What's new

Welcome to HvH Forum!

SignUp Now! Download Free HvH CS2/CS:GO Cheats, CFG, LUA/JS Scripts, And More!


SignUp Now!

News New way of infecting computers by LUA scripts!!!

Plisskien

Plisskien

I'm not Plisskien
Administrator
User ID
1
Messages
1,406
Reactions
3,890
Level
99
New way of infecting computers by LUA scripts!!!

We have noticed an increased amount of LUA script posts that are infected, we believe there is one person behind this, who used about 10+ different accounts on this forum. This person puts this string at the end of the script source.

He calls it a font, it might be a font,
f99afbac16503e469d9ca76af23ea9c0.png

but in this case this is decrypted code
51833c27592e7ff426507834441f967b (1).png

Uses 'PowerShell' to run the downloaded software, I'm not sure what this software is doing, but below you have links to VirusTotal, and HybridAnalysis.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
You must be registered for see links

We have noticed something like this in Aimware LUA, and Legendware v4 LUA only, we haven't seen anything similar in JS scripts, but please be extra conscious about this risk, if you see anything similar like this on forum report this thread as soon as possible, so we can investigate it! Keep in mind that scripts might be obfuscated. This can make it difficult to analyze any script. That’s why we had to change the rules, it is now forbidden.
hackvshack.net

Rules

A list of rules users must stick to.
hackvshack.net hackvshack.net
 
LeoOnLSD

LeoOnLSD

Rookie HvHer
User ID
10499
Messages
23
Reactions
38
Level
11
thanks for the information VirusTotal says what name this file uses if you infect the virus or RAT via Lua. In fact, it's nothing new that you can infect yourself via JavaScript or Luas, which is why you should stay away from freeed cheats that Luas offer.

I hardly use scripts for cheats and find you should use freeed / freeed Lua or further because the risk is too high

Screenshots:
https://imgur.com/5qPsz4J
You must be registered for see links


https://imgur.com/bCDOWfP
You must be registered for see links

 

Bvar1337

Rookie HvHer
User ID
26229
Messages
16
Reactions
9
Level
8
Th
Plisskien said:
New way of infecting computers by LUA scripts!!!

We have noticed an increased amount of LUA script posts that are infected, we believe there is one person behind this, who used about 10+ different accounts on this forum. This person puts this string at the end of the script source.

He calls it a font, it might be a font,
View attachment 1300

but in this case this is decrypted code
View attachment 1301

Uses 'PowerShell' to run the downloaded software, I'm not sure what this software is doing, but below you have links to VirusTotal, and HybridAnalysis.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
You must be registered for see links

We have noticed something like this in Aimware LUA, and Legendware v4 LUA only, we haven't seen anything similar in JS scripts, but please be extra conscious about this risk, if you see anything similar like this on forum report this thread as soon as possible, so we can investigate it! Keep in mind that scripts might be obfuscated. This can make it difficult to analyze any script. That’s why we had to change the rules, it is now forbidden.
hackvshack.net

Rules

A list of rules users must stick to.
hackvshack.net hackvshack.net
Click to expand...
Well tbh this isn't new. Never use freeed/freeed scripts with hidden or obfuscated code, it doesn't mean its malicious code but its better to be sure.
 
Plisa

Plisa

Newbie HvHer
User ID
2966
Messages
2
Reactions
1
Level
2
Plisskien said:
New way of infecting computers by LUA scripts!!!

We have noticed an increased amount of LUA script posts that are infected, we believe there is one person behind this, who used about 10+ different accounts on this forum. This person puts this string at the end of the script source.

He calls it a font, it might be a font,
View attachment 1300

but in this case this is decrypted code
View attachment 1301

Uses 'PowerShell' to run the downloaded software, I'm not sure what this software is doing, but below you have links to VirusTotal, and HybridAnalysis.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
You must be registered for see links

We have noticed something like this in Aimware LUA, and Legendware v4 LUA only, we haven't seen anything similar in JS scripts, but please be extra conscious about this risk, if you see anything similar like this on forum report this thread as soon as possible, so we can investigate it! Keep in mind that scripts might be obfuscated. This can make it difficult to analyze any script. That’s why we had to change the rules, it is now forbidden.
hackvshack.net

Rules

A list of rules users must stick to.
hackvshack.net hackvshack.net
Click to expand...
How do u decrpyt it?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

OnYx_Boxer
Request Hello I am a Active Developer/Admin of a small lua named Remnant.rip
0
Replies
242
Views
OnYx_Boxer
OnYx_Boxer
Adnu1
LUA Pack HvH CFG Fatality rage cfg % lua pack
6
Replies
3K
Views
Kalvio123
Kalvio123
Plisskien
  • Sticky
Announcement Full files status explanation on hackvshack.net
0
Replies
1K
Views
Plisskien
Plisskien
xmquwu
Safe Puzzle Cra memedora.club free (Artictech paste)
2 3
42
Replies
7K
Views
Hecka213
giperwipe
LUA ikona glamura lua neverlose.cc v3.3
4
Replies
2K
Views
a_656
a_656

Newest members

Partners

Forum statistics

Threads
2,754
Messages
23,629
Members
114,194
Latest member
altdiscord
Most visitors online was 4044 , on 21 Oct 2024

Online statistics

Members online
43
Guests online
274
Total visitors
317
Totals may include hidden visitors.
Top