** MY Cloudflare worker APIS are being stolen**
A few months ago my desktop was hacked and most of my accounts were compromised including cloudflare. I retrieved the accounts changed passwords and set up 2fa. But whenever I work on cloudflare workers, even if I haven’t exposed the worker links, they are being called by some fishy IP address. I have reset the API tokens on cloudflare, I have also scanned multiple times for viruses.
I have used different accounts, two different devices, and also different networks. But the problem persists. I am completely new to cyber space. Could somebody please tell me what is happening? where can the problem lie and how can I deal with it?
I’m afraid the malware persists in all my devices and is still sniffing all my data
These are the screenshots of the requests sent by the hacker. The hacker seems to be using a vpn.
I received more than 52 requests at once all of them are get requests followed by a final HEAD
The location is so far from me, the request is from Europe and I am in Asia
More information about the request
- I initially tried seeing if my account was hacked, so I created a new account, created a new worker, and within 10 mins some calls were being made. I have compared with my coworkers, they have had no such issues.
- I later reset the tokens and used the new account on my phone and deployed a new worker, again the problem persisted
Then I reset everything and using my phone, its mobile data and the new account I created previously, 3. i tried again (this time not using the home wifi) but the issue still persisted.
I was hoping to isolate the virus. But I couldn’t understand. Does it lie in my mobile, laptop and desktop? No antivirus can find it either.
- I have also cleaned my browser history and reset cookies multiple times, but the issue is still there.