A new server named PureKO was recently released for beta-testing. The first thing we noticed was the launcher acting weird. It was generally slow and after a while error messages starting popping up.
Name of the launcher/anti cheat: Pvpknight Anti Cheat (PAC)
We started debugging the process and noticed that data was sent from the process to a sever located in Turkey (Not the game-servers IP). The data was encrypted, but we managed to find out that the packets was in fact a keylogger because the data was larger when we typed more frequently.
After investigating a bit more, we decided to hit up the owners of PureKO to chat in IRC to find out what's up with the anti hack-shield logging keystrokes and program data. We never got any answers from them and they started to act weird, they haven't responded since.
And to end it all, we managed to get into the database where we noticed there were tabled prepared to store credit card information. We cannot gurantee this will be used for evil, but the impression we got from them in general makes us think that it's just as fishy as the keylogger.
Special thanks to KataNoob and TheTompa for helping me expose these bad people!
Bookmarks