OP 23 July, 2024 - 06:01 AM
(This post was last modified: 23 July, 2024 - 07:01 AM by bulkingshop. Edited 3 times in total.)
Scammers Profile Link: https://cracked.io/Kosoujisama
Sales Thread: Advertised TG channel in thread. https://t.me/kachuababa
Amount or Item(s) Scammed: Attempted spreading of malware.
Screenshots of Communication:
1. https://gyazo.com/87b678f42b5ae73203fb01cdd10ce5a1
2. https://gyazo.com/3003d08036799dfb002f0de09061fbbe
3. https://gyazo.com/0e0fcfc04ae5d800750e077c503d7b38
4. https://gyazo.com/db02bd42c8552e27eccb515d4502796e
5. https://gyazo.com/ca6882e63063fd0c495b8939a7216dcf & https://gyazo.com/e11f5077fc468f7847962ebe4cdb19ae (Proof of identity)
Additional Information: The user advertised the sale of a 'private Netflix API config', which I knew to be fake, but I was curious how far he was willing to scam. He provided excuses for why he was not able to show proof of the config working immediately. He then messaged me the following day saying the checker had been leaked on c.io and sent a link to a checker that was 395kb, had 2 views (myself and him), and had 0 downloads.
The file contained a poorly configured .bat file with instructions for a stealer on github. https://gyazo.com/f6d2175dd3da1f80cdf901d2cbacd954 (Github: "With ******, you can retrieve seed phrases, session files, passwords, application data, Discord tokens and more)
This user has apparently been banned on this forum previously and is returning under alternate usernames to continue scamming and spreading malware.
Crypto address for a refund: N/A
UPDATE:
It seems the user is using alts to spread the same malware link on this forum. https://cracked.io/Thread-Netflix-Checker-New-Api
Sales Thread: Advertised TG channel in thread. https://t.me/kachuababa
Amount or Item(s) Scammed: Attempted spreading of malware.
Screenshots of Communication:
1. https://gyazo.com/87b678f42b5ae73203fb01cdd10ce5a1
2. https://gyazo.com/3003d08036799dfb002f0de09061fbbe
3. https://gyazo.com/0e0fcfc04ae5d800750e077c503d7b38
4. https://gyazo.com/db02bd42c8552e27eccb515d4502796e
5. https://gyazo.com/ca6882e63063fd0c495b8939a7216dcf & https://gyazo.com/e11f5077fc468f7847962ebe4cdb19ae (Proof of identity)
Additional Information: The user advertised the sale of a 'private Netflix API config', which I knew to be fake, but I was curious how far he was willing to scam. He provided excuses for why he was not able to show proof of the config working immediately. He then messaged me the following day saying the checker had been leaked on c.io and sent a link to a checker that was 395kb, had 2 views (myself and him), and had 0 downloads.
The file contained a poorly configured .bat file with instructions for a stealer on github. https://gyazo.com/f6d2175dd3da1f80cdf901d2cbacd954 (Github: "With ******, you can retrieve seed phrases, session files, passwords, application data, Discord tokens and more)
This user has apparently been banned on this forum previously and is returning under alternate usernames to continue scamming and spreading malware.
Crypto address for a refund: N/A
UPDATE:
It seems the user is using alts to spread the same malware link on this forum. https://cracked.io/Thread-Netflix-Checker-New-Api