One that of a game that is very known and has a known indie developer. That's like writing FnaF 17, and people recognizing the user is not Scott Cawthon. Pretty sure the guy who wrote the malware isn't the same one who is spreading it.
LLL had edited the vast majority of that scammer messages text so that no one actually typed that URL in and got scammed so I just assumed he (LLL) named it after a known game to be more anonymous. But yeah it’s definitely possible that’s the one part of the URL he didn’t change you never know
1:26 Looks like the malware maker uses Sprinthost's technical domain to host the virus. The subdomain is the username of the client. It might be a good idea to inform the hosting provider that one of their clients uses their servers for malicious purposes. The clients must provide the scan of their passport (or other documents if it's a legal entity) in order to use their services.
Might not have been the hack of the century, but still interesting to learn what they were attempting to do. Could maybe do a video in the future trying to dig into it a bit more? Maybe even an overview on how to write a deobfuscator? Would be neat
@@pancak3 but useful nonetheless because some people have no idea that this happens. Also an idea on what not to do, or how to run it in a decent environment.
Nice. Tell us more about the sandbox tool at 1:45. Is that something I should know about? I was expecting a VM, is this some wrapper for a (cloud?) VM? What considerations do you make before running sketchy binaries to avoid them breaking out of the sandbox and affecting the host system?
Sandboxes designed for malware are pretty much normal virtual machines with extra features to help with analysis. Sandbox escape malware isn't usually an issue for the analysis environment if other precautions have been taken like making an isolated network segment (with a managed switch you can create vlans)
A friend of mine got hit with a similar scheme but this one stole passwords and other data from chromnium browsers. Once I found the malwares put requests I may or may not have uploaded a few hundred fields of fake generated data into their server.
“I just ran it” and that actually is often the easier thing to do. Because some code can indeed be hellishly obfuscated or even compressed and/or encrypted and to reverse engineer that can take ages. Just running it, whilst having wireshark logging and memory dumping the data segments and on Linux I live to run strace or Solaris truss as well. And see what kernel calls with what data are done. Now I never reversed engineered malware but mainly copy protection and old unsupported software (statue of limitations has passed 😂), or create cheats in games (a lot of that on this channel too) and debug unsupported code that still ran (and probably still is).
Would be good to explain in as much detail as possible what steps you take to ensure a virus will not be run on your main machine and will definitely be isolated to the sandbox of your choice. Don't want a random 14 year old feeling invincible, only to get their mom's laptop pwned because they don't know how to put a VM in the DMZ.
considering the sandbox he uses isn't running on his network and instead is an open web-based platform designed for inspecting malware, I'm pretty sure nobody will get the wrong idea from this video
It would be great to see a detailed video on how you reverse engineered this. You speak through your process so casually when it’s actually super impressive stuff you’re doing that I’m sure a lot of us would like to better understand
@@Rottenham12345 bigdraco literally said all he did. this is literally all he did there is no more detail to mention unless u want to look at the sandbox’s analysis more as he didn’t unpack the final stage
This is really interesting, the entire idea of reverse engineering and looking for those hard coded urls and files is really smart. I’d love to see a course on decompiling executables and understanding their purpose. Happy new year!
Doesn't work if it obfuscates URLs (like calling a parse function from some weird encoding made just for that purpose), or if if just uses good old plain encrypting/decrypting on the go. But network analysis should capture it just fine.
This is actually a great topic. I have a few games that are open source but the only remaining versions of them are infected. So here I am learning how to decompile them to remove the malicious part and compile them again.
What I wonder is how their code could just be run and automatically be allowed to disable essential defense programs. Shouldn't there be tons of checks screaming "Yo you're shutting down Windows Defender? No problem we'll just shut down all access to the computer, reboot and automatically put it in safe mode while writing a report on what you just tried to do".
i almost fell for this a few months ago but the part that made it believeable was it from one of my friends hacked accounts. and he was developing a basic platformer so i didnt think twice about it. i only realised once a cmd opened and discord restarted to the login page.
That's funny. Always wondered why nobody ever took my old DOS screensavers back in the 90s. Then I realized they thought everyone on the internet was out to get them.
actually your IP doesnt matter! just restart your router and you will get a new one. leaking your IP address is only an issue if you have a static one which im 99.99% sure you dont have.
@@LowLevelTV DHCP only assigns private IPs to your devices connected to your router. You probably have heard that we are running out of IPs and for the most part this is true, but to combat that issue NAT was invented, which resolves this issue by translating your private IP address into the public IP everyone see on the internet. This way IP addresses are not wasted to end users who realy dont need them.
whoa , this is new content or am i missing such content on your channel, may be youtube is filtering such content of your channel to not show in my noti... they might be watching me (or my history) 🤣 as if... anyways great video , never thought of skipping as every second of the video was nicely curated and data being pitched in simple way. the comic timing was awesome and fairly placed with the context of the video. Keep up the good work, simply put enjoyed this one.
I had a similar thing, got send to a website to download their game, reverse engineered it, was a basic cookie/discord session stealer, including the non obfuscated code.
There's been a virus around on discord working kind of the same way as this although it gets access to accounts and someone text the hacked accounts friends from it which makes it so people dont think about downloading the file and running it. My best friend had this happen to them and the hacker sent the file to me from their account and i almost fell for the trap, my friend is too stupid to make a game so was skeptical from the start ahha
reminds me of the time i wanted to watch a movie and ended up finding out that its a piece of shitty malware with a stupider method of delivering its payload
Me looking up reverse engineering malware.. Because i downloaded a pre activated software i need for my work... And here i am... Learning something new throughout the vid Thank You 💯
that "game me and my friends made" actually sounds like the users discord account was hacked and then the hacker sent the malware to everywhere that user was on in hopes some would click it
I miss the time where the discord malwares where simply stealing your discord token to get access to your account by sending it to a webhook. I had fun times spamming the webhooks with disgusting imagery.
I fell for this one myself! Not sure why I ran the file, I was like 99% sure it was a hacker but they messaged me from a friend's account that I hadn't spoken to in a while. Not sure exactly what happened in the background but I'm relatively certain they stole my cookies. I found them logged into my discord and kicked them off almost immediately before wiping my whole system.
Can someone make a game where the plot is making all your files encrypted like how ransomware works. Instead of paying to get access to your file, the victim must play a lot of puzzles, mystery or any games that filled with like lore. For example, the encrypted files will be called "princess" and the victim is the hero. The hero must finished all task like puzzles and secret messages to get access to another levels until they reach the final level where they save the princess "their encrypted files" and that virus is completely gone to the computer. i found it interesting but no one done it.
There was a similar malware campaign from 6 months ago where they ask people to check their game and it check, saved passwords, discord auth token, cryptocurrency information, etc to a russian ip. My friend got hit by it and they stole discord token and ran it using a automated to script to further distribute the malware to all server and his friends
I've received a very interesting malware once, that was a Java file, but all classes and functions were renamed to sound like they were part of a game. (Like "Map", "House", "Inventory", etc.) But if you looked into the classes you could see by the behavior that this wasn't a game at all. So be careful when trying to assume things from using string. Some madman might have been smart enough to just rename everything.
Ngl this was sent to me by my friend (he was hacked) and I thought it was my friend who actually sent it, so I opened it and literally all my accounts were stolen. Luckily I managed to recover every single on of them. Be safe out there ladies and gents
I consider myself somewhat critical when it comes to downloading and executing software from unknown sources, but man, I would've definitly been the idiot who downloaded that "game" to be nice. Thanks for reminding me that 1. Malware could be anywhere and 2. I am an idiot
interesting, the "games" i receive off of random people on discord are usually a packed nodejs program that attaches some sort of discord logger onto your client that sends them any sensitive information you may input into discord such as passwords, credit card details, etc via a webhook
I gotten that type of DM's like 4 times from random people. I ignore them generally but, the very last guy that tried, I was curious of what the scam was since it was the same pattern as I know there is scams on discord. I asked him what kind of game it was blah blah blah. He did not give me much info so I confronted him about how is it that I get DM's from different people with the exact same story. He never replied lol.
can you please make some tutorials, or a roadmap video on how to get started with low level programming and what should a normal beginner level coder do to learn the extreme basics stuff like reversing a software and how to read it , not only for knowledge purpose but as a career too
Wow. I actually received a DM with a request like this a while ago, I told them I would soon and I promptly forgot about it a few minutes later. They asked if I had played it the next day or the day after and I told them I was busy (I wasn't busy I was just too lazy to play it). I forgot about that person and the game a few minutes later after replying. I didn't know that was a scam until now!
I have seen malware that steals your discord token and uses your account to spam your friends with the same message that got you (probably not the only thing it does).
I got a similar one once, but from a friend, who was actually in gamedev at the time, so I didn't question it. I downloaded and ran it and noticed that: 1. it opened the nodejs terminal for a split second 2. i was suddenly and suspiciously logged out of discord I suspect it was some sort of keylogger (most likely injected itself into discord hence the nodejs stuff, logged me out, and waited for me to put my login details again). I of course deleted the virus and nuked discord before reinstalling.
If it closed discord that means your token was stolen. Discord (and other apps) have some protections in place for having the token stolen, so it only stores the token in a readable state when closed. But, logging out refreshes the token, so it also injects itself into discord to capture new tokens when you log in again. They also are usually stealers (or at least, include stealers, because why not), usually stealing saved passwords from browsers, crypto apps, tokens of other applications, saved credit card details, etc first.
How about this. Make the malware writers regret the day they touched your server. Make them shit their pants and scream that all their data and bitcoins are gone. When in reality, they're just crying wolf for no reason.
bro made a whole crypto miner meanwhile me sitting here making a vbs script thats obviously a virus that opens a bunch of cmd prompts and notepads to annoy you💀
Hey I had this happen to me from someone I thought I could trust. I think they hacked my friends account and msg me through the account, thats why I thought It was trustworthy (I try to stay safe on the internet but things happen) Long story short Im still worried some of the malware could still be in my comnputer. Do you have any recommendations of how I can double check my system is clean @Low Level Learning
I would love to learn how to do some of this stuff! Where can I get started? Additionally, would something like Virtual Box work to run the virus? If not what do you use?
Now imagine what's it like for malware researchers. You go trough all of those hoops every day, just to find out that it's an xmr miner
It runs monero miner while waiting for something better.
let me guess not a big computer guy?
@@Kristukas1337 average chris with python as his pfp acting like he knows everything. you probably tell your classmates you're a hacker
@@mraloush8959 I think the video on your channel speaks for itself
@@Kristukas1337 lmao
The creativity of the hacker to just name the game as an already existing one
ooo ciao specky!
One that of a game that is very known and has a known indie developer. That's like writing FnaF 17, and people recognizing the user is not Scott Cawthon.
Pretty sure the guy who wrote the malware isn't the same one who is spreading it.
no way its the real specky
@@aziskgarion378 To be fair, nowadays FNAF is community run, as Scott Cawthon retired.
LLL had edited the vast majority of that scammer messages text so that no one actually typed that URL in and got scammed so I just assumed he (LLL) named it after a known game to be more anonymous. But yeah it’s definitely possible that’s the one part of the URL he didn’t change you never know
1:26 Looks like the malware maker uses Sprinthost's technical domain to host the virus. The subdomain is the username of the client. It might be a good idea to inform the hosting provider that one of their clients uses their servers for malicious purposes. The clients must provide the scan of their passport (or other documents if it's a legal entity) in order to use their services.
yeah i saw that too but its not really worth it tbh well if i wanted to maybe for the lulz yk
@@evoluckievo ???
@@Renni-kg6vf the domain is known for malware
Might not have been the hack of the century, but still interesting to learn what they were attempting to do. Could maybe do a video in the future trying to dig into it a bit more? Maybe even an overview on how to write a deobfuscator? Would be neat
Yes pls
I second that
Yes
It's the Hack of the ... Last Five Minutes! :D
I wonder if chatGPT could deobfuscate… Hmmm…
I could enjoy a 30 minute video on this topic.
True
Yeah me too
Lol and so i can 😆
Count me in
I would as well.
A longer video explaining the intricacies of your discovery process would be awesome.
Noted!
@@LowLevelTV this video is kinda useless since this wasnt sent by a human. it was a mass dm tool which has responses for everything
@@pancak3 but useful nonetheless because some people have no idea that this happens.
Also an idea on what not to do, or how to run it in a decent environment.
Nice. Tell us more about the sandbox tool at 1:45. Is that something I should know about? I was expecting a VM, is this some wrapper for a (cloud?) VM? What considerations do you make before running sketchy binaries to avoid them breaking out of the sandbox and affecting the host system?
@@Finkelfunk thanks I never heard of that before
Sandboxes designed for malware are pretty much normal virtual machines with extra features to help with analysis. Sandbox escape malware isn't usually an issue for the analysis environment if other precautions have been taken like making an isolated network segment (with a managed switch you can create vlans)
thoughts on windows sandbox?
@@tacokoneko Sandboxie-Plus. It is open source too.
@@tacokoneko But its still on YOUR device...
FYI, the first stage is called a dropper because it downloads/drops malware from another computer onto yours
A friend of mine got hit with a similar scheme but this one stole passwords and other data from chromnium browsers. Once I found the malwares put requests I may or may not have uploaded a few hundred fields of fake generated data into their server.
Should've made an sql injection
@@vinylSummer stealers dont store data in sql dbs most of the time and if they do it is most likely sanitized so wouldnt work
@@vinylSummer what is this? the 90s? if they smart enough to develop such kind of software they surely wont have a sql injection vuln lol
“I just ran it” and that actually is often the easier thing to do. Because some code can indeed be hellishly obfuscated or even compressed and/or encrypted and to reverse engineer that can take ages. Just running it, whilst having wireshark logging and memory dumping the data segments and on Linux I live to run strace or Solaris truss as well. And see what kernel calls with what data are done.
Now I never reversed engineered malware but mainly copy protection and old unsupported software (statue of limitations has passed 😂), or create cheats in games (a lot of that on this channel too) and debug unsupported code that still ran (and probably still is).
Being able to use windows filtering platform efficiently makes you immune to %99.99 of malware...
Would be good to explain in as much detail as possible what steps you take to ensure a virus will not be run on your main machine and will definitely be isolated to the sandbox of your choice. Don't want a random 14 year old feeling invincible, only to get their mom's laptop pwned because they don't know how to put a VM in the DMZ.
He isn't using a VM machine in this video
considering the sandbox he uses isn't running on his network and instead is an open web-based platform designed for inspecting malware, I'm pretty sure nobody will get the wrong idea from this video
@@ToxicAtom ninja
It would be great to see a detailed video on how you reverse engineered this. You speak through your process so casually when it’s actually super impressive stuff you’re doing that I’m sure a lot of us would like to better understand
what details do you need he pretty much explained it all.
Because it's not super impressive, you just lack background.
@@balllord3546 there is a difference between a summary and a detailed explanation my friend.
all he did was look at strings in ida and run it in a sandboxer tho xd
@@Rottenham12345 bigdraco literally said all he did. this is literally all he did there is no more detail to mention unless u want to look at the sandbox’s analysis more as he didn’t unpack the final stage
This is really interesting, the entire idea of reverse engineering and looking for those hard coded urls and files is really smart.
I’d love to see a course on decompiling executables and understanding their purpose.
Happy new year!
Doesn't work if it obfuscates URLs (like calling a parse function from some weird encoding made just for that purpose), or if if just uses good old plain encrypting/decrypting on the go. But network analysis should capture it just fine.
In a real world scenario, viruses would have that URL obfuscated. It wouldn't be that easy.
@@ChrisTheCringe true.
@@ChrisTheCringe this was a real world sample!!
The first stage just didn't use advanced protections like the 2nd did
very intelligent od someone to drop an malware disguised as a game, on a programming discord community
Great video, I would enjoy a detailed explanation of your approach to reverse engineer the binary
Coming soon!
@@LowLevelTV Looking forward to it!
This is actually a great topic. I have a few games that are open source but the only remaining versions of them are infected. So here I am learning how to decompile them to remove the malicious part and compile them again.
What I wonder is how their code could just be run and automatically be allowed to disable essential defense programs.
Shouldn't there be tons of checks screaming "Yo you're shutting down Windows Defender? No problem we'll just shut down all access to the computer, reboot and automatically put it in safe mode while writing a report on what you just tried to do".
There are a lot of good malware reversing researchers here on youtube. Many don't like to/are not capable of jumping into IDA. This is great!
Finding playtesters will now be even more difficult 😟
Does that mean that if you run this without internet access, it will do nothing?
well it will still disable registry antivirus etc and probably store itself in registry/startup for persistence
0:33 Folders named \Cryptor\Loader runpe huh? Really subtle hacker, reaaaaly subtle
Yeah they left a TON of build artifacts in that loader. Wild.
This is why I can’t just “throw on a video” around people for everyone to watch. This is the kind of shit I like.
just found this channel and I can't stop watching his videos
".ru" what a surprise.
php file's named bebra as well which is a russian meme so
anyone from anywhere could rent that russian hosting. So it doesn't usually say about hacker nationality
xD...
@@bill8126yeap. Some people need to see the host map around the world and realize that you don't need any identification docs about you to buy host😂
i almost fell for this a few months ago
but the part that made it believeable was it from one of my friends hacked accounts. and he was developing a basic platformer so i didnt think twice about it.
i only realised once a cmd opened and discord restarted to the login page.
That sucks, did you just reinstall windows after that?
That's like "almost" falling for an irs scam when you already gave them 500$ of gift cards
That's funny. Always wondered why nobody ever took my old DOS screensavers back in the 90s. Then I realized they thought everyone on the internet was out to get them.
What do DOS screensavers have to do with this?
actually your IP doesnt matter! just restart your router and you will get a new one. leaking your IP address is only an issue if you have a static one which im 99.99% sure you dont have.
DHCP be like
@@LowLevelTV DHCP only assigns private IPs to your devices connected to your router. You probably have heard that we are running out of IPs and for the most part this is true, but to combat that issue NAT was invented, which resolves this issue by translating your private IP address into the public IP everyone see on the internet. This way IP addresses are not wasted to end users who realy dont need them.
@@LowLevelTV you can check that you really only have 1 IP by searching 'what is my IP' or something similar on multiple devices.
@@wChris_ ISPs give out residential IPs by DHCP themselves (hence why your IP can change when you restart your router).
Because of the hacker like this. As an indie game developer, it’s hard to find someone to play my game and they started accusing me of being a scam 😔
Nice video, you should do more videos about this IDA tool, it's really interesting
More to come!
whoa , this is new content or am i missing such content on your channel, may be youtube is filtering such content of your channel to not show in my noti... they might be watching me (or my history) 🤣 as if... anyways great video , never thought of skipping as every second of the video was nicely curated and data being pitched in simple way. the comic timing was awesome and fairly placed with the context of the video. Keep up the good work, simply put enjoyed this one.
This is a VERY common occurrance on Discord. Hackers, malicious actors, cybercriminals, even terrorists.
obviously
I wish one of my friends knew about scams like this before he lost his whole online presence due to a virus
Just imagine being the hacker and seeing this video.
I had a similar thing, got send to a website to download their game, reverse engineered it, was a basic cookie/discord session stealer, including the non obfuscated code.
Bro could have given you a legit game with a silent miner compiled into it and most people would have no idea. Weird hacker with absolute no idea...
"Hacker is gave me a game" - What a great and completely correctly written title.
There's been a virus around on discord working kind of the same way as this although it gets access to accounts and someone text the hacked accounts friends from it which makes it so people dont think about downloading the file and running it. My best friend had this happen to them and the hacker sent the file to me from their account and i almost fell for the trap, my friend is too stupid to make a game so was skeptical from the start ahha
wait, the person named "not a hacker" reminds me of when i created my discord account, i called it "not a hacker" but then i decided to change it
reminds me of the time i wanted to watch a movie and ended up finding out that its a piece of shitty malware with a stupider method of delivering its payload
Bro got out of there as fast as he could 💀
Me looking up reverse engineering malware.. Because i downloaded a pre activated software i need for my work... And here i am... Learning something new throughout the vid
Thank You 💯
Dumb people: download malware
Smart people: avoid malware
Reverse engineers: download malware
how is called that app that you used for sandboxing?
Great video
Guessing the game requires admin privileges like anything else on windows
I liked the part where you "found their IP address"
Nice video man, be careful with your IP
that "game me and my friends made" actually sounds like the users discord account was hacked and then the hacker sent the malware to everywhere that user was on in hopes some would click it
Just wanted to check it someone can reverse my malware, thank you!
reverse engineering series ? tips and tricks and longer beginner to advanced videos?
I miss the time where the discord malwares where simply stealing your discord token to get access to your account by sending it to a webhook. I had fun times spamming the webhooks with disgusting imagery.
these still exist
@@balllord3546 sad then. I only got crypto miners in the past year or so.
man really uses light mode and dark mode at the same time
oh hey that's totally not my evil hacker clone in the thumbnail!
I fell for this one myself! Not sure why I ran the file, I was like 99% sure it was a hacker but they messaged me from a friend's account that I hadn't spoken to in a while. Not sure exactly what happened in the background but I'm relatively certain they stole my cookies. I found them logged into my discord and kicked them off almost immediately before wiping my whole system.
thanks for making a video about this, you never fail to amaze me :)
love reverse engineering
Glad you liked it!
@@LowLevelTV also what's the name of the online sandbox you used?
Can someone make a game where the plot is making all your files encrypted like how ransomware works. Instead of paying to get access to your file, the victim must play a lot of puzzles, mystery or any games that filled with like lore.
For example, the encrypted files will be called "princess" and the victim is the hero. The hero must finished all task like puzzles and secret messages to get access to another levels until they reach the final level where they save the princess "their encrypted files" and that virus is completely gone to the computer.
i found it interesting but no one done it.
There was a similar malware campaign from 6 months ago where they ask people to check their game and it check, saved passwords, discord auth token, cryptocurrency information, etc to a russian ip. My friend got hit by it and they stole discord token and ran it using a automated to script to further distribute the malware to all server and his friends
Yeah this is a pretty common discord scam, seen it too many times. Funny everytime, great breakdown.
the last thing you must do: DDOS THEM.
Happy new year!
Thanks for sharing this very nice piece of information! There’s a lot to learn I guess 😀
Keep them coming, I’m hooked 😉
Thank you! You too!
I've received a very interesting malware once, that was a Java file, but all classes and functions were renamed to sound like they were part of a game.
(Like "Map", "House", "Inventory", etc.)
But if you looked into the classes you could see by the behavior that this wasn't a game at all.
So be careful when trying to assume things from using string.
Some madman might have been smart enough to just rename everything.
Yes or appended some sneaky code into legit classes.
Lmao. “What the hell dude”
Do you think they ACTUALLY stood a chance? 😂
he knew it was malware before he even checked it💀
as soon as he saw the file size he knew
i could watch a 5 hour video of this dude just reverse engineering viruses
All that work just to harmlessly mine Minero. I'm honestly impressed he didn't take it any farther.
I had this several times already. It installed Windows, it was full of monitoring user metrics.
Ngl this was sent to me by my friend (he was hacked) and I thought it was my friend who actually sent it, so I opened it and literally all my accounts were stolen. Luckily I managed to recover every single on of them. Be safe out there ladies and gents
this was awesome, I would like to see this more in depth . keep up the wonderful work.
I consider myself somewhat critical when it comes to downloading and executing software from unknown sources, but man, I would've definitly been the idiot who downloaded that "game" to be nice.
Thanks for reminding me that 1. Malware could be anywhere and 2. I am an idiot
You're not an idiot, just a friendly and helpful person.
I reverse engineered an .exe compiled python cookie logger, got bros webhook and spammed it
interesting, the "games" i receive off of random people on discord are usually a packed nodejs program that attaches some sort of discord logger onto your client that sends them any sensitive information you may input into discord such as passwords, credit card details, etc via a webhook
that may be Doenerium off of github, hate to see it
I gotten that type of DM's like 4 times from random people. I ignore them generally but, the very last guy that tried, I was curious of what the scam was since it was the same pattern as I know there is scams on discord. I asked him what kind of game it was blah blah blah. He did not give me much info so I confronted him about how is it that I get DM's from different people with the exact same story. He never replied lol.
can you please make some tutorials, or a roadmap video on how to get started with low level programming and what should a normal beginner level coder do to learn the extreme basics stuff like reversing a software and how to read it , not only for knowledge purpose but as a career too
Man I would sit and watch a 3hours full video on this issue without getting tired. I loved it. Some more pls
>the second payload site is in russian domain
Why am i not even surprised? Every fucking time.
moral of the story: dont trust anyone with a clyde profile picture
That's reason why so hard to actually make people test my games everyone thinks it's virus T_T
Wow. I actually received a DM with a request like this a while ago, I told them I would soon and I promptly forgot about it a few minutes later. They asked if I had played it the next day or the day after and I told them I was busy (I wasn't busy I was just too lazy to play it). I forgot about that person and the game a few minutes later after replying. I didn't know that was a scam until now!
Actually got sad this was only 2 minutes :(
I have seen malware that steals your discord token and uses your account to spam your friends with the same message that got you (probably not the only thing it does).
I got a similar one once, but from a friend, who was actually in gamedev at the time, so I didn't question it. I downloaded and ran it and noticed that:
1. it opened the nodejs terminal for a split second
2. i was suddenly and suspiciously logged out of discord
I suspect it was some sort of keylogger (most likely injected itself into discord hence the nodejs stuff, logged me out, and waited for me to put my login details again). I of course deleted the virus and nuked discord before reinstalling.
If it closed discord that means your token was stolen. Discord (and other apps) have some protections in place for having the token stolen, so it only stores the token in a readable state when closed. But, logging out refreshes the token, so it also injects itself into discord to capture new tokens when you log in again.
They also are usually stealers (or at least, include stealers, because why not), usually stealing saved passwords from browsers, crypto apps, tokens of other applications, saved credit card details, etc first.
@@nanahiiragi723 this simply is not true (that discord has protections for having your token stolen
@@balllord3546 nope. if you run virus, then your discord token can be easily stolen
@@nanahiiragi723 tokens are stored in cookie, cookie is easily grabbed
@@gtxg. no theyre stored in localStorage
Great video man, super interesting
would be nice if you explained some of the other stuff more, like why it took a desktop screenshot.
for example bank app shortcuts or something valueable
it would be so good if you said "nice mining simulator" 😂
How about this.
Make the malware writers regret the day they touched your server. Make them shit their pants and scream that all their data and bitcoins are gone. When in reality, they're just crying wolf for no reason.
bro made a whole crypto miner meanwhile me sitting here making a vbs script thats obviously a virus that opens a bunch of cmd prompts and notepads to annoy you💀
It is more sad that they know if they forward it to enough people, SOMEONE will run it.
Hey I had this happen to me from someone I thought I could trust. I think they hacked my friends account and msg me through the account, thats why I thought It was trustworthy (I try to stay safe on the internet but things happen) Long story short Im still worried some of the malware could still be in my comnputer. Do you have any recommendations of how I can double check my system is clean @Low Level Learning
it feels amazing to understand assembly language
funfact: now this link returns error but the entire site seems to be so scetchy that virustotal reports this site as malware even with 400
This is why i block connections for software that i don't 100% trust before i run it even if tested with an antivirus
Happy new year my friend. 😊
You too!!
@@LowLevelTV Thank you. 😊
they didnt even bother to obfuscate the strings
Really nice and clear content, thank you to make people mora aware of how this kind of attacks work! 🙂
man you have cool job, i wish i know how you do or where did you learn all of that. Its so cool.
My friend actually fell for this exact virus ☠️
great workflow! love ida also!
So would you say Ida got your back. Love the content
hacker gave him a hack and he hacked it.
Mom can we have Celeste 2?
Mom: we have Celeste 2 in home
Celeste 2 in home:
I would love to learn how to do some of this stuff! Where can I get started? Additionally, would something like Virtual Box work to run the virus? If not what do you use?