fixed typos & added a closing statement
This commit is contained in:
parent
cbc3b761de
commit
ab2a5741b3
@ -42,7 +42,7 @@ function saveFile(name, type, data) {
|
|||||||
|
|
||||||
The resulting webpage would display 12/15/18/21/24 input fields for a crypto wallet seed phrases of various lengths.
|
The resulting webpage would display 12/15/18/21/24 input fields for a crypto wallet seed phrases of various lengths.
|
||||||
|
|
||||||
The scammers were using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Telegram also follows a certain logic with the chat IDs (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix) which helps in determining that the data is exfiltrated into a private chat instead of a group.
|
The scammer was using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Additionally it's also clear that the data was being exfiltrated into a private chat based on the chat ID format (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix).
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
// Add your telegram token,chatid
|
// Add your telegram token,chatid
|
||||||
@ -160,3 +160,5 @@ while True:
|
|||||||
send_msg(words, CHAT_ID)
|
send_msg(words, CHAT_ID)
|
||||||
sleep(random.randint(1, 10))
|
sleep(random.randint(1, 10))
|
||||||
```
|
```
|
||||||
|
|
||||||
|
In the end I was able to send roughly 10k messages before the scammer revoked the API token. I hope he'll have a fun time trying to sort out the legitimate responses from the ones I sent.
|
||||||
|
Loading…
Reference in New Issue
Block a user