not happen automatically but could be a bug due to them no longer linking to the same email. Paranoid I reset everything again.

I've been resetting my passwords constantly using random letters numbers and characters and for the time being using pen and paper as I'm worried that somehow they may still be on my pc if I download a password manager. Also been changing all accounts email addresses I can to my new email.

Something I noticed is on occasion but not every time when I boot my PC i see a few cmd windows open and close, I checked regedit, did a powershell command to check startup history, checked startup programs, ran nirsoft lastactivityview and could not find anything suspicious, could possibly be bitdefender, steam, or a windows startup process causing it based on google results.

I'm not very well versed when it comes to cybersecurity and this has ultimately traumatized me to the point where I'm in a constant state of panic and I need to know if I'm okay. I'm trying to learn and have been taking this extremely seriously but I'm terrified.

Hi,

Posting this from another sub, trying to make sure I cover all bases so sorry if you see this in more than one subreddit. Sorry in advance if this is a long post, any and all advice is extremely appreciated. For some background I am extremely paranoid, I suffer from horrible anxiety and this has been the most stressful 2 weeks of my life so I am a bit panicked still. I've tried to write down a sort of timeline of the events from memory but I'm still extremely shaken so if I need to clarify anything please let me know.

TLDR; downloaded an infostealer, stole some session tokens and did stuff, got into accounts using saved passwords of mine and a family members, some weird stalking stuff potentially from the same guy to another family member but possibly my paranoia. Don't know if all my procedures were enough as I am paranoid.

21st April at 5 PM I tried to download and run a renpy visual novel I tried to download but ran an infostealer and didnt realise it till my accounts started getting breached. Thought maybe the game file was broken. Stupid, I know.

22nd April 3 am Discord mr beast crypto messages sent out, account was restricted from typing messages by discord.

1 pm UberEATS breached, and hacker spent about 300 dollars on ubereats orders to random addresses around the country. When I went to type to a delivery driver it said the hacker sent a message to not make a phone call and to drop off the food without ringing the bell. I sent a message in the chat telling him that my account was hacked and I did not place this order, and to help me get in touch with uber support if possible and the hacker replied on my account "This is none of your concern, this is a normal uber eats delivery order."

Cancelled all bank cards at this point

Potentially Instagram at some point as I got a suspicious sign in blocked alert or something similar, I don't fully remember what it said now.

Tried to reset all my passwords but accidentally missed one email and riot account.

Began doing antiviruses to wipe out the virus.

23rd April Family members email address was breached (was saved to pc didn't realise)

Same family members abandoned twitter was breached, hacker got in via a email verification code as it wasn't saved to my pc. This is how we realised he was in their email.

This is where a really weird thing happened, we checked the twitter and saw it was following an account that hadn't posted since 2019 and its only posts were just links to a facebook account. Another family member of mine recognised the name and said they think they've been seeing that name in their facebook suggested friends and also viewing their linked in. Over the next couple days all of a sudden their work email started getting snapchat phishing emails and then their CEOs email address was masked to send an email to other members of their company. This could be an unrelated thing and this family member may be mistaking the name due to our paranoia being heightened but this terrified us.

30th April 2 AM one of my riot accounts i forgot to change my password on was breached

8 AM my 2nd email address got logged into (no session token, forgot to change password on this one)

The hacker attempted to reset my jagex account via email, jagex couldn't find login and then he deleted the email. This was how I realised he was in my email. Performed mass reset of all passwords again and did sign out on all devices.

1 PM hacker was still in my email as outlook takes 24 hours to log out all devices, got into an abandoned linkedin from over a decade ago that I never even verified my identity on using an email verification as I didn't have this saved to my PC either. Could not get into this linkedin to change details as it still asks for me to submit identity verification which at this point I am not willing to do due to the risk.

At this point did diskpart clean all on all my drives, made USB windows 11 installer on separate computer and booted into this. Did diskpart clean all on OS drive, then removed all partitions on all drives and reinstalled windows.

Proceeded to make new email address on different service and started moving everything across.

2nd May Facebook randomly reverted my email back to old email address, could not find email confirmation of this in current or previous email inboxes, checked logins for suspicious activity and found nothing, checked facebooks emails sent section and could not see any emails sent that evening regarding this. Googled and came up with that facebook could have reverted this automatically. Instagram was no longer linked in account center to facebook, which I found online should not happen automatically but could be a bug due to them no longer linking to the same email. Paranoid I reset everything again.

I've been resetting my passwords constantly using random letters numbers and characters and for the time being using pen and paper as I'm worried that somehow they may still be on my pc if I download a password manager. Also been changing all accounts email addresses I can to my new email.

Something I noticed is on occasion but not every time when I boot my PC i see a few cmd windows open and close, I checked regedit, did a powershell command to check startup history, checked startup programs, ran nirsoft lastactivityview and could not find anything suspicious, could possibly be bitdefender, steam, or a windows startup process causing it based on google results.

I'm not very well versed when it comes to cybersecurity and this has ultimately traumatized me to the point where I'm in a constant state of panic and I need to know if I'm okay. I'm trying to learn and have been taking this extremely seriously but I'm terrified.

Hi,

I posted a couple days ago alluding to this coz of another fear I had but I want to inquire about this big one now. Sorry in advance if this is a long post, any and all advice is extremely appreciated. For some background I am extremely paranoid, I suffer from horrible anxiety and this has been the most stressful 2 weeks of my life so I am a bit panicked still. I've tried to write down a sort of timeline of the events from memory but I'm still extremely shaken so if I need to clarify anything please let me know.

TLDR; downloaded an infostealer, stole some session tokens and did stuff, got into accounts using saved passwords of mine and a family members, some weird stalking stuff potentially from the same guy to another family member but possibly my paranoia. Don't know if all my procedures were enough as I am paranoid.

21st April at 5 PM I tried to download and run a game (was a visual novel and the file was the infamous renpy one that i now know exists) but ran an infostealer and didnt realise it.

22nd April 3 am Discord mr beast crypto messages sent out, account was restricted from typing messages by discord.

1 pm UberEATS breached, and hacker spent about 300 dollars on ubereats orders to random addresses around the country. When I went to type to a delivery driver it said the hacker sent a message to not make a phone call and to drop off the food without ringing the bell. I sent a message in the chat telling him that my account was hacked and I did not place this order, and to help me get in touch with uber support if possible and the hacker replied on my account "This is none of your concern, this is a normal uber eats delivery order."

Cancelled all bank cards at this point

Potentially Instagram at some point as I got a suspicious sign in blocked alert or something similar, I don't fully remember what it said now.

Tried to reset all my passwords but accidentally missed one email and riot account.

Began doing antiviruses to wipe out the virus.

23rd April Family members email address was breached (was saved to pc didn't realise)

Same family members abandoned twitter was breached, hacker got in via a email verification code as it wasn't saved to my pc. This is how we realised he was in their email.

This is where a really weird thing happened, we checked the twitter and saw it was following an account that hadn't posted since 2019 and its only posts were just links to a facebook account. Another family member of mine recognised the name and said they think they've been seeing that name in their facebook suggested friends and also viewing their linked in. Over the next couple days all of a sudden their work email started getting snapchat phishing emails and then their CEOs email address was masked to send an email to other members of their company. This could be an unrelated thing and this family member may be mistaking the name due to our paranoia being heightened but this terrified us.

30th April 2 AM one of my riot accounts i forgot to change my password on was breached

8 AM my 2nd email address got logged into (no session token, forgot to change password on this one)

The hacker attempted to reset my jagex account via email, jagex couldn't find login and then he deleted the email. This was how I realised he was in my email. Performed mass reset of all passwords again and did sign out on all devices.

1 PM hacker was still in my email as outlook takes 24 hours to log out all devices, got into an abandoned linkedin from over a decade ago that I never even verified my identity on using an email verification as I didn't have this saved to my PC either. Could not get into this linkedin to change details as it still asks for me to submit identity verification which at this point I am not willing to do due to the risk.

At this point did diskpart clean all on all my drives, made USB windows 11 installer on separate computer and booted into this. Did diskpart clean all on OS drive, then removed all partitions on all drives and reinstalled windows.

Proceeded to make new email address on different service and started moving everything across.

2nd May Facebook randomly reverted my email back to old email address, could not find email confirmation of this in current or previous email inboxes, checked logins for suspicious activity and found nothing, checked facebooks emails sent section and could not see any emails sent that evening regarding this. Googled and came up with that facebook could have reverted this automatically. Instagram was no longer linked in account center to facebook, which I found online should not happen automatically but could be a bug due to them no longer linking to the same email. Paranoid I reset everything again.

I've been resetting my passwords constantly using random letters numbers and characters and for the time being using pen and paper as I'm worried that somehow they may still be on my pc if I download a password manager. Also been changing all accounts email addresses I can to my new email.

Something I noticed is on occasion but not every time when I boot my PC i see a few cmd windows open and close, I checked regedit, did a powershell command to check startup history, checked startup programs, ran nirsoft lastactivityview and could not find anything suspicious, could possibly be bitdefender, steam, or a windows startup process causing it based on google results.

I'm not very well versed when it comes to cybersecurity and this has ultimately traumatized me to the point where I'm in a constant state of panic and I need to know if I'm okay. I'm trying to learn and have been taking this extremely seriously but I'm terrified.

Copying a post I made on tech support as I'm incredibly worried right now

This may seem a bit silly but I'm super paranoid due to a recent infostealer hack that occurred on my pc on the 21st.

That's another issue that I'm still in the midst of sorting but just now I checked my discord on my phone and saw a pending message request.

The account was made earlier in the month and it had joined a mutual server on the 21st which set off alarms for me, however when I went to click the profile to block I accidentally double tapped and clicked a YouTube link in their bio. The link led to a 404 account not found YouTube page but I'm worried it may have been malicious. The link was https://www.youtube.com/@ArtsNation01 which doesn't look suspicious since it's just a YouTube URL but I'm extremely on edge at the moment.

The link did not download any APKs, I checked recent downloads and saw nothing there.

I ran the link through virustotal and it showed a 1/95 vendors marked as suspicious which was from desenmascara.me I also checked a few other URL checkers but they all said safe. I ran eset mobile to check my device and it came up with nothing, but I don't know if maybe there's a way it could steal my tokens via chrome android?

Is it possible this could have been an unrelated discord artist scammer and it was just a coincidence of the timing, or maybe they are related but the URL is nothing to fear? Any help would be appreciated.

To add I made an edit about 20 min after clicking the link which was:

Edit: the account just left the mutual server we were in... Could it have been malicious and he got what he want?? I'm really worried now

That last part is having my panic in overdrive right now.

Hi,

This may seem a bit silly but I'm super paranoid due to a recent infostealer hack that occurred on my pc on the 21st.

That's another issue that I'm still in the midst of sorting but just now I checked my discord on my phone and saw a pending message request.

The account was made earlier in the month and it had joined a mutual server on the 21st which set off alarms for me, however when I went to click the profile to block I accidentally double tapped and clicked a YouTube link in their bio. The link led to a 404 account not found YouTube page but I'm worried it may have been malicious. The link was https://www.youtube.com/@ArtsNation01 which doesn't look suspicious since it's just a YouTube URL but I'm extremely on edge at the moment.

The link did not download any APKs, I checked recent downloads and saw nothing there.

I ran the link through virustotal and it showed a 1/95 vendors marked as suspicious which was from desenmascara.me I also checked a few other URL checkers but they all said safe. I ran eset mobile to check my device and it came up with nothing, but I don't know if maybe there's a way it could steal my tokens via chrome android?

Is it possible this could have been an unrelated discord artist scammer and it was just a coincidence of the timing, or maybe they are related but the URL is nothing to fear? Any help would be appreciated.

Thanks.

Edit: the account just left the mutual server we were in... Could it have been malicious and he got what he want?? I'm really worried now