September 20th, 2019 at 8:14 PM
I've now found a similar sample in the wild on the same forum referenced above.
Was a link to a guide on exploiting G2A servers by spoofing timezone data/getting time mismatch errors causing to get a refund on a purchase. The payment processor allegedly refunded if the time was off, yet G2A would allegedly claim the payment went through, resulting in both a refund and getting the product.
Won't post the link here, but don't believe everything you see on the internet. Although this exploit would be plausible (it used to work on Steam to get preordered games faster by a few hrs claiming you were in Australia,) you should take things with a grain of salt. Generally if you see a script that's condensed into one line and has hex values everywhere, you can probably bet that it's malicious.
Was a link to a guide on exploiting G2A servers by spoofing timezone data/getting time mismatch errors causing to get a refund on a purchase. The payment processor allegedly refunded if the time was off, yet G2A would allegedly claim the payment went through, resulting in both a refund and getting the product.
Won't post the link here, but don't believe everything you see on the internet. Although this exploit would be plausible (it used to work on Steam to get preordered games faster by a few hrs claiming you were in Australia,) you should take things with a grain of salt. Generally if you see a script that's condensed into one line and has hex values everywhere, you can probably bet that it's malicious.
