An “XBox code generator” site has been popping up on video sharing websites and elsewhere recently, even though a lot of the content promoting it hawked “Runescape moneymaking”. The site is dead now, but the executable it promoted is still doing the rounds so let’s take a look.
First, the sales pitch – “How to make money with Runescape”:
Visiting the site would bounce you around a number of different redirects, all of which wanted you to download a program. The example below had some awesome pseudo tech babble:
“This is a fully employed xbox whippy maker. It cannot move your xbox untaped account – it gives you a cypher”.
Well, as long as it gives you a cypher. Anyway, hitting the “Generate code” button takes you to a download located on a free file hosting website. Like many programs of this nature, it cycles through a collection of (completely useless) fake codes each time you hit the Generate button. Most programs like this would have dropped something nasty on the PC by this point, or have asked for login credentials to email to the attacker behind the scenes. This one tries something a little different.
You’ll notice some text at the bottom of the program. It says:
“This version uses an outdated formula. The keys generated may not produce correct codes. Upgrade to 1.17”
I guess their cypher was faulty. Anyway, hitting the “upgrade button” – which I can’t say I’ve ever seen in one of these things – takes you to a suspiciously named (dot)tk URL: xbox360generator(dot)tk.
Strangely, it was pointing to a football website – I say “was”, because it now leads nowhere. In this case, the scammer was probably worried they’d be shut down and attempted to point the site to somewhere less suspicious (didn’t work).
Given the name of the .tk URL, it’s possible that the scammer was attempting to first gain the trust of the user with the program, then direct them a web based equivalent that asked for login credentials. Maybe they just dumped you onto a survey scam instead. There’s no real way to know now as all of the sites involved appear to be offline, but we can confirm this program does not generate anything remotely useful.
Including cyphers.
Christopher Boyd (Thanks to Alden Baleva for additional research)