I recently ran a cracked FL Studio installer, and shortly after, my GitHub, Telegram, and Discord accounts were compromised. I only realized my laptop was infected when Malwarebytes detected and removed an info stealer Trojan after about five days. The Trojan accessed saved credentials in Internet Explorer, but not Chrome. After the malware was removed, I moved some photos from my PC to my phone using USB. My phone isn't rooted, USB debugging was off, and I scanned the files twice—no threats showed up. Since then, I've reset all my major passwords, enabled 2FA, and started using Bitwarden. I've also factory reset both my PC and phone and haven't seen any unusual activity or signs of blackmail. I'm trying to understand the full scope of this situation. Could this Trojan have stolen my photos, or was it solely targeting passwords? Am I at risk of having personal photos taken, and is there any lingering risk after all these resets and precautions?
3 Answers
You did the right thing by resetting your devices and keeping careful track of your accounts. If no unusual activity has occurred in the 10 days since, the likelihood of your photos being stolen is pretty slim—especially if you took precautions before connecting your phone. Just stay vigilant!
Always good to be cautious! It’s great you have 2FA and used a password manager. Just keep an eye out and stay safe!
While info stealer Trojans generally target credentials, they can technically access media files too. However, unless you're a public figure or the target is particularly valuable, it's unlikely they'd bother. Plus, malware usually can't infect a phone just by being connected to a PC unless certain conditions are met (like USB debugging enabled). Since you reset everything and no issues have popped up since, the risk is quite low. You're probably in the clear!
Thanks for the reassuring info! I made sure USB debugging was off and reset everything, so I feel a bit better.
Good to hear! Just keep an eye on your accounts, but it sounds like you're taking all the right steps.
Reinstalling Windows completely is the safest bet. Just resetting the PC might not ensure all threats are gone, so a fresh install is better if you're really worried. Changing passwords and enabling 2FA were smart moves, though!
Thanks! It’s nice to hear some positivity. I’ll keep monitoring my accounts.