Comment by SeanAnderson

Oh, hah, fair.

I downloaded and ran an executable from the website under the belief I was checking out a game prototype. My Chrome browser instance crashed the moment it ran. I re-opened Chrome, got an email about suspicious login, and immediately turned the computer off to triage on a clean machine. I knew I was hacked within moments of being hacked and was fully at my computer for it.

I'm assuming I lost access to the Google account through session hijacking / exfiltrating an active session token. That doesn't really make complete sense, though, because I wasn't logging in to that second Chrome account with any regularity. It also doesn't explain how they got access to my 2FA-enabled account. I had some thoughts there about how easy it is to click "Remember this PC" and weaken 2FA and maybe the malicious script made my machine a proxy for their actions to leverage my PC being remembered? I'm not sure how practical that theory is in practice.