Today I was in a Zoom call, right after it ended I got distracted for a couple seconds just to see that someone was browsing on my pc trying to get into my Paypal and bank account, as soon as I saw it I shut off the computer, then proceded to turn it on and scan for viruses. I’m pretty sure the scanner found the trojan I was looking for and so I deleted it, we’re talking about NetSupport RAT. So now I have a couple of questions: he didn’t get anything done (as far as I know) cause his action lasted for about 30 seconds at maximum, how much do I have to worry now? Is it possible that he was monitoring my screen before he took control over it? It seems such a strange coincidence that right after I get distracted after a Zoom call he enters (my camera was on too). Is eradicating the trojan enough? Is there something else I should look for to make sure they do not have access anymore? I used the pc throughout the day without encuntering anymore issues.
if you can afford it, get a basic af chromebook or something inexpensive and do only purchases on it.
Check for a keylogger, change your passwords on a diff computer and don’t use it on that one until you’re 100% certain. Setup your bank to alert you for any purchases.
Thanks for the tip, will change the passwords for sure. Also I might be dumb but I don’t see how someone could break through my bank 2FA even if they had my password, to log in myself I have to scan a qr code with one and only different device, but maybe hackers know something more than I do.
They can spoof ur number and receive the 2FA on their end
So no one has posted this. I work cyber security blue team.
It’s a cookie stealing attack and really common right now. Just google cookie stealing and MFA and you will find tons of articles on it.
You know how you don’t need 2 factor to login once you’ve done it once? Cookies. Password stealers are grabbing full profile data to pretend they are your browser.
2nd. Netsupport is not a trojan per se (if that is what you have), but it is very common tactic right now to get someone on the phone or chat (typically via a fake invoice charging a bunch of money, or a fake AV chome popup) and trick them into installing the remote access software.