FR EN DE ES IT PT
Browse forums 
Ankama Trackers

Multiple people hacked through game chat

By Voodudes - SUBSCRIBER - October 28, 2020, 15:46:48
AnkaTracker

Today, on server Illyzaelle, one person shared what was supposed to be an item on the english game chat. Once a person clicked on the item, something was installed through CMD on its computer. People reported that they lost everything in-game. I have the authenticator installed, so I still haven't lost anything in-game, but I did reported.


This is a breach and Ankama should treat this seriously, I don't know which kind of information this person stole from my computer through Dofus.
2 0
Reply
First Ankama intervention

Thank you for the warning, we are looking into this.

We'll let you know, once there is more Information available on the topic.

See message in context
Reactions 15
Score : 1804

I can add to this that there are these scammers again who are buying some kind of pack for 11mk and when they ask you if you have it and you say no they will come with a story about how you can get it for free on the dofus website and they tell you to google it. 

When you google it it is the top link and it looks exactly like the dofus website but if you login its gg and your account will get hacked.

EVERYBODY BE CAREFULL!

Ankama should have MODS be active ingame and have them keep an eye on the ingame chat channels and BAN those people emediately.

2 0
Reply
Score : 237

This happened to me last week. I googled it and I unconsciously logged in. With in seconds my character was disconnected and stripped of his gear....it took me like two minutes to grab a hold of myself to come to the real site and changed my password. But it was a lil too late for my gear and kamas (luckily I was already poor ingame).

This is a bit concerning, because I had avoided clicking links in game. But googling what an item was and then ending up on a site look alike took me by surprise for sure.

0 0
Score : 116

Yeah, I have heard reports of multiple people clicking on items which makes them download stuff, I hope Ankama makes a statement about this soon because I'm not clicking any items I see in /b, /r, or /c channels, the only way to know for sure you're not downloading anything lol.

0 0
Reply

Thank you for the warning, we are looking into this.

We'll let you know, once there is more Information available on the topic.

Reply
Score : -15

From what I've seen so far, when you click his message it just opens a file on your computer. In my case it was a .exe file in my windows folder.

https://imgur.com/a/M7hknCc
https://imgur.com/a/sjP1arx

I've also seen the (or part of) code he used to pull this off.

All it seems to do is designate what file on your computer it opens when you click it, and nothing more. In his last few messages anyway.. Not sure about the first ones.

0 0
Reply

Our teams we are working with priority on a fix of for this issue.
On the actual status of our investigation, this exploit may seem impressive, but the integrity of your data and systems are currently not at risk.

Rest assured, we are doing everything we can to deploy a patch as soon as possible.

Reply
Score : 1

You mean in-game data but if someone downloads a virus his personal data in his personal computer may be at risk  for the time being the best way is to block temporarily links /b /c /s /a chats (in my opinion)
Thank you

0 0
Score : 1

Are you kidding? Any script-kiddie can trigger the download of a virus hosted on a server and then execute it easily.

0 0
Reply
Score : 1804

Some advice for people, since Ankama doesnt shut down chat channels while this is going on, dont click on items but just hover your mouse over them and you will also see the stats of the item without clicking on a potential link.

1 0
Reply
Score : 223

I would like to start by saying that, you can easily check the link in the URL bar on your browser.
First the site certificate will definitely not be the same: the official certificate of Dofus is given from Cloudflare, Inc. Another one is to navigate the site before you log in. There will be differences in the links to load the site pages.

I would also add that when you place your mouse on a recognize game item/resource or other type, it will show you the info screen of it without you having to click on it. If it is anything else such as link or other, it would not show anything.

I would also add, to run something through your CMD from the Dofus game chat, it will have to open a permission window since the game does not have Administrator permissions, or ask you to download a software.

To run a DDOS attack or MIM attack through the game chat, the hacker will need to actually have access to the code repository of Dofus 2.X, add his code to where the chat converts item IDs to name, put a script that will convert into an item name of choice then push the code live. All this, without Ankama security dev knowing. Given the high possibility that Ankama still has physical servers in cold rooms, I would tell you that it is very hard to do that except if you have access from the inside..aka you can hack an Ankama dev desk-station.

First I do not think people playing this game, or doing these kind of scams are very technically savy to build something like I said above.

I would love to have more technical information from the dev team at Ankama. I will also try something in Flash from my end and I will update my response.

Best,
Bibiboy

0 0
Reply
Score : 6590

I think you're misunderstanding the issue a little and downplaying something that's pretty much real as described. For context, the guy doing this is extremely well known in the community and he's pulled weird stuff like this for over a year.

These aren't URL links we're talking about. This guy is able to manipulate the game's chat to insert fake "links" into the chat, in a similar way to how the Dofus chat creates links to items, guilds, coordinates, etc. Instead of the "link" triggering an event such as bringing up an item's description or the like, it triggers an event that can run basic things in a user's Command Line. He used it to attempt to launch a Windows diagnostic tool so far. Clicking one of his "links" hasn't been reported to activate a Windows Account Security prompt like you suggest. I haven't seen actual proof that he's used this to do something legitimately harmful yet, but we really don't know the limitations. To further aid in understanding, this is similar in scope to when people manage to modify the stats on items linked in the chat, or link to the GM Bow Meow or something, but it goes a little farther than that technically.

This is also the same guy that throws those messages into the /c channel that breaks the formatting of the whole chat for the entire server. He's got some legitimate technical expertise.

2 0
Score : 108

That’s very concerning indeed. Disabling item links while a hotfix is being made wouldn’t be too much to ask.

0 0
Reply
Score : 1804

I guess now buy your items straight from market and stop using chat channels for trading.

 

simple-joe|2020-11-03 00:27:06
This happened to me last week. I googled it and I unconsciously logged in. With in seconds my character was disconnected and stripped of his gear....it took me like two minutes to grab a hold of myself to come to the real site and changed my password. But it was a lil too late for my gear and kamas (luckily I was already poor ingame).

This is a bit concerning, because I had avoided clicking links in game. But googling what an item was and then ending up on a site look alike took me by surprise for sure.

sorry to hear bro. I hope you recover
0 0
Reply
Respond to this thread