Liam Amarku

And I understood that they were trying to defraud customers of eBay.

So I decided to name it, I couldn't use eBay as a trade name, so I decided to call it BayRob because they were robbing customers of eBay.

And what the malware was doing was it was sitting on your computer and when you tried to connect to the eBay website, it would intercept your connection and it would inject false information into your browsing session.

And it made it look like the false information was actually coming from the eBay legitimate URL, so you wouldn't notice that anything was different.

And then they were using that to sell you things that didn't exist on eBay.

I kept searching to see if I could find that missing piece, and I just kept on looking through our telemetry and looking to see where I might find this.

And I knew there was some places where this was probably going to be distributed, so I was looking in those places, like on Craigslist, for example, in email, looking to see if I could find any places where I could find a complete package that would help me to analyze it from beginning to end and understand exactly what the attackers were doing, how they were making money, where they were sending the money, the entire thing.

I wanted to know it all.

And it turns out that the reason I couldn't solve the entire problem was because the attackers were geofencing their fraud so that it could only happen in America and only happen in certain locations within America.

And I was in Ireland at the time, I was based in Ireland.

So when I tried to connect to these auctions, because they were posting these fraudulent auctions, because I wasn't in America, I wasn't authorized to see this fraudulent data.

And I managed to discover who that victim was.

I reached out to that victim and she had actually signed up for an auction after she had been defrauded the first time.

She went, she found another auction that was very similar and she signed up for that and she had gotten the entire package, the entire malware package.

And I spoke with her and she's prepared to share that with me.

I pose as her.

I recorded my entire session and I went online and I bought this car.

And as part of the fraudulent information that they were injecting into the eBay website, they injected a chat window where you could chat about this fraudulent auction.

And when you chatted, you thought you were talking to eBay support, but you're actually talking to these attackers.

So I recorded this entire thing.