Taking screenshot of a desktop by a stranger is called malware. Taking screenshot by a big corporation like Microsoft is called a feature (Microsoft Recall)
M bbye errors and ICcccc cc c c c c c vccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc@@Azapruu
Imagine John's screenshots turning up in there.... haha Anyway, most apps block out the password when typing it on the screen, so screen shots are not that helpful unless they can reveal the code from the OS.
What exactly made the victims taste in pornography so incredibly important to you? You seem eerily familiar with spoofing inappropriate language to get your comments seen. "He who smelt it" and all that..
Just as surprising/funny; the same screenshot reveals that the user has VirtualBox downloaded to the desktop. How does one know enough to set up a virtual environment (this is assuming that the user actually understands how to use VirtualBox) but not enough to stay away from game cheats?
@@joek5930 I would've guessed them to be a security researcher but then again the attack is outside the VM (unless they're a maniac who are running VMs inside VMs)
"There's one interesting thing that happens when infostealer malware runs, it takes screenshot of your whole desktop..." Hmm, seems familiar, but luckily the parties already pulling off from that idea (for now)
Flare looked great, so I went to sign up but it's only for verifiable cybersecurity and IT professionals. I'm not active in the field anymore (professionally anyway) so don't think they'll approve me. Is there a similar service for normies? (or one that utilizes Flare's data?)
RPack launcher is likely bad, but if you got all these screenshots from the same source wouldn't they all be captured by similar malware? Or were they sourced from multiple adversaries/sources?
I imagine that entire site is just a malware spreader disguised as a genuine pirate website. There could even be actual games being downloaded to avoid suspicion and make the person likely to suggest the site to their friends.
I don't understand why companies just let stolen session tokens keep being used. Can't they make session tokens device specific or something like that?
I wish these sponsors would have an option for individuals like myself that would love to use their software to learn in a homelab setting, or at the very least, not charge so dang much. Making it impossible for anyone other than a bussiness to get access to use their software. Basically every single one that you and other security youtubers get sponsorships from, have no use for the average interested individual on youtube that is educating themselves about the world of security. Maybe I just have no idea but I don't beleive business spend their time watching youtube videos to build their security stack.
There was a scammer that just had malware that just takes a screenshot and got the emails (not passwords) and then threatened to post it online and asked money within 48 hours, after 48 hours I checked and nothing showed up on the internet and I wasn’t hacked so he just wanted quick money also I was safe because the malware was on my external ssd and then deleted it as soon as I saw that it was some random iso file
"wallpaper engine" alright... @steam, also can be put on phones. Argument can be made, there is also attack surface there ... One can get bg image for 4K or dynamic size, interactive such as this periodic table, some are just flat out video playing, etc...
@@randomict6445 The reason I mentioned Lively Wallpaper is because it has a built in interactive Periodic Table, im not sure if its the exact same version, and not sure if Wallpaper Engine has it.
John, why does Windows Defender allow this malware to make a network/internet connection? How does something like ZoneAlarm compare, when it's set to strict and you have to manually allow every connection attempt?
What a great idea!! This was fascinating. Kind of like perusing videos of trainwrecks or something. Love your channel; I wish I could catch up on the technical side.
That might depend on your computer setup. If it's a business or school computer, this may be normal if they run login scripts. Some automatic startup items might also do this if they use any external script engine, such as Windows PowerShell. Go through your startup items in task manager and services manager to see if anything suspicious pops up. If some program you don't use often always start up on system boot or user login, try disabling automatic start in task manager and see if one of them was causing the CMD window popup.
Looks like you need to figure out what's installed on your computer. There are some legitimate softwares that do this. So you don't need to be immediately alarmed.
18:52 My theory is that on the third tab, they tried to download a fake version of free Spotify premium or something as it says ad-free in parenthesis Edit: I saw someone already made the same comment lol probably others before them as well
This is probably a stupid question, but do they hold data for decades or just short period of time. Asking because I am sure I downloaded malware on my old PC when i was a kid like 10-15 years ago and they definely got whatever they wanted back than.
maybe the people who hacked you dont, but the people they sold that information to definitely do. its probably on a list in the internet somewhere with hundreds of other peoples info
@@triangle3113 that's why heuristics come into play while windows defender sits there and waits for something to happen and when something happens it doesn't do anything Fresh windows defender can't stop malware that's been known for years you commenting that means you know very little
I have a question about session hijacking why cant session tokens be encrypted so that if it's stolen it would be useless to a hacker this is a question I've had for a long time if you could answer this for me I'd appreciate it. Also you inspired me to start taking my opsec and general security seriously we need more people like you on youtube
Because the idea of the cookie is that you don't need to log back in with your password. Encrypted cookies would require the user to re enter their password. Convenience > Security
The session login token itself may well be encrypted already, but if you don't log out from the service, the token may still be used to log in from another device under the control of the attacker, as if they were you. Keeping these "auto login" cookies can be convenient, but anyone with that cookie can pose as you without needing to log in. You need to log out from the service to clear it, or delete all cookies when you exit the browser. If you use the "derriere chinos without logging out" approach, you are taking the chance that no one has snatched that cookie while you were using the browser. Web based email, your favourite shopping site or other services you use that does not have automatic logout timer if you don't interact with it, are all vulnerable to this attack. Automatic logout timers work on the server side, so if you just close the browser, sit idle or only use other browser tabs or applications, you must log in next time you return to that site. Banks, insurance companies and others handling vital personal data should always do this automatic server side logout, if they care anything at all about safety.
Seeing how game repacking has groups of packers beefing with each other (with some of the re packed game installers containing stuff that hacks you if you try to switch to another groups re packed games) it kinda makes sense that its in so many of these screenshots. But also there's trusted re packers out there and ive never seen rpack named anywhere. As for fling it was one of the most well known single player only cheat software next to wemod and og cheat engine. If its one of the reasons then rip. Probably hopefully downloaded from the wrong site lol.
Bro seriously how many thumbnails do you need to make for one video. Out of every channel I follow, hundreds of og TH-camrs been doing this since 08, you're the only person who's videos change thumbnail every single time I come back to the page.
6:03 the text translated to ●Rest assured that all files downloaded from this site are completely safe and free of viruses ●For fast download use (IDM/FDM) it will be 10 times faster than browser download If it says it's safe like that... probably don't download it lol😅
I wonder if those "stick" folders had something to do with that Chapman Stick? Like samples or templates. Only saying that because I noticed Reaper as well on the desktop. That's a Digital Audio Workstation that screams Chapman stick enthusiast.
I don’t save my password on my computer because I would get old and new passwords mixed up and it’s safer to not save it. I have a password book that I write my passwords and other information on websites I use instead
@@Cloud67TRthese websites are unreliable if i don't go on a website for some time its gonna remove my cookies and that wont fix no matter how much i try
Gaming cheats and keygens are full of viruses, but the odd thing is that they usually work though (at least keygens). I usually spin up a sandbox vm hosted in a tmpfs where I extract the keygen and then just turn off the proxmox. Everything in the memory is deleted then. I mean I did this in the past. Not anymore, because I even dont use Windows or Windows software anymore. I am full Linux nowadays.
At the 5:14 mark, the screenshot shows VirtualBox right on the desktop. My question becomes; who knows enough to set up virtual environments but doesn't understand the perils of downloading game cheats???
It's interesting that hackers are going after people who are too poor to actually just buy the programs. the cheaters I mean screw those guys but some poor kid who just wants to play mine craft and lives in a shitty low income situation where their parents can't buy them shit. Like really it's pretty sad. I have gotten hit with some malware back when I was in the same kind of situation well over a decade ago.
5:14, the user in this screenshot has VirtualBox downloaded to the desktop and has a desktop folder titled PC Retro with a VM file in it! So; the user understands how to set up a virtual environment, but not enough to stay away from game cheat downloads?
you should do a video exposing websites like fling trainers for malware, personally i've even downloaded something from there before, luckily i only login to steam, battlenet and epic on my gaming PC all with 2fa no banking or social media etc. i have recently formatted though 😂
I hate to disappoint but info stealers can bypass 2fa on services not well designed, an example is google and TH-cam, this is called token stealing and it basically tells the service they're already logged in
I used this to try and fix computers and make them more efficient, removing things like crowdstrike malware. I didn't try to steal any info, but many others did. I just like OSes like GNU Guix system Linux distro
Taking screenshot of a desktop by a stranger is called malware. Taking screenshot by a big corporation like Microsoft is called a feature (Microsoft Recall)
as you said, also, NSA collaboration with M$
@@gahshunker LOL
Well money taken by stranger is robbery , money taken by IRS is tax
Though I am repelled by Recall, MS st least does not exfiltrate the images.
@@mu11668Bfor now. T&S and updates happen automatically 😊😊😊
John getting so jumpscared by a random Genshin Impact screenshot he just wants to get rid of it as quickly as possible lol
John seeing Genshin, and instinctively nopeing out 😂
pretty normal reaction to seeing a tiny floating child in a game that you dont know lol
@@Azapruu considering the context of the other stuff, makes sense lol
@Internet_User_0x0000 yea, for people who enjoy well written characters with giant amount of content (not talking about Paimon).
@Internet_User_0x0000 ???, if ur talking about THAT specific type of people,,, thats just 0.1% of people in the fandom and we all hate them
M bbye errors and ICcccc cc c c c c c vccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc@@Azapruu
Hey John
can we dismantle this R.Pack luncher?
I'm curios what monsters are in there.
>Femboy p*rn
"I hope that was eye-opening, at the very least"
Indeed 😂My heart skipped a beat when I saw it and I had to check it wasn't my pc
wait wha-
Imagine John's screenshots turning up in there.... haha Anyway, most apps block out the password when typing it on the screen, so screen shots are not that helpful unless they can reveal the code from the OS.
18:20
There was also a pic of Epstein. 🙄
What exactly made the victims taste in pornography so incredibly important to you? You seem eerily familiar with spoofing inappropriate language to get your comments seen. "He who smelt it" and all that..
Great Video again!
I can't be the only one who was thinking every time a new screenshot came on: "Don't let it be my screen". 😂
5:03. The most surprising/funny is not the macdonalds' folder, but the Flash Player icon inside in the middle of 2024.
@@b48292 It definitely looks more like flash to me
that's a name i've not heard in a long time
Just as surprising/funny; the same screenshot reveals that the user has VirtualBox downloaded to the desktop. How does one know enough to set up a virtual environment (this is assuming that the user actually understands how to use VirtualBox) but not enough to stay away from game cheats?
@@joek5930 I would've guessed them to be a security researcher but then again the attack is outside the VM (unless they're a maniac who are running VMs inside VMs)
Could it be that old McDonalds flash game?
"There's one interesting thing that happens when infostealer malware runs, it takes screenshot of your whole desktop..."
Hmm, seems familiar, but luckily the parties already pulling off from that idea (for now)
_laughs in Windows Copilot_
this is gold. listening to you read the file names was hilarious
18:47 seems like the victim is trying to install an advert free cracked variant of spotify, that may have triggered the info stealer malware!
Cant blame them
I'm a fan of the 'what were you doing when you got owned' series. More please.
Well, followed your sponsor and their website try out form has incorrect CSS and won't allow you to sign up, great.
did you run as Admin?
It's a huge red flag when the version number of software is is in the tens of thousands. No one is revising the same program that much.
Flare looked great, so I went to sign up but it's only for verifiable cybersecurity and IT professionals. I'm not active in the field anymore (professionally anyway) so don't think they'll approve me. Is there a similar service for normies? (or one that utilizes Flare's data?)
RPack launcher is likely bad, but if you got all these screenshots from the same source wouldn't they all be captured by similar malware?
Or were they sourced from multiple adversaries/sources?
I imagine that entire site is just a malware spreader disguised as a genuine pirate website. There could even be actual games being downloaded to avoid suspicion and make the person likely to suggest the site to their friends.
I don't understand why companies just let stolen session tokens keep being used. Can't they make session tokens device specific or something like that?
I wish these sponsors would have an option for individuals like myself that would love to use their software to learn in a homelab setting, or at the very least, not charge so dang much. Making it impossible for anyone other than a bussiness to get access to use their software. Basically every single one that you and other security youtubers get sponsorships from, have no use for the average interested individual on youtube that is educating themselves about the world of security. Maybe I just have no idea but I don't beleive business spend their time watching youtube videos to build their security stack.
There was a scammer that just had malware that just takes a screenshot and got the emails (not passwords) and then threatened to post it online and asked money within 48 hours, after 48 hours I checked and nothing showed up on the internet and I wasn’t hacked so he just wanted quick money also I was safe because the malware was on my external ssd and then deleted it as soon as I saw that it was some random iso file
What loads boot start drivers, is it the kernel? What about system start drivers and auto start drivers?
5:34 That Periodic Table background seems like one of the Lively Wallpaper interactive backgrounds
"wallpaper engine" alright... @steam, also can be put on phones.
Argument can be made, there is also attack surface there ...
One can get bg image for 4K or dynamic size, interactive such as this periodic table, some are just flat out video playing, etc...
@@randomict6445 The reason I mentioned Lively Wallpaper is because it has a built in interactive Periodic Table, im not sure if its the exact same version, and not sure if Wallpaper Engine has it.
@@Kalphalus it does have exactly this table.
Which antivirus detects this malware. ?
Hey John nice video. Where can I get those screenshots samples? for awereness purposes.
John, why does Windows Defender allow this malware to make a network/internet connection? How does something like ZoneAlarm compare, when it's set to strict and you have to manually allow every connection attempt?
Windows is not safe on standart. There are ways to make it safer, like the black-/whitelist for file types in windows pro.
18:20 jumpscare
😂😆😂😆☠️
can s.o. clip this fr
Is there anyway you can figure out if u we’re infected by malware?
So is flare only for big companies?
Relentless. You're an inspiration 🔥❤
20:56 Malware devs also make fake modified AB downloads, cracked versions with malware, and just fake ones that look the same and let the malware run
21:08 why only one of the google chrome icons are censored??
What a great idea!! This was fascinating. Kind of like perusing videos of trainwrecks or something. Love your channel; I wish I could catch up on the technical side.
"Pokemon Crystal was my first ever video game" … Me realising you are probably way younger than I thought. :d
Do you think I should download Rpack on my work computer?
Sure, what's the worst that could happen?
🤣🤣🤣I cant stop laughing at this one.... Dude.... for real the imagery of your comment, it is too much.
Pretty amusing seeing the cheater script kiddies being targeted! :D
Windows Defender is a decent AV if you set up it proper way. Victim launches unknown files, no antivirus will safe him from infecting PC with 0day.
Always waiting for that notification 😊
Why does when I start my PC with windows 11. The cmd flashes like Three times. What does that mean. How can I know if my computer is infected?
That might depend on your computer setup. If it's a business or school computer, this may be normal if they run login scripts.
Some automatic startup items might also do this if they use any external script engine, such as Windows PowerShell.
Go through your startup items in task manager and services manager to see if anything suspicious pops up. If some program you don't use often always start up on system boot or user login, try disabling automatic start in task manager and see if one of them was causing the CMD window popup.
Looks like you need to figure out what's installed on your computer. There are some legitimate softwares that do this. So you don't need to be immediately alarmed.
You can probably see what they are in task scheduler
3:36 I THINK IT SAYS "Turn on virus protection"
It says that threats were found, yet windows defender didnt stop It from running😭
@@Iagogago it actually means Microsoft Defender Antivirus found threats. Get details.
Ad that takes up more than 1/3 of video? Hell yeah
17:47 , game: Genshin impact, its RPG game
FeBo Po... folder was crazy.
fr
based .w.
odd that the malware is where you think it would be
I got hacked and I got a mail with a screenshot of when I got hacked, it was pretty funny that it happen 5 minutes after I watch this video.
They adversaries got inspiration from MS recall
18:52 My theory is that on the third tab, they tried to download a fake version of free Spotify premium or something as it says ad-free in parenthesis
Edit: I saw someone already made the same comment lol probably others before them as well
This is probably a stupid question, but do they hold data for decades or just short period of time. Asking because I am sure I downloaded malware on my old PC when i was a kid like 10-15 years ago and they definely got whatever they wanted back than.
maybe the people who hacked you dont, but the people they sold that information to definitely do. its probably on a list in the internet somewhere with hundreds of other peoples info
John Hammond.
I am a huge fan but can you make a video that highlights how mods and malware hidden under a legitimate software?
If a product is free, your the product
20:35 It Is not repack games It Is Just that there are scam websites that are fake repack games and give out rpack Launcher
Noticed how windows defender didnt stop it from running, and people say Windows defender is good enough
Hmm, it usually is, unless you're doing something really stupid
it probably did they just forced to allow it thats why the defender window was open in the first place
when malware is fresh even the best antivirus won't catch it. Saying this, is pointless
@@triangle3113 that's why heuristics come into play while windows defender sits there and waits for something to happen and when something happens it doesn't do anything
Fresh windows defender can't stop malware that's been known for years you commenting that means you know very little
Windows Defender will usually do a fair job. Defender allowed it probably because the user allowed it
Really loved that video.
Thankfully there was no screenshot of my desktop in the video 😅
Lost my main TH-cam account (appealed multiple times and couldn't get it back)
the first one, cheats and they all like "it dont work" ha ha, you deserve that one buddy. what you get for cheating.
I love this guy. His energy is boundless, lol!
6:15 is from romania
I have a question about session hijacking why cant session tokens be encrypted so that if it's stolen it would be useless to a hacker this is a question I've had for a long time if you could answer this for me I'd appreciate it. Also you inspired me to start taking my opsec and general security seriously we need more people like you on youtube
Because the idea of the cookie is that you don't need to log back in with your password. Encrypted cookies would require the user to re enter their password. Convenience > Security
The session login token itself may well be encrypted already, but if you don't log out from the service, the token may still be used to log in from another device under the control of the attacker, as if they were you. Keeping these "auto login" cookies can be convenient, but anyone with that cookie can pose as you without needing to log in. You need to log out from the service to clear it, or delete all cookies when you exit the browser. If you use the "derriere chinos without logging out" approach, you are taking the chance that no one has snatched that cookie while you were using the browser.
Web based email, your favourite shopping site or other services you use that does not have automatic logout timer if you don't interact with it, are all vulnerable to this attack. Automatic logout timers work on the server side, so if you just close the browser, sit idle or only use other browser tabs or applications, you must log in next time you return to that site. Banks, insurance companies and others handling vital personal data should always do this automatic server side logout, if they care anything at all about safety.
At 3:53, it's just telling them their google drive is full. Lol
Seeing how game repacking has groups of packers beefing with each other (with some of the re packed game installers containing stuff that hacks you if you try to switch to another groups re packed games) it kinda makes sense that its in so many of these screenshots. But also there's trusted re packers out there and ive never seen rpack named anywhere.
As for fling it was one of the most well known single player only cheat software next to wemod and og cheat engine. If its one of the reasons then rip. Probably hopefully downloaded from the wrong site lol.
Bro seriously how many thumbnails do you need to make for one video.
Out of every channel I follow, hundreds of og TH-camrs been doing this since 08, you're the only person who's videos change thumbnail every single time I come back to the page.
Interesting. In the first screenshot, the reply to the link being broken was made by "Fling"...🧐
6:03 the text translated to
●Rest assured that all files downloaded from this site are completely safe and free of viruses
●For fast download use (IDM/FDM) it will be 10 times faster than browser download
If it says it's safe like that... probably don't download it lol😅
17:50 Maaan genshin was innocent bruh,didnt have to do it dirty
I wonder if those "stick" folders had something to do with that Chapman Stick? Like samples or templates. Only saying that because I noticed Reaper as well on the desktop. That's a Digital Audio Workstation that screams Chapman stick enthusiast.
I feel so good that my Windows partition has zero accounts logged into it
John is here again
ok but CULT OF THE LAMB CHEATS go to the accessibility settings. they literally have infinite health as an option
18:20 LMFAO, also 19:50 is funny as hell
imagine seeing your desktop, thatd be horrifying
please do more about picoCTF, i learned ton of things from your video😭
So let's assume you suspect this happened to you. What are the steps one should take?
I don’t save my password on my computer because I would get old and new passwords mixed up and it’s safer to not save it. I have a password book that I write my passwords and other information on websites I use instead
but there are autologin cookies though
@@Cloud67TRthese websites are unreliable if i don't go on a website for some time its gonna remove my cookies and that wont fix no matter how much i try
Good day sir please help me im from the Philippines . I need help how can i contact you
Put a disclaimer and the time line(from start to end) about the ad brother... I am like why is ad time is more than the actual content.
fling is a pretty known name especially for wemod
i guess the antivirus window is open because the victims disabled it and didn't closed it
not because of antivirus couldn't catch it
Can we please have a video about ransomware/Ai ? Thank you in advance john ❤
uh oh they defo saw my fun time folder
In the first screenshot, can't believe the guy fell for a fake version of the cheat game website. Bro didn't do his research and costed him 😂
Flare aint supported in my country! :(
5 minutes ago feels illegal
Wonder if you find any screenshot from Linux OS?
that could happen since wine does allow taking screenshots
“can we put it in the video?” it’s your video. who you asking? lol
most likely his sponsor
Nice job.
pov: you watched the whole video just to see if you could find your desktop
Gaming cheats and keygens are full of viruses, but the odd thing is that they usually work though (at least keygens).
I usually spin up a sandbox vm hosted in a tmpfs where I extract the keygen and then just turn off the proxmox. Everything in the memory is deleted then.
I mean I did this in the past. Not anymore, because I even dont use Windows or Windows software anymore. I am full Linux nowadays.
At the 5:14 mark, the screenshot shows VirtualBox right on the desktop. My question becomes; who knows enough to set up virtual environments but doesn't understand the perils of downloading game cheats???
I need something like this again.
It's interesting that hackers are going after people who are too poor to actually just buy the programs. the cheaters I mean screw those guys but some poor kid who just wants to play mine craft and lives in a shitty low income situation where their parents can't buy them shit. Like really it's pretty sad. I have gotten hit with some malware back when I was in the same kind of situation well over a decade ago.
5:38 it is a wallpaper on wallpaper engine I have it too
welp, guess I'm in there I downloaded a trainer
Now we need a RPack video
LOL! This reminds me of Microsoft Recall.
5:14, the user in this screenshot has VirtualBox downloaded to the desktop and has a desktop folder titled PC Retro with a VM file in it! So; the user understands how to set up a virtual environment, but not enough to stay away from game cheat downloads?
Maybe the person tested it in the vm, but the malware detected it was a vm and worked like it promised there.
18:22 just uh.....
i meant the original comment with the timestamp.
19:30 look gary its me
you should do a video exposing websites like fling trainers for malware, personally i've even downloaded something from there before, luckily i only login to steam, battlenet and epic on my gaming PC all with 2fa no banking or social media etc. i have recently formatted though 😂
I hate to disappoint but info stealers can bypass 2fa on services not well designed, an example is google and TH-cam, this is called token stealing and it basically tells the service they're already logged in
It was weird, John. I'm surprised that you went for it.
Was really funny to watch.
I want a part 2
Well now I know to stay away from rpack launcher.
I used this to try and fix computers and make them more efficient, removing things like crowdstrike malware. I didn't try to steal any info, but many others did. I just like OSes like GNU Guix system Linux distro