Jump to content

doc/fraud.aaw trojan and get another email

Recommended Posts

Hai Sir,

i want to ask you about a email regarding a unknown side address  "arXXXXXXXXmad@yahoo.com". and he put a long CC to my friends and family email also.

the email was like

Hello. I have bad news for you!

6/19/2023 11:17:58 PM

" On this day, i hacked your devices operating system and got full access to your account- Vimal."  i have been watching you closely for  a long time.  i installed a virus on your system that allows me to control all your devices. Th virus software give me access to all the controllers of your devices (microphone, video camera, keyboard, display). i have uploaded all your information, data, photos, browsing history to my servers. i have access to all your messengers, social networks, emails, sync, chat history and contact list. 

I learned a lot about you.  below of this, other things are also written including my previous passwords.

I want to know that, is there any serious in this email threating.


Edited by Marcos
Email address obfuscated
Link to comment
Share on other sites

8 minutes ago, vml said:

Because, he already mentioned all my passwords under that email.

If it was a legit hack, the attacker would have shown proof in the e-mail of one or more passwords he was able to acquire. Were those passwords shown in the e-mail? If your e-mail password is disclosed in the scam email, change it ASAP.


Link to comment
Share on other sites

  • Administrators

I've checked your forum email address. Your personal data leaked in some 3rd party breaches which is where the sender might have got the passwords from. You should urgently change your password if you haven't done so since the breaches:

2,844 Separate Data Breaches (unverified): In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.
Compromised data: Email addresses, Passwords

Cit0day logo
Cit0day (unverified): In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Passwords

Gaadi logo
Gaadi: In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Usernames

GeniusU logo
GeniusU: In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles

Royal Enfield logo
Royal Enfield: In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details

ShareThis logo
ShareThis: In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by dehashed.com.
Compromised data: Dates of birth, Email addresses, Names, Passwords

Link to comment
Share on other sites

It's impossible to determine at this point the attacker gained access to your PC. If he did, he could have uploaded anything he wanted.

I would say if this uploading actually occurred, the attacker will most likely pubically post a few files as a further inducement to get you to meet his extortion demand.

As far as the comment by the attacker having a video of you beating-off, did you send such video as an e-mail attachment to someone? If so, this is how he most likely obtained it.

Link to comment
Share on other sites

11 minutes ago, vml said:

And one more doubt is, if he is threating me personally, then why he send this email to all other email id??

This is a good indication that the e-mail is a scam. However, at this point there is no way to guarantee it is.

Like I posted if the e-mail is legit, he will most likely do a partial posting of data he uploaded. I would wait to see if this occurs.

If you previously uploaded explicit photos to some social media web site, this is another way the extortionist could have obtained them.

Edited by itman
Link to comment
Share on other sites


In your point of view, you are also thinking this will be real? Is there any solution for this?? He mentioned like "once i open this email, from that time onwards to 48 hours he give me to send coins. That means 13th midnight 1 am.

Sir, Any solution for this?

I didn't send any kind of videos via email. 

Link to comment
Share on other sites

No.. No.. I didn't upload any kind of pictures in social media accounts or website.

Link to comment
Share on other sites

  • Most Valued Members
29 minutes ago, vml said:

No.. No.. I didn't upload any kind of pictures in social media accounts or website.

Block the guy and his emails.

Scan your computer to be extra sure

This is just a scam to make you afraid and send money, in the email , you can see that this email is sent to many people same as you.

I don't think the attacker also has "learned a lot about them!!"

Link to comment
Share on other sites

Some security advice.

If you keep sensitive data on your PC, make sure its encrypted. Better yet, only store that data on external media not permanently attached to your PC also encrypted. If an attacker was able to upload this encrypted data, it is worthless to him.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...