How not to Pirate: Malware in cracks on Github
ฝัง
- เผยแพร่เมื่อ 15 พ.ค. 2024
- How NOT to pirate, do not download cracks off github, you are likely to be hit by an infostealer that will hack your accounts.
Safely explore the dark web with Flare: hi.flare.io/pcsecuritychannel... (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - วิทยาศาสตร์และเทคโนโลยี
Let's say we installed a info stealer, Is there a way to prevent it from reading cookies?
I also want to know the answer of this question.
Not really. You are kinda fucked when you download the infostealer.
Immediately disconnect from the Internet then Investigate
@@Plazmal You could... But who has that time lmao
It reads your cookies at the exact milisecond it starts to run. And your data is already sent to a server (probably) overseas somewhere
pirating from github 💀
ikr who tf pirates from github
Not that Github isn't a mess anyway. 😅
Eyebrows were raised 😂🤦🏾♂️
Tbh best KMS script is hosted on github
@@ForDeath16I just used this and it had me doubting myself for a second loll thank you
A download button in github? That's suspicious.
I never managed to see one.
And the link is from another repository 💀
Easy to download on GitHub? Hmmm sus
No smart person uses Google results to search for pirated software. You just use reputable websites which Google of course doesn't show on search results.
Disagree on that one for video games
@@staying_substantially6186 what do you mean?
@@staying_substantially6186 all sites that google lists when you type cracked are straight-up malware wdym?
@@staying_substantially6186 who tf uses google search for games? You go directly to fitgirl and the likes.
@@staying_substantially6186 opposite for me, most things on google arent that good, excluding a few. General search results, not reddit
I instantly noticed the download button to be a different repository. Major red flag.
You should see how stupid phishers are in emails it's gullible that people don't check and trace headers for any signs of flaws or have a link checker someone tried phishing my brother by claiming he didn't pay for his "Apple" phone when he never even bought one I called them out and they never replied and the funny part is the idiot was using his gmail what fucking idiot uses their own gmail to try and click bait someone?
As Thio Joe shows you can upload a file as a comment to any repository and it will show that repository url as the source of the info stealer .zip file
@@user-cl1rq1sg8m I know. And they didn't even bother to do that.
@@user-cl1rq1sg8m Here the file appears to be in a release, not as an attachment, since you can upload any files to repo releases. (not tags)
EDIT: examined the repo, looks like the user themselves released the malicious zip, the code itself belongs to some kind of role manager app?
Usually, software released on github doesn't have a direct download link and instead has a download in the "Releases" tab since things can change with each version.
It doesn't mean that if it does that it's safe, no, it still could be malware, but the telltale sign is a sketchy download link.
You can def legally upload malware on Github but u have to write "Those files are dangerous and shall be ran on isolated environment for testing purpose". If the repository miss this statement , the author is trying to social engineering. Github itself can't stop this attack effectively, cuz (again) malware can be uploaded legally in some scenarios.
I will legally steal your Social password 😊
For teaching purposes you would make the user input their own dump IP instead
@@wsg1231yes dadi
...yes they can. It's their platform thus they can do whatever they want on it. My God, people are stupid these days.
You should be using the wording "allowed by their ToS" because literally no state in the world legally allows info-stealing never mind in the form of malware.
I just love the fact that every cyber security tip leads to "Just don't run anything untrusted on your device" at the end
When it comes to digital anything, it's always about trust. Piracy isn't actually any different in that regard.
That's just the ethos of digital security.
Windows for example 😅😂
What if i don't trust any software?
@@globalist1990 Not even a program you wrote yourself?
@@globalist1990 then good luck man life is hard for you
My favorite part about cracks (in this case for Microsoft's Office) is that only Windows Defender recognizes it as malicious software while other antiviruses don't.
because microsoft flags software they dont like as malicious, even if isnt.
Bro you don't download crack for Microsoft office 💀
@@Oruta563 You used to not long ago. I think many people still use older versions of Office so they don't have to do the 365 version (which was Microsoft's attempt to stop pirating).
@@in_vas_por8810So is MS office virus?
@@Oruta563You can absolutely crack office365
I downloaded the file (dont try at home) and Kaspersky did not detect its hash. It only detected it after I did an "in depth" scan. Virus total also shows that none of the popular antivirus software recognise the hash. What a joke, the file has been up for 2 months.
> I downloaded the file (dont try at home)
I mean, it's not downloading a virus that gives you a virus, it's opening the virus after downloading it but i get it
@@erroroliver this file isn't the virus though so it will never be detected as such, this file downloads a chain of viruses that continuously download more in order to scrape as much of your data as possible. its not like an active keylogger, they just searched for all your saved passwords from your web browser and all currently logged in apps and dumps all the info it gets so if every virus it downloaded isn't blocked immediately by your antivirus then your passwords are all compromised. i was dumb enough to fall for it a couple months ago and had to re install my operating system because for every 1 virus you detect they have downloaded 3 more. weird part to me is they only took my steam, reddit and instagram. also it detects if you run a windows scan and shuts off your pc lmfao
Yep! It's not the downloads that activates it. It's the executables.
@@erroroliver i know but why risk it, i did it in a VM because Kaspersky didnt detect it and I might have accidentally ran it. until the hash is known to all the different AV companies its dangrous. Its now showing as something like 50/100 on VirusTotal but before i reported it to Microsoft, Norton, Kaspersky, BitDefender and McAfee, it was 9/100.
When you ran it did it immediately got detected?
That readme should already bring up a huge red flag
Why is that?
Only having readme and the license on the GitHub, and having the download button, that downloads the whole software on the readme is completely wrong anyways. Real and legit piracy tools are going to be some sort of patcher with the source code provided and the download is going to be always on the "Releases" tab, and the readme going to tell us how to exactly use the tool and sometimes it is simply a CLI tool meaning you need to run some sort of terminal first and pass in some argument / parameters. Only thing you have to worry is the tool probably won't work "on your machine".
a github repo even having a download button is a huge red flag, like..... just build
Says readme is a red flag
Proceeds to not elaborate why
It's not even just softwares, even "corn" videos too. I think it's very keyword specific, like if you search for leaks, google will return results from github too. Very modern day limewire I'd say.
Sailing the seas hones your bullshit detector on pirating things
As a person who occasionally sails the sea, having a trusted platform helps a lot to find your pirated copy.
@@GregorianMG My issue as a newbie is finding safe waters to sail upon.
True but my bs detector has failed once =(
@@veteranhamster7410But those waters are home to large sea monsters😔
@@veteranhamster7410 1337xx is a good start. FitGirl and DODI repacks are highly respectable, and from that you can find more trusted sources.
The sneakest ones(and these have been around for a long time) are repacked cracks where its the actual crack for a program but either due to a badly written crack or some simple exploit they can tag along extra things that get executed or they just write a wrapper for the original crack either way there are plenty who look like they did the job and thus make you way less suspicious about anything having gone wrong and makes it less likely you try to find a way to get rid of it.
Seen this happen to a few friends who all used the same reuploaded version of a game instead of getting it from the group who originally did it and they all had their info stolen and none of them knew why until they realize it all started after they got that game.
the ones making the malware get smarter but the average user seems to be getting more stupid.
Bro atleast tell us where did they download the repacks from. I always use fitgirl repacks are those safe?
@@pipacombate393 Listing the site here will most likely get the comment removed as they typically do when people mention places like it but her stuff if it comes from her .site are safe that much i can say.
i gott a question, will having a portable chrome and having duplicated exe but there no trace of it saying chrome/google in process will that negate a stealer searching for those processe/default paths? also filecr is a site i use a lot lol
beginner question but is it possible to get hacked merely by clicking a button in a web browser without receiving any kind of downloaded file?
Hi, another great video. But I once had a question of interest. Do you know of any other channels (or would you make a video) that shed more light on spyware and malware on cell phones (especially iPhones)? As this is a topic that is often neglected, I would be interested to know whether users really notice whether malware or spyware is installed?
Thats a smooth transition to the sponsor segment
braucu ar vilcienu
Sponsorblock 😊
but even if you're not downloading a crack out of github you can never know if the crack is ok or not
because Antiviruses don't really like cracks on games - and when i'm downloading a cracked game - i downloading it with the crack in the installation of the game
good information, nice channel, subbed
Does also means they gonna make your computer running slow too right? Especially in windows explorer! 5:08
Does Microsoft Office app (cracked) that i got it from filelist can be a virus?
How do we know if the software we already installed have info sealer
Same thing happened to me with a Mod for an Assassins Creed game yesterday. Exe was clean but the dll had a logger payload. Unfortunately i found out after running it. None of the normal tools (NPE, HitmanPro, Malwarebytes etc.) detected anything. Reinstalled windows anyway. Didnt format my other drives tho. Is there anything else i can do?
you mean besides taking more care about what you install on your PC? well you can try some advance HIPS utility like COMODO utility pack, some registry watcher like mjregwatcher. They MAY help you to make a right decision, but it's always your decision to run or not to run an unknown app or to hook a dll
I would not be even slightly surprised if it was a publisher that placed the malware.
that's why I look for source code of the crack, then look at the code and inspect it then finally compile it myself. I use stuff like pykms and etc.
What should u do if you got infected by this? Format?
Hey guys weird question but does anyone know any sites what you can download cursors without viruses?
Cursors, that sounds fun! I don't know, but I used to make them a long time ago, which is easy enough to do.
Cursor fx
Open Cursor Library, has an array of cursors. You do have to manually set everything to be said cursor in your pointer settings.
@@sunla how did u make them?
@@JajaofAbuja thanks 👍
I've been thinking for the last 2-3 years that the "big dogs" of malware (wannacry, etc) will gradually fade from common attacks. It's much easier and cheaper.
I don’t want to give anyone idea (just typing this I might), but wouldnt github activation stuff like Windows activation or whatever may be, contain one of these?
If your referring to MAS no that’s completely different, they have a whole dedicated server and page explaining how it works but fakes do exist so be careful
Why can't github/Microsoft scan for threats? I also found hacks for warzone on github/Microsoft. Probably root kit. 😅
I tried to download malware like that but my AV removed the file before I had a chance to test it with virus total
Hi can you make a vid on atlas os. I think your input on whether or not its safe would be a cool topic.
why would you goto an open source software hub for access to closed source software? Am I just thinking about this too rationally or who’s the target mark here?
i think its just people who know enough tech to know about open source then think "open source = safe"
It preys on the Dunning Kruger effect, people that thinks they know a lot about computers and the internet, while in reality just being ignorant.
@@romulo2714ironically the dunning-kruger effect has nothing to do with any of this
Lmao, you know who. Js and web devs.
because there ARE a lot of open source cracking/activation scripts
Hi please can you tell me how to track Powershell events in windows. Like which program triggered Powershell and what script was run in it. I saw somewhere it has something to do with gpedit, but I didn't understand it. It will be really helpful to all. Thanks
COMODO firewall is a way to catch system intrusions, including attempts to run powershell. Or any other program with good HIPS utility
@@user-od4gs3iu4t thanks
thanks for the knowledge
smoooooth sales pitch. Interesting site.
Woaw your video is SOO good, because i definitely download malware off github daily. You sure are a "security researcher"!!
Why is Defender UI actually recognized as a virus? You can also check that
how is that repo still up...
I was about to sign up with flare but they don't except gmail addresses. That's so strange
So lets say, I use a VM with GPU pass-through. What will happen?
Will you please make a video about this matter?
The stealer will grab anything on that VM, GPU or not. Basically if you have that VM solely for gaming, it may not steal your credit card info, but will steal your online games credentials, as well as any game launcher info installed on that machine.
On a blank machine tho? Wont steal what's not there
Hey, you should point out in another video in github or something, there is normal software in the malware repo's BUT at the veryy top of the repo's you scroll sideways, you will see a payload installing a malware
Theres no way this is happening, and theyre not all even gone, but when i uploaded memz to one of my repos to use on a vista vm (no tools moment) my account was banned after 1 day💀 and i cant get it back
please do a video about rav end point protection by reason labs
i had something like this but i scanned it on virustotal it didnt give a flag tho it was virus
I dont have dollars or money what must i do i need the app also
Could you analyze hydra launcher on git hub?
hydra launcher is trusted. it's basically a torrent client, and its source is up for everyone to read (and build its own release)
Actually my first ransomware that attack on my laptop is iobit software like their security, screen fecorder, and uninstaller, I installed qll of it and very next day my laptop now infected with ransomware I don't know what is the malware name but the extension I saw is .wrui
I noticed this a while ago but forgot about it
I've found quite a few of those on github, been making sure to report all the ones I find
A guy I know occasionally sails the high seas for software, and when he does he runs the cracks through virustotal just to be safe, how can this guy tell cracks/false positives from actual malware on VT? This person sees stuff like "packed" and "themida" on these files
Once you have quite an experience on sailing the high seas, you will bound to know where to look at good crack and how to avoid the bad crack with malware.
Ι kinda wonder. Why should someone download a cracked avast? I mean, he shouldnt even the official avast. :-)
How to know if the crack is really just a false positive or an actual virus? (without telling me to just purchase the app or install the free alternatives)
the short answer is: it's less expensive to pay for an app than for hiring an IT specialist who can make an informed decision about the modified file
Yolo it, then see it yourself.
Jokes aside, no easy answer here. I would say go for reputable source and then start from there.
Is there any free resources to check if your pc has malware?
Malwarebytes free, autoruns, process explorer
ESET online scanner seems like a good choice.
Could you review ESET NOD32?
UPDATED 1
sorry to say (i am at 1 minute so dont judge me for the resoning...) but if the conclusion "Malware in Cracks on Github" only lays on 1 VT test?
then sorry to say...
but mostly EVERY crack gets detected on VT just because the softwar was "modified..."
but may there a more reasons XD
for this conclusion...
update1
3:47
an gdata report is more an reason :D
Same thing if people search on TH-cam for free-payed software linking to a phishing software
is that a 3 swords style pirates jolly roger?
Not saying that you should pirate, but having a FitGirl manning the ship can help out a lot.
wait till people learn that file names are entirely aethstetic "you can even get malware in an msi file" made me lol
I trust the song "RiveR - Solo" for my games and "known/trusted" pirates in the good ol pirate bay for other software
So what’s the correct way to pirate software?
On reputable sites.
Good info. Thanks. I'm sure so much of my data has been stolen, not like this, but still...
This is why I couldn't get into many direct installation Ai systems and Git repositories that some influencers are pushing. Some in the instructions even encourage to disable your AV.
Great video
Is flare easy to use for someone that has never been on the dark web?
Is fitgirl repack safe??
Yes she is among the most reputable people in pirating community
4:24 that's just a GPLv2 license lol
nowadays people think github is a safe place to download stuff because it repos have source code, but it's already a huge red flag the repo itself only has a readme and license file and the download button redirects to somewhere else
It really is if you build it yourself and can read the code.
I have already suffered this breach in April due to Telegram mod hack.
Telegram and WhatsApp are bad.
All cracks are considered malware of some kind even if they are genuinely harmless, because they make minor adjustments to the software on the system, just like a dangerous virus would. So you never know for sure if you screwed until you screwed,lol
This is so accurate! My co worker downloaded something on GitHub and she confessed that it was an attempt to pirate a software. The infostealer manage to steal her notes and her cookies trying to hijack her sessions which was disrupted shortly since it was suspended by our IT Dept thereafter. We watch in real time how the infostealer did it's work and leave without a trace. So everyone! It's not like those malware or trojans where your computer are infected through a backdoor. It requires you to sort of execute it for it to run and operate it's working command.
The best way to avoid this is to not pirate softwares or games. Period.
This is why companies need to limit regular employee access
@@Oruta563 Yes and constant vigilance against behavioural patterns that leads to such penetration in the first place. Though infostealer isn't as heavyweight compared to other type of viruses such as leaving it's presence behind for future backdoor, it certainly warrants extra precautions such as changing your password for all accounts to prevent successful profiling penetration thereafter
Hey Leo, Thanks for the video and sharing awareness. I would like to recommend a few steps to the audience on how to protect themselves from these threat actors.
1. Always use non-privileged user to operate your system on a daily basis
2. Run your browser using a different account.
3. Use Admin account with care and ensure you are 100% sure what you're doing.
4. Enable "Core Isolation" in Windows
5. Enable "Controlled folder access" and ensure to add only the known programs to the "Authorized" list.
Unfortunately that also happens to be highly inconvenient. I just do my research, rely on my antivirus and hope for the best 👍
My dumbass brother loves to download cracked software and the family computer always feels awful
since M$ owns GitHub then why on Earth are these allowed?
downloading a random exe off the internet to crack an antivirus must be the most chad thing I've ever seen
Wow, I found something on github and ran it, and an av provider stopped it from executing, I replicate it on a online sandbox and sure enough it is what it is, I even reset the entire computer in the end just to be extra safe.
How about stablel diffusion? is this 100% safe?
No software is 100% safe however on GitHub they do have the “issues” tab and if someone has an issue with the software , it’ll be reported there most likely 👍🏾
@@theycallmeken thanks for the info 🙏
Stable diffusion?
That's text to image generation?
Yes that safe sound 38k star the repo so obv that safe even I use that in my pc for unlimited use
@@pxllfx3207 do i need to instal cuda and cudnn first or just follow the youtuber tutorial to instal SD? Thanks in advance
Mistake 1 - searching with Google
Mistake 2 - thinking GitHub is a place to pirate
We tried Flare, The company doesnt seem setup to accept new customers. They are insisting on phone interviews/verifications to demo their software. You got us interested in the software but the vendor dropped the ball on this one. Perhaps your next video can recommend another tool?
Flaaaarreeeeee!
Yooo it's the legend himself
Heyyyyy fellow Flare user! for those who don't know, John and I do a monthly (somewhat) hangout on our discord: discord.com/invite/y7q3qMM
So if ever wanted to hear TH-camrs talk about behind the scenes stuff, that's a gold session to join.
Hi, John
@@stage6fan475 i thought he isn't real john, (there's a underscore in name) 😭
Open source apps for mostly alternative to proprietary software not crack them.
Even their website is very likely filled with bugs
Cracked antivirus is the most ironic thing I've heard in a while 😂
I was saddened to see this video after realizing that my pc was infected with trojans after downloading the wox app from github two days ago
In the meantime windows defender gave a warning message and when I scanned the pc with kaspersky I cleaned 4 trojans, but is this enough. What information was leaked?
Analyzing malware is often harder than cracking software. I just make my own cracks whenever none of the trusted sources have one.
Not a trivial thing to do for most of.. well, anyone.
That sounds like so much more work than just using something open source
@talkingthoughts4747 he aint doing shit. He's here for attention: look guys how awesome I am.
@@visitante-pc5zcSpoken like someone who has never RE'd paid software before. Many paid softwares can be unlocked by just adding a mov and ret instruction to return true from a single function.
Try cracking denuvo games, if you can
this also applies to hwid spoofers n all that
There's a Windows 11 activation script that's open source, but it's so much code I can't validate it myself but the r/piracy crowd just uses it
this is the same case as "valorant skinchanger"
Imagine looking for a cracked version of bloatware LMAO
duh the megathread exists for a reason
This was made for the guy that begged "just give me an EXE". XD
....
Do you know Jesus Christ can set you free from sins and save you from hell today
Jesus Christ is the only hope in this world no other gods will lead you to heaven
There is no security or hope with out Jesus Christ in this world come and repent of all sins today
Today is the day of salvation come to the loving savior Today repent and do not go to hell
Come to Jesus Christ today
Jesus Christ is only way to heaven
Repent and follow him today seek his heart Jesus Christ can fill the emptiness he can fill the void
Heaven and hell is real cone to the loving savior today
Today is the day of salvation tomorrow might be to late come to the loving savior today
Romans 6.23
For the wages of sin is death; but the gift of God is eternal life through Jesus Christ our Lord.
John 3:16-21
16 For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life. 17 For God sent not his Son into the world to condemn the world; but that the world through him might be saved. 18 He that believeth on him is not condemned: but he that believeth not is condemned already, because he hath not believed in the name of the only begotten Son of God. 19 And this is the condemnation, that light is come into the world, and men loved darkness rather than light, because their deeds were evil. 20 For every one that doeth evil hateth the light, neither cometh to the light, lest his deeds should be reproved. 21 But he that doeth truth cometh to the light, that his deeds may be made manifest, that they are wrought in God.
Mark 1.15
15 And saying, The time is fulfilled, and the kingdom of God is at hand: repent ye, and believe the gospel.
2 Peter 3:9
The Lord is not slack concerning his promise, as some men count slackness; but is longsuffering to us-ward, not willing that any should perish, but that all should come to repentance.
Hebrews 11:6
6 But without faith it is impossible to please him: for he that cometh to God must believe that he is, and that he is a rewarder of them that diligently seek him.
Jesus
Yea no, never ever thought of downloading a random unverified repository from github. Its kinda obvious.
now make a video on
Pirating IObit or CCleaner is wild
i did that back then. 😂
pirating trash software is something else, truly
i remember when i join to your discord and the moderators of the channel ban me for talk about crack and piracy , now we can?
I always pirate software and games from torrents and crack websites.
damn it, not my fucking cookies
that's why you should always check the repo and readme yourself and not go with the "Is on github so it should be fine!"
Hope you had a good time in Nice ^_^