u/icanloopyou

Recently, there have been multiple TikTok videos advertising apps/websites such as "snapvexa" to give an example. Although there are these fake websites for other apps too like Facebook.

These videos claim to be able to access any users webcam feed without them knowing. It is almost impossible For a modern phone's webcam to be hacked just because of a few button clicks on some shady app. You would have to run a spyware on your phone and ignore warnings and red flags to ACTUALLY have your webcam hacked on your phone as long as it is a modern phone.

"It claims to be able to get into their webcam without them knowing"

This is extremely unlikely. If a webcam/camera is in use on a modern phone, it will show a logo/notification saying it's in use. You will most likely know.

Another important thing to remember:

ANY actual exploit that could let any user get into another Snapchat users webcam would NOT be advertised to anyone and everyone in a TikTok video. It would be kept SECRET. Bragging about a zero day exploit is the quickest way to get something that's already gonna be patched quick, patched even quicker.

Hacking into someone's webcam without their knowledge is illegal in the United States:

Yes, this is a crime in the United States as it violates several laws, depending on the context.

Computer Fraud and Abuse Act (CFAA)

Stalking and Harassment

Unauthorized computer access (falls under CFAA).

This can result in criminal charges.

It makes NO sense to advertise this over TikTok if these fake apps ACTUALLY worked. That would be the quickest way to get the "exploit" patched, and also the quickest way to get the FBI involved as well as this would be an extreme user safety concern that could affect many users if it was actually real.

Are these fake apps just designed as a joke/click bait for views on TikTok/other platforms?

No. They are designed with the intent of fraudulent activity. Most of these apps are phishing apps/sites. You may see from people say "they need to verify" this is when they ask for your info, which is the phishing part. They will steal any information you give them, and if you download one of these fake apps and run it, you likely have a virus of some sort, such as a crypto miner or something worse.

Please stay aware of this extremely dangerous scam. If you're a creep who downloaded these fake apps or visited these fake websites and gave them info, YOU'RE the one being hacked. Not the person you're obsessed about. Karma is a bitch.

Hello, I am a moderator at r/discordhelp and I've seen lots of people get infected with this info stealer, probably like 20 posts about it in the past few days. I thought I'd share some basic ways people can avoid getting infected by this and how they commonly get on your PC.

1: Don't sail the seas without knowing what you're doing. Sites that you visit for "sailing the seas" often contain malicious popups/advertisements that will lead you to a fake of what you're ACTUALLY trying to download to get you to press "download" and then you install the stealer thinking it's whatever you're trying to download then you run it then your stuff is stolen. Always use an ad blocker and sail the seas at your own risk. I do not promote piracy in any way.

2: Don't give any "support agents" your account credentials. There is a popular phishing scam that has been around for awhile that involves either a fake discord support email/dm saying your account has been suspended/flagged/accidentally reported, etc and says to dm a "support agent" and they will ask for your account credentials to "resolve" the issue. This is an extremely common phishing scam that has been around for a considerable amount of time.

3: Don't run any .exe files for "free" game cheats. This is just as common as getting a virus from piracy. Scammers are aware lots of people like to cheat on video games, and that some don't have as much money to pay for a legitimate cheat/mod, so they will disguise a virus of whatever sort as a free game cheat and will most of the time make it fairly believable.

4: Don't enter in the URL for the site that is shown in the Mr beast scam images. This is the whole point of the scam. They want you to go to the website that is advertised in the pictures for the scam, which is a phishing website. They will either ask you to send a certain amount of money as "verification" to receive the ACTUAL 2500$/3000$ but that actual money will never come so you just payed them for nothing and got scammed. Or they will ask you for any kind of sensitive information like account credentials/bank info. No matter what you do, do not enter the website or give them any information, or run any files you download from the site.

Some extra tips:

Always use 2FA if possible for any accounts you care about. Authenticator is recommended. SMS is better than no 2FA, but it is vulnerable to SIM swappers and interception. Authenticator is stronger because it significantly reduces the risk of attackers trying to bypass your 2FA because the code is only on your physical device and can't easily be intercepted by attackers.

If your discord account has sent any Mr beast crypto images, your PC very likely has a token stealer/info stealer. You need to reinstall windows completely. Token stealers bypass 2fa and act as a "remember password" so they can get in your account regardless of if you have 2fa or not. If you have a info stealer/token stealer,

REINSTALL WINDOWS. Do NOT factory reset via the recovery options on the PC. Resetting from the recovery menu does not guarantee the malware is gone, and many types of viruses/malware can easily survive a local factory reset. Reinstalling windows almost guarantees the malware is gone.

When you realize you have a stealer, DISCONNECT YOUR PC FROM THE INTERNET. This stops the attacker from having active remote control from your PC, as he/she needs Internet connection to have control. This also stops the infection from spreading to other devices on the network, stops data exfiltration, and stops additional malware from being downloaded onto your PC by the hacker. When you have a virus of any kind, it is ESSENTIAL to disconnect your PC from the Internet immediately.

Change your passwords, but from a DIFFERENT DEVICE. This is because:

Any passwords on your PC are compromised. If you change the password for whatever account on that PC, that new password is already compromised since you changed it on the infected device.

Log the infected PC out or any other devices that are infected.

If your contact has sent you these images, warn them if safe to do so, so they can take action.

I hope this helps anyone who is dealing with this scam.