Comment by anonymous908213
1 day ago
For a cautionary tale, I'm not seeing a mention of how you were actually compromised? You mentioned losing multiple accounts, but presumably didn't decide to sign up for their 'game' website while entering your gmail address and password plus Discord password. KeePass should rule out having used the same password for all three accounts. KeePass should also, in theory, not immediately give up all of your credentials to a random .exe running on your computer. If it did, it would be useful for people to know to avoid it.
Oh, hah, fair.
I downloaded and ran an executable from the website under the belief I was checking out a game prototype. My Chrome browser instance crashed the moment it ran. I re-opened Chrome, got an email about suspicious login, and immediately turned the computer off to triage on a clean machine. I knew I was hacked within moments of being hacked and was fully at my computer for it.
I'm assuming I lost access to the Google account through session hijacking / exfiltrating an active session token. That doesn't really make complete sense, though, because I wasn't logging in to that second Chrome account with any regularity. It also doesn't explain how they got access to my 2FA-enabled account. I had some thoughts there about how easy it is to click "Remember this PC" and weaken 2FA and maybe the malicious script made my machine a proxy for their actions to leverage my PC being remembered? I'm not sure how practical that theory is in practice.