Phobos backdoor

From 2b2t Wiki
Jump to navigation Jump to search
Phobos backdoor
DateOctober 18–21, 2020[1]
PerpetratorsPhobos client developers
TypeLarge-scale backdooring, griefing
MotiveRevenge for the Emperium and related parties stealing and leaking Phobos client
Result>4,000 users compromised, >15 bases on 2b2t griefed, The Emperium dies, developers reported to the FBI

The Phobos backdoor was a large-scale backdooring perpetrated by the Phobos client developers in revenge of their client's code being stolen by The Emperium and related parties. The version 1.5.4 of the hacked client contained a Remote Access Trojan (RAT). Which uploaded the user's Minecraft passwords, Discord token, Chrome passwords, desktop screenshots, and computer files to a remote server. The coordinates to many bases were obtained and leaked, and the developers had access to the personal information of thousands of players.

History

Originally, Phobos was a normal private hacked client, the developers being 3arthqu4ke, Crystallinqq, oHare, and Megyn. Hand chosen individuals used the client for its advantages in crystal PvP. Travis, the developer of Wurst+2, and other known Emperium members attempted to steal the client's source code. The efforts were eventually successful when Crystallinqq's Discord account was token-logged using a version of Wurst+2 leaked to him containing a token logger.[2] Phobos members would make version 1.3.3 public through Discord to prevent Emperium using it privately, people would soon reupload it to Github.[3]

However, to get revenge, a new, better version of the client was "leaked" by Phobos, which included the now known backdoors. These backdoors retrieved information from the user's computer. Despite the source code still being public, the backdoored code was hidden deep inside and went unnoticed. The backdoored client was run over 4,000 times across the server in under 48 hours.[3]

0x22, a known programmer and client developer, discovered the backdoors after searching through the code for a few days. It was discovered to be able to steal Discord tokens, Minecraft usernames and passwords, and Google Chrome usernames and passwords. After the discovery became public, the developers immediately removed the backdoored code to avoid trouble. However, the damage had been done; countless bases were compromised, and personal information was collected.[3] The developers were also able to obtain private clients from peoples' computers.[2] Griefing began shortly after the discovery, with developer Megyn providing coordinates of many bases to Team WAO.[4] The impact was widespread, killing The Emperium and affecting many other groups. Many victims reported the developers to the FBI, and archives of the backdoored code were made.[3]

Phobos continues to be a popular client for its hacks, with users downloading clean versions of the client.

Losses

Grief of Infinity Incursion base Spookbase 4

Over 15 bases were griefed due to the backdoor in the course of a few days.[3]

References

Page text.[1] Page text.[2]