From ab2a5741b3cad67ff1e7e20aefe19233034025dd Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 29 Oct 2024 19:01:33 +0200 Subject: [PATCH] fixed typos & added a closing statement --- content/blog/metamask-scam-exploration.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/blog/metamask-scam-exploration.md b/content/blog/metamask-scam-exploration.md index be86788..257a928 100644 --- a/content/blog/metamask-scam-exploration.md +++ b/content/blog/metamask-scam-exploration.md @@ -42,7 +42,7 @@ function saveFile(name, type, data) { The resulting webpage would display 12/15/18/21/24 input fields for a crypto wallet seed phrases of various lengths. -The scammers were using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Telegram also follows a certain logic with the chat IDs (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix) which helps in determining that the data is exfiltrated into a private chat instead of a group. +The scammer was using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Additionally it's also clear that the data was being exfiltrated into a private chat based on the chat ID format (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix). ```javascript // Add your telegram token,chatid @@ -160,3 +160,5 @@ while True: send_msg(words, CHAT_ID) sleep(random.randint(1, 10)) ``` + +In the end I was able to send roughly 10k messages before the scammer revoked the API token. I hope he'll have a fun time trying to sort out the legitimate responses from the ones I sent.