Friday night.. beer & bots time! =]
A new PHISHING campaign hit Hive in the past couple of days.. 👇
I was busy at work today (crazy release day) and then immediately after I went out for dinner so I was not aware of it happening.
Guiltyparties updated his github with his list of known phishing links so, since my bot already consumes it, it would start automatically fighting against the new phishing wave.
The new url was added though only after the attacker managed to put out most of his messages already:
I therefore decided to (run the bot against old messages and) make the attacker's life more difficult in case someone indeed fell for it. I filled his database with thousands of fake credentials! :evil_laugh:
I would like to see his/her face when they first see the amount of credentials they think they stole just to then realize that they are all not working. Priceless. =]
After I wrote the script to fill their database with crap, I left it running for about 2 hours by now and I will leave it running for the next couple of days changing a bit the rules as well in order to create different types of fake credentials.
You can find below my nodeJs code in case someone wants to use this in the future. I will for sure after other attacks since it's usually quite trivial to figure out how to write bad data into their DB - my script can easily be adjusted for that.
For example, in the case of the PHISHING DOMAIN steemconnect.xyz, it was just a matter of figuring out how the request to store the stolen credentials looked like and start sending fake ones:
Without further ado.. HERE IS THE CODE:
HERE ARE SOME LOGS THAT SHOW ITS OUTPUT:
It currently runs on batches of about 100 writes every about 20 seconds with sligth randomizations of the wait time between one batch and the other in order to make the detection of fake data patterns more difficult to spot.
Good luck phisher! LOL
I am now currently finishing
Allowing (top 50?) witnesses and other selected users to immediately blacklist a domain for @keys-defender simply sending it a wallet memo. This list will initially include: @guiltyparties, @louis88, @phage93, @jlsplatts (thanks for the delegation by the way!), @enforcer48 - and others will be added in the next few days.
Allowing a domain to be blacklisted if 10 users report it in a short window of time (24 hours?).
I will post an update here tomorrow(-ish) with my development progress.