They Buy EAs, but get a Virus and Loose all their Data and Money
Analytics & Forecasts

They Buy EAs, but get a Virus and Loose all their Data and Money

4 October 2023, 23:21
Eugen Funk
Eugen Funk
1
237

There is a place on the internet, where you can buy the most popular EAs from the MQL market for $20. Does it work? It works awesome! - If you are the hacker behind it.


Once in the past, a friend shared a web link with me, leading to a place on the internet where individuals were being presented with highly sought-after EAs from the MQL market at an astonishingly low cost, something akin to a mere $20. This "community" would pool their funds to acquire the desired EA from mql5.com, at which point a skilled hacker would circumvent the security measures of MT4 or MT5's, subsequently distributing the hacked version to all members who had paid.



The first time I stumbled upon this website, I wasn't particularly intrigued. I swiftly assessed their offerings and made the deliberate choice not to become a part of it, for various reasons. However, things took an interesting turn when they set their sights on my beloved AI for Gold EA. This piqued my curiosity significantly, prompting me to invest some time in dissecting the situation. You'll be astonished to hear what I uncovered! 😲


How it Starts

The first step is usually a forum post, where the collection of money to buy an EA is announced. Everyone, who would like to participate in the joint buy, can transfer $20 via paypal or crypto to the admin of the page. They usually have multiple "fundraising" campaigns running at the same time.

A list of currently running "fundraising" campaigns for different EAs.


Payment

So after enough prospects transferred the money, the admin buys the EA. At least this is what they say. I guess they do not buy anything. They just download the demo file and try to hack it.

Depending on the price of the EA, the amount and the price for each buyer vary. But it is usually around $20 and 23 participants are expected.

In case it takes longer time to collect the full price, some forum members cheer up everyone to pay faster.

And guess what? I joined and paid for AI for Gold too! 🥷


Delivery

Now things are getting interesting! After all 23 buyers are collected, the delivery is quick. The admins distribute a password protected rar file over Google Drive. They use password protection in order to avoid a Virus Warning from Google. Wait - What? I'll come back to it in a second. You probably already have a feeling how this ends.

The hackers provide a ex5 file and a dll file. The dll file replaces an original MetaTrader-dll file.

I quickly checked the hacked dll file on virustotal.com and this is the result:



The list of Anti-Virus tools and its virus detections inside the provided dll file.


Trojan, Unsafe, Malware,Malicious are the terms all coined by just one file. Would you run it?


Me, pretending to be a total idiot asked the admin: Why do some virus tools detect a virus in your files? The answer:

Admin: The virus-tools detect viruses because the dll file is UNOFFICIAL. You can disable them.

Really? Nothing serious then? All right!


Getting **cked

But wait, what can actually a hacker do with my computer if I run his Trojan?

I can tell you a lot of stuff - but let's see what ChatGPT knows:



That sounds like a lot. Really.

  • Want your Email-Account to send naked pics around? Run the file!

  • Want to get rid of your PayPal balance? Run the file!

  • Want to spend 1000$ for Ads with your Facebook/Google/TikTok Account for product you never heard of? Run the file!

  • Or maybe infecting your whole company network and loose your job? Run the file!

Trojan Crash Course

Let's see how easy you can gain full undetected remote control of a computer of a guy who runs your infected file. I don't want to bother you with all the details about security exploits, payloads and privilege escalation. So we take the super short route of only two steps. But before starting, you will need to install the MetaSploit Framework. It is so easy even my dog can do it.


Step 1) Inject the code into the DLL, which will connect to your hacker-computer as soon as the victim runs the file.


Step 2) Run the listening program on your computer to receive the connection from the victim computer.



Now let the victim run the file. Aaaand:


We have full access to the Windows system. Now we can look around all the files, make screenshots, install new software, delete software, click on "delete email" etc, etc.

Summary

Be afraid of EAs delivered with a DLL file. If you really, really need to run it, check the DLL file at least on virustotal.com Btw, AI for Gold was not hacked successfully so everyone who paid for it did not get anything in return. If you see somewhere a version of AI for Gold coming along with a DLL file, be careful! It is a copy with a virus inside.

Subscribe to get all posts automatically into your inbox:

Subscribe



Share it with friends: