I'm watching Joel's video on YouTube as I jerk around in VM to try out Bonzi Buddy some users in YouTube are talking about. Seriously, for the last 15 or 20 years of my life, I never heard of it.
Okay. Remember this post I'm talking about? So I tried to go back in time and see who's the guy behind the NoClip and Angry Planes mod, using "Wayback Machine" (that web archive website I did talked about), and then check in the actual GTA5-Mods.com to see if that user is banned, using news references and YouTube videos I've watched.
Before all this sh*t started to happen, it happened around 2015, on May, as a matter of fact. Newsletters recorded how that happened during that time. Witnesses describe that it has an internal executable named Fade.exe that acted as a keylogger and steals user's account credentials without anyone wiser. Before I can get a glance on the guy who's behind all of this, moderators (and website owners, maybe?) deleted both of those mods to prevent more people playing GTA V (with script mods, obviously) being infested by both malware and spyware.
That time was before Josh Romeo or whatever paid journalists to say that he "singlehandedly" modeled a graphics mod that was an obvious stealing from VisualV, authored by _CP_, and legit mod makers fought against him.
So I started at before PCGamer posted an article about it, on May 14, 2015.
And, jackpot! Here it is. Angry Planes, made by onsby.
And the proof confirms it that he was banned the moment he posted that malware/spyware hidden in both of his scripts (where the news picked it up). Also, there's nothing to explain about this user, anyway. Nothing, exactly; no videos, no comments, and two (?) uploads were deleted as soon as users reported that it contains malware, quickly made that user struck by a banhammer.
I did download it, but glad I'm not using it the moment newsletters told everyone across the Internet that it contains a hidden malware/spyware. Literally an identity theft, which is not cool, man. Seriously, onsby, it's not cool at all. Many people have noticed their accounts got hijacked, such as Steam, without anyone wiser. Unfortunately (idk if Steam Mobile app back then has 2FA/two-factor authentication activated), those without enabling 2FA or they accidentally inputted the authentication code the moment it was infected by malware/spyware, even though 2FA was activated, were in bad luck. Although Steam Mobile app was released on January 26, 2012 and they have been using it (including me), many can still be hijacked if you shared the credentials (including authentication code) at an untrusted websites, such as gambling sites and when your computer is infested with malware or spyware that can steal your data or locking your files out to pay to the guy making it (ransomware).
Now let's look further on this.
Was uploaded 14 hours ago, on May 8, where the snapshot of "Wayback Machine" was taken. Currently 1345 users downloaded this sh*t and they didn't know that it contained a malware. There were videos showcasing it too, but too bad that we have to manually find it on YouTube as the original page in 5-Mods was deleted.
Okay, I have zero idea if both of those are uploaded on sites other than GTA5-Mods.com, but if that happened, we're in a deep shit that day.
Advancing further to May 14, where the PCGamer posted an article about it, I found one snapshot of that website.
What I suspected when I wrote about it on May 15 was right; both Angry Planes and NoClip script mods by onsby contain a malware/spyware hidden inside. That was undoubtedly surprising. Like... holy sh*t, this guy is actually making cool scripts but infested with hidden malware/spyware inside that will execute the moment ScriptHookV loads that ASI plugin. Really a bad luck for those who have downloaded and used it unnoticed (glad I'm not using them the moment I found out that it's malware-infested). Those without additional protection that Windows Defender cannot (antivirus like AVG, or the usual malware scanner thingy, Malwarebytes) have their credentials stolen when they connected to the Internet while playing this game and the ScriptHookV loaded Angry Planes, NoClip, or both script mods.
Many people have been talking about it that day and then died down years later to say that, "what's done is done, move on". And not before long, Josh Romeo or whatever shocked the modding community about GTA 5 Redux or whatever.
Okay, maybe I skipped too fast and then jumped to where PCGamer posted an article about it, on May 15, 2015. Let's see if onsby was actually uploading the NoClip script mod before Angry Planes was captured in the "Wayback Machine" snapshot.
Unfortunately, I can't find it on the snapshot grabbed on May 9, but surprisingly, Angry Planes mod has reached 3330 downloads, which means 3330 people were at risk of credential theft that day. So in that time of period, between May 8 and May 14, at about tens of thousands of people were at risk of account hijacking, of particular are Steam, which users hijacking it used it to scam with fake VAC message if they found worthy inventories, or cheat in a VAC-secured game like CS:GO or DoTA 2 and then leave it after they have done with it, waiting for the Steam Support to recover their stolen (hijacked) account based on the evidence the original user has gathered.
Well, not much to explain about this incident where I described it as "one of the worst times in GTA modding history". I never thought people can be this crazy to spread terror just to gain income from their crimes, or fucking someone's account for fun and then everyone blamed the original user just because they can't properly secure the account (look, everyone make mistakes, alright; myself included). This type of thing was not the worst one than WannaCry or Petya, but this affected the entire playerbase of GTA V as a whole. Moderators have added an extra layer of security to scan ASI (which are DLLs that changed its extension to *.asi for allowing ScriptHookV to load it) and DLLs crafted using ScriptHookVDotNet as a reference for possible viruses or malwares inside the compiled scripts since that day, and we should be relax for now; thank God for that.
Anyway, owners of "Wayback Machine" made an announcement at their page that they need donation for something I don't even know about. If you like to, you can donate, but as for me... if I have time, I'll consider them giving a good time to keep the page alive until today by sending donation.
I will get back on this Josh Rock-n-roll guy stealing sh*t out of the mod makers using newsletters for reference and investigate using "Wayback Machine", of which this helped me out big time about sites that I don't know about and died when I accessed today on private browsing.
I hope this can shed the light of the victims that unknowingly have their credentials stolen from simple GTA V mods, despite it really have cool stuffs (Angry Planes mod has been remade by JulioNIB, while NoClip is embedded within trainers like MAFINS's Menyoo and sjaak327's Simple Trainer).
Okay. Remember this post I'm talking about? So I tried to go back in time and see who's the guy behind the NoClip and Angry Planes mod, using "Wayback Machine" (that web archive website I did talked about), and then check in the actual GTA5-Mods.com to see if that user is banned, using news references and YouTube videos I've watched.
Before all this sh*t started to happen, it happened around 2015, on May, as a matter of fact. Newsletters recorded how that happened during that time. Witnesses describe that it has an internal executable named Fade.exe that acted as a keylogger and steals user's account credentials without anyone wiser. Before I can get a glance on the guy who's behind all of this, moderators (and website owners, maybe?) deleted both of those mods to prevent more people playing GTA V (with script mods, obviously) being infested by both malware and spyware.
That time was before Josh Romeo or whatever paid journalists to say that he "singlehandedly" modeled a graphics mod that was an obvious stealing from VisualV, authored by _CP_, and legit mod makers fought against him.
So I started at before PCGamer posted an article about it, on May 14, 2015.
And, jackpot! Here it is. Angry Planes, made by onsby.
And the proof confirms it that he was banned the moment he posted that malware/spyware hidden in both of his scripts (where the news picked it up). Also, there's nothing to explain about this user, anyway. Nothing, exactly; no videos, no comments, and two (?) uploads were deleted as soon as users reported that it contains malware, quickly made that user struck by a banhammer.
I did download it, but glad I'm not using it the moment newsletters told everyone across the Internet that it contains a hidden malware/spyware. Literally an identity theft, which is not cool, man. Seriously, onsby, it's not cool at all. Many people have noticed their accounts got hijacked, such as Steam, without anyone wiser. Unfortunately (idk if Steam Mobile app back then has 2FA/two-factor authentication activated), those without enabling 2FA or they accidentally inputted the authentication code the moment it was infected by malware/spyware, even though 2FA was activated, were in bad luck. Although Steam Mobile app was released on January 26, 2012 and they have been using it (including me), many can still be hijacked if you shared the credentials (including authentication code) at an untrusted websites, such as gambling sites and when your computer is infested with malware or spyware that can steal your data or locking your files out to pay to the guy making it (ransomware).
Now let's look further on this.
Was uploaded 14 hours ago, on May 8, where the snapshot of "Wayback Machine" was taken. Currently 1345 users downloaded this sh*t and they didn't know that it contained a malware. There were videos showcasing it too, but too bad that we have to manually find it on YouTube as the original page in 5-Mods was deleted.
Okay, I have zero idea if both of those are uploaded on sites other than GTA5-Mods.com, but if that happened, we're in a deep shit that day.
Advancing further to May 14, where the PCGamer posted an article about it, I found one snapshot of that website.
What I suspected when I wrote about it on May 15 was right; both Angry Planes and NoClip script mods by onsby contain a malware/spyware hidden inside. That was undoubtedly surprising. Like... holy sh*t, this guy is actually making cool scripts but infested with hidden malware/spyware inside that will execute the moment ScriptHookV loads that ASI plugin. Really a bad luck for those who have downloaded and used it unnoticed (glad I'm not using them the moment I found out that it's malware-infested). Those without additional protection that Windows Defender cannot (antivirus like AVG, or the usual malware scanner thingy, Malwarebytes) have their credentials stolen when they connected to the Internet while playing this game and the ScriptHookV loaded Angry Planes, NoClip, or both script mods.
Many people have been talking about it that day and then died down years later to say that, "what's done is done, move on". And not before long, Josh Romeo or whatever shocked the modding community about GTA 5 Redux or whatever.
Okay, maybe I skipped too fast and then jumped to where PCGamer posted an article about it, on May 15, 2015. Let's see if onsby was actually uploading the NoClip script mod before Angry Planes was captured in the "Wayback Machine" snapshot.
Unfortunately, I can't find it on the snapshot grabbed on May 9, but surprisingly, Angry Planes mod has reached 3330 downloads, which means 3330 people were at risk of credential theft that day. So in that time of period, between May 8 and May 14, at about tens of thousands of people were at risk of account hijacking, of particular are Steam, which users hijacking it used it to scam with fake VAC message if they found worthy inventories, or cheat in a VAC-secured game like CS:GO or DoTA 2 and then leave it after they have done with it, waiting for the Steam Support to recover their stolen (hijacked) account based on the evidence the original user has gathered.
Well, not much to explain about this incident where I described it as "one of the worst times in GTA modding history". I never thought people can be this crazy to spread terror just to gain income from their crimes, or fucking someone's account for fun and then everyone blamed the original user just because they can't properly secure the account (look, everyone make mistakes, alright; myself included). This type of thing was not the worst one than WannaCry or Petya, but this affected the entire playerbase of GTA V as a whole. Moderators have added an extra layer of security to scan ASI (which are DLLs that changed its extension to *.asi for allowing ScriptHookV to load it) and DLLs crafted using ScriptHookVDotNet as a reference for possible viruses or malwares inside the compiled scripts since that day, and we should be relax for now; thank God for that.
Anyway, owners of "Wayback Machine" made an announcement at their page that they need donation for something I don't even know about. If you like to, you can donate, but as for me... if I have time, I'll consider them giving a good time to keep the page alive until today by sending donation.
I will get back on this Josh Rock-n-roll guy stealing sh*t out of the mod makers using newsletters for reference and investigate using "Wayback Machine", of which this helped me out big time about sites that I don't know about and died when I accessed today on private browsing.
I hope this can shed the light of the victims that unknowingly have their credentials stolen from simple GTA V mods, despite it really have cool stuffs (Angry Planes mod has been remade by JulioNIB, while NoClip is embedded within trainers like MAFINS's Menyoo and sjaak327's Simple Trainer).
Comments
Post a Comment