Phobos backdoor
Date | October 18–21, 2020[1] |
---|---|
Perpetrators | Phobos client developers |
Type | Large-scale backdooring, griefing |
Motive | Revenge for the Emperium and related parties stealing and leaking Phobos client |
Result | >4,000 users compromised, >15 bases on 2b2t griefed, The Emperium dies, developers reported to the FBI |
The Phobos backdoor was a large-scale backdooring perpetrated by the Phobos client developers in revenge of their client's code being stolen by The Emperium and related parties. The version 1.5.4 of the hacked client contained a Remote Access Trojan (RAT). Which uploaded the user's Minecraft passwords, Discord token, Chrome passwords, desktop screenshots, and computer files to a remote server. The coordinates to many bases were obtained and leaked, and the developers had access to the personal information of thousands of players.
History
Originally, Phobos was a normal private hacked client, the developers being 3arthqu4ke, Crystallinqq, oHare, and Megyn. Hand chosen individuals used the client for its advantages in crystal PvP. Travis, the developer of Wurst+2, and other known Emperium members attempted to steal the client's source code. The efforts were eventually successful when Crystallinqq's Discord account was token-logged using a version of Wurst+2 leaked to him containing a token logger.[2] Phobos members would make version 1.3.3 public through Discord to prevent Emperium using it privately, people would soon reupload it to Github.[3]
However, to get revenge, a new, better version of the client was "leaked" by Phobos, which included the now known backdoors. These backdoors retrieved information from the user's computer. Despite the source code still being public, the backdoored code was hidden deep inside and went unnoticed. The backdoored client was run over 4,000 times across the server in under 48 hours.[3]
0x22, a known programmer and client developer, discovered the backdoors after searching through the code for a few days. It was discovered to be able to steal Discord tokens, Minecraft usernames and passwords, and Google Chrome usernames and passwords. After the discovery became public, the developers immediately removed the backdoored code to avoid trouble. However, the damage had been done; countless bases were compromised, and personal information was collected.[3] The developers were also able to obtain private clients from peoples' computers.[2] Griefing began shortly after the discovery, with developer Megyn providing coordinates of many bases to Team WAO.[4] The impact was widespread, killing The Emperium and affecting many other groups. Many victims reported the developers to the FBI, and archives of the backdoored code were made.[3]
Phobos continues to be a popular client for its hacks, with users downloading clean versions of the client.
Losses
Over 15 bases were griefed due to the backdoor in the course of a few days.[3]
- The Emperium (founded December 2016) dies due to bases being leaked and doxxing (see The Emperium § Downfall)[5]
- Elementars (high-ranking member) has e-chest/inventory cleared and is killed; stash griefed on 0b0t; banned from Hypixel[4]
- Emperium Halloween Base griefed[5]
- Guardsmen Halloween Base griefed[3][5]
- DonFuer 10 rebuild griefed[3]
- Infinity Incursion affected[3]
- Valinor (2017–2020) griefed[3]
- City Base griefed
- 2b2t Party Committee Halloween Base leaked; after talking with jared2013, who had already been invited to the party, WomenAreObjects promised not to grief the base on the condition that he was invited to the party
- Beirut griefed
- Transylvania (Crimson Star base) griefed