The other day, I let a scammer connect to my VM using gotoassist / logmein.
Within seconds of connecting, he told me : “you have an Asus machine,an Asus Advanced, correct?”
Which is the fake bios information I entered in my VM. I saw nothing on my screen. What other information does goto assist provide them?
@Vertigo#91237
Edit: Looks like this from the scammer’s perspective:
I found this here from 2012 (or so?). Should be similar to this. Note that in this case the person is connected to a phone it seems so that's why it shows phone number etc
[IMG]https://morgan123.files.wordpress.com/2012/04/systemsummary.jpg[/IMG]
Thanks. Doesnt seem too detailed, but it certainly explains why some scammers hung up on me so quickly before I changed the bios info.
Ok, saw the edit, thats quite a bit of info.
The file transfer, I assume that lets them download files from our VMs quietly?
Ive been a little surprised no one has been visibly downloading all my fake documents and bitcoin wallets, but if they do it invisibly, that would certainly explain and I may need to read up on RATs again.
Speaking of which; if anyone trusted here has a RAT ready to go, with a proper crypto, and wants me to deploy your executable on my VM, send me a PM. I do a lot of calls and I think I have a pretty convincing VM that would give them a good reason to download open some of my files. But Im not quite ready to create RATs, host a windows VPS and even if I would, Im not entirely sure what id do with it.
@Vertigo#91247 Yes, I assume the file transfer works both sides! I could imagine in a real support scenarior that the technician sends the client some kind of diagnosis file and through this file transfer you can send/receive files. So it can be that they go through your files and check your RATs. Of course it depends if they have some Antivirus installed on their side cuz most RATs get detected pretty easily. But as you said, if someone crypted it, it should be fine 
Im going to try dig in a little more. For instance, find out if file transfer uses distinct ports, so I could throttle that selectively. Could be fun if my files download at 1Kb/s.
There seems to a free trial. But interestingly, gotoassist as been rebranded in to rescueassist in 2018. I dont think I have ever encountered rescueassist. Does anyone know if there is a reason scammers are still using the old version?
@Vertigo#91251 I don’t know why they use the GoToAssist old version but for teamviewer I know it: Teamviewer removed the “black screen” and “lock input” functionality from their newest versions to combat scams. Scammers still want this feature though and that’s why they go to 3rd party download sites and load the older version which still has these features.
@Vertigo#91247 yeah I got a RAT that I’ve been trying to get a scammer to put on his machine
