Responding to a Common Hack: My Experience with the “Test My Game” Scam

In the digital age, where cyber threats loom large, even seasoned users can fall victim to cunning scams. Recently, I found myself caught in the “Test My Game” scam, a classic trap that underscores the importance of vigilance in online interactions. Here’s my experience and the steps I took afterward.

How It All Happened

I received messages from two long-time Discord accounts I had trusted for years. They reached out with a seemingly innocuous request: to test out a game through a downloadable link. In a lapse of judgment, I went ahead and executed the file, only to be confronted later by a third Discord account with a screenshot showcasing that they were logged into my Google account.

Taking Immediate Action

Realizing the gravity of the situation, I swiftly disconnected my PC from the internet, utilizing a spare notebook to ensure my online safety. I proceeded to log out from all my accounts on Google and Discord, resetting my passwords along the way. Thankfully, my passwords were stored in Google, which facilitated the process. I also activated two-factor authentication (2FA) wherever possible to add an extra layer of security.

To further mitigate the potential damage, I performed a clean installation of Windows 11 on my PC. This action wiped the drive containing the operating system, though I was still concerned about possible residual threats. After running a comprehensive scan with Windows Defender, I planned to install additional antivirus Software, such as Avast and Malwarebytes, to conduct thorough evaluations of my system. During this time, I kept my PC offline to prevent any further breaches.

Investigating the Malware

I’ve come across the malware in question, hosted on oblivora.com, and I hope to analyze it safely. If anyone has experience in safely evaluating malware, your insights would be greatly appreciated.

Do I Need to Wipe Everything?

While I prefer not to wipe all my drives, I want to ensure that my system is entirely clean. If it becomes necessary, what recommended tools are available for executing a full wipe of additional drives?

Final Thoughts on Security

Given the steps I’ve taken, I’m hopeful that I’ve done everything I can to secure my accounts and eliminate the threat. However, I’m seeking input from the community on whether there are additional measures I should consider. Your tips and insights could be invaluable in ensuring no remnant of the threat remains.

Stay safe out there, and always