scammed through python keylogger

[Noq]

hello everyone, first of all, please don't judge me for what happened. I know myself that I am an idiot.

so, to keep it short, someone made me use a .py file on macOS in terminal while entering my wallet's passphrase.

10k USD are gone now. i know how dumb i am, you dont have to comment that.

but i dont know anything about python. a quick google search told me that its easy to program a keylogger into python. that is what they've used in that case.

i dont care as much about the money, as i care about my own security. i deleted everything python related already. how do i eliminate anything dangerous from happening from now on? its a .py file as i said, can the file alone do any harm? or can it only work whilst being executed on python?

im a musician, and im afraid these people have access to my ssd and would be able to format my hard drive. they are absolutely ruthless.

im just scared, can anyone help me out or tell me that everything is fine?

i can provide the .py file if needed, if someone can check it out maybe.

[Gribouillis]

• Any program that you run on the computer can be dangerous if it comes from an untrusted source.
  
• Why do you keep the .py file if you think it can be dangerous?
  
• Is the .py file really a Python file or a program purporting to be a Python file by having a .py suffix?
  
• A Python file can only be executed by a Python interpreter. I'm not a macOS user, but I doubt you can remove all Python interpreters on such a system, I may be wrong though.
  
• A keylogger can be coded in 3 lines of Python because it suffices to import a keylogger that someone else has already coded.
  
• If a keylogger can be easily written in Python, it means that it can be easily written in almost every available language, because all these languages can access the same OS libraries one way or another, so you should not only worry about Python files but also about every other program that you download.
  

[Noq]

• Any program that you run on the computer can be dangerous if it comes from an untrusted source.
  
• Why do you keep the .py file if you think it can be dangerous?
  
• Is the .py file really a Python file or a program purporting to be a Python file by having a .py suffix?
  
• A Python file can only be executed by a Python interpreter. I'm not a macOS user, but I doubt you can remove all Python interpreters on such a system, I may be wrong though.
  
• A keylogger can be coded in 3 lines of Python because it suffices to import a keylogger that someone else has already coded.
  
• If a keylogger can be easily written in Python, it means that it can be easily written in almost every available language, because all these languages can access the same OS libraries one way or another, so you should not only worry about Python files but also about every other program that you download.
  

[deanhystad]

My concern would be that it copied itself and installed itself as a service. There must computer security companies in your area. You should visit one of them.

[Noq]

this is the first time i witnessed other people to log my keyboard inputs live. i have cracked software on my PC/mac for the last 10 years, and never did anything like this happen. so im kinda upset right now.

i deleted the .py file of course. and anything related to it.

- i don't know if it is a python file or a script, look attachments:

- as i said, im handling cracked software for over a decade and never ran into problems.

i uploaded the file if anyone wants to check it: <link removed>

im trying to delete everything python3 related from my macOS right now, 3 files aren't delete able, "you do not have the required access rights". is that common?

Gribouillis write Aug-29-2023, 05:37 AM:
Link removed for security reasons. See below replies for explanations.

[Noq]

• Any program that you run on the computer can be dangerous if it comes from an untrusted source.
  
• Why do you keep the .py file if you think it can be dangerous?
  
• Is the .py file really a Python file or a program purporting to be a Python file by having a .py suffix?
  
• A Python file can only be executed by a Python interpreter. I'm not a macOS user, but I doubt you can remove all Python interpreters on such a system, I may be wrong though.
  
• A keylogger can be coded in 3 lines of Python because it suffices to import a keylogger that someone else has already coded.
  
• If a keylogger can be easily written in Python, it means that it can be easily written in almost every available language, because all these languages can access the same OS libraries one way or another, so you should not only worry about Python files but also about every other program that you download.
  

thank you but i doubt that these so called "specialists" do have more knowledge than anyone on this forum, since its a complex subject.
i highly doubt that anyone in a computer store has python knowledge and can say anything else than "install an antivirus"

[Gribouillis]

i uploaded the file if anyone wants to check it

Why is there a bitcoin donation address next to the message with the file? I am concerned that you provide a link to a potentially harmful file here in python-forum.io. Why is it written "make money" in german next to the download link? Please explain or I am going to remove the link for security reasons.

i deleted the .py file of course. and anything related to it.

But you are distributing it over the internet. It looks contradictory doesn't it?

[Noq]

i uploaded the file if anyone wants to check it

Why is there a bitcoin donation address next to the message with the file? I am concerned that you provide a link to a potentially harmful file here in python-forum.io. Why is it written "make money" in german next to the download link? Please explain or I am going to remove the link for security reasons.

i deleted the .py file of course. and anything related to it.

But you are distributing it over the internet. It looks contradictory doesn't it?

i shared the file for someone maybe looking into it.

i don't know about a bitcoin donation address

[Noq]

the .py file installed modules into my system. i only want to know if there is a possibility of removing it from my system, or if i have to set up the system again

[Gribouillis]

the .py file installed modules into my system. i only want to know if there is a possibility of removing it from my system

Can you identify what the program installed on your system? That is the main question. If it installed Python modules and you know these module names, they can easily be removed in principle, but a Python program can potentially install anything that you can install yourself as a user with the permissions it has when the program is launched. It could be Python modules, but it could as well be all sorts of files and executable programs that have nothing to do with Python. The Python program can download these files from the internet and install them on your computer.