Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
The developer of EvolvedAim, a popular cheat for the game Escape From Tarkov, recently found himself in the center of a big scandal. As it turned out, along with his cheat, offered by a paid subscription, the enterprising programmer secretly distributed malware that steals information from users.
Escape From Tarkov is a hardcore military simulator that attracts the attention of both honest players and cheaters. EvolvedAim offers users a variety of features, such as automated trading and skill training. Developer EvolvedAim has been very successful in running its business for some time, advertising on forums and using a subscription system to access its product, but recently its business idyll has sunk into oblivion.
The story with the introduction of the cheat began with the fact that the developer EvolvedAim, known as Mythical, began cooperation with the owner of a certain large forum on cheats for Tarkov. During the year, both parties received a stable income. However, later there was a conflict between them when Mythical decided to reduce the forum's profit share. Then representatives of the forum noticed suspicious attempts to log in to their accounts and leaked desktop screenshots. After comparing the facts, they came to the conclusion that Mythical had implemented a malicious program in its product to steal data.
Fraud involving the use of cheats in online games is far from uncommon, but in this case the consequences were much more serious than a permanent ban. Since EvolvedAim was used mainly by adult users, the information stolen from their devices could easily be used by hackers to access personal resources, as well as corporate data of companies where dishonest gamers worked.
A technical analysis of EvolvedAim conducted by experts from CyberArk showed that the cheat was written in Python 3.10 and converted to an executable file using the PyInstaller library. Using various tools to extract and decompile the code, it was discovered that EvolvedAim contained malicious code that works in parallel with the main functions of the cheat.
At startup, EvolvedAim requested a license key, but the user's information was immediately transmitted to attackers. Malicious code disguised as harmless processes collected passwords and cookies from popular browsers. The malware also stole files from the MetaMask crypto wallet and took screenshots of the desktop. The collected data was then sent to Mega.nz and they notified intruders via Discord.
The situation was aggravated by the fact that many EvolvedAim users deliberately disabled the antivirus or added the cheat process to exceptions, because they knew that any software that interferes with the work of other programs immediately triggers a response from the security software. Therefore, dishonest players simply did not have a chance to save their data.
When Mythical's deception was revealed, the cheat developer was blocked from all the game forums with which he collaborated. According to preliminary estimates, the victims of the attacker were just over a thousand people. Now the EvolvedAim program no longer functions, its server in Discord is closed, and the developer has stopped its activity.
This case shows that the use of cheats can lead to serious consequences. Users not only pay for access to the cheat, but also risk losing their personal data, while simultaneously endangering the corporate resources to which they have access.
Escape From Tarkov is a hardcore military simulator that attracts the attention of both honest players and cheaters. EvolvedAim offers users a variety of features, such as automated trading and skill training. Developer EvolvedAim has been very successful in running its business for some time, advertising on forums and using a subscription system to access its product, but recently its business idyll has sunk into oblivion.
The story with the introduction of the cheat began with the fact that the developer EvolvedAim, known as Mythical, began cooperation with the owner of a certain large forum on cheats for Tarkov. During the year, both parties received a stable income. However, later there was a conflict between them when Mythical decided to reduce the forum's profit share. Then representatives of the forum noticed suspicious attempts to log in to their accounts and leaked desktop screenshots. After comparing the facts, they came to the conclusion that Mythical had implemented a malicious program in its product to steal data.
Fraud involving the use of cheats in online games is far from uncommon, but in this case the consequences were much more serious than a permanent ban. Since EvolvedAim was used mainly by adult users, the information stolen from their devices could easily be used by hackers to access personal resources, as well as corporate data of companies where dishonest gamers worked.
A technical analysis of EvolvedAim conducted by experts from CyberArk showed that the cheat was written in Python 3.10 and converted to an executable file using the PyInstaller library. Using various tools to extract and decompile the code, it was discovered that EvolvedAim contained malicious code that works in parallel with the main functions of the cheat.
At startup, EvolvedAim requested a license key, but the user's information was immediately transmitted to attackers. Malicious code disguised as harmless processes collected passwords and cookies from popular browsers. The malware also stole files from the MetaMask crypto wallet and took screenshots of the desktop. The collected data was then sent to Mega.nz and they notified intruders via Discord.
The situation was aggravated by the fact that many EvolvedAim users deliberately disabled the antivirus or added the cheat process to exceptions, because they knew that any software that interferes with the work of other programs immediately triggers a response from the security software. Therefore, dishonest players simply did not have a chance to save their data.
When Mythical's deception was revealed, the cheat developer was blocked from all the game forums with which he collaborated. According to preliminary estimates, the victims of the attacker were just over a thousand people. Now the EvolvedAim program no longer functions, its server in Discord is closed, and the developer has stopped its activity.
This case shows that the use of cheats can lead to serious consequences. Users not only pay for access to the cheat, but also risk losing their personal data, while simultaneously endangering the corporate resources to which they have access.
