With the outpouring of feedback on the original title of the video "Godot Game Engine Makes Malware", I've changed the title to "Godot Game Engine Used to Make Malware". If you don't like that title either, please tell me exactly what title you actually want, and we can crowdsource -- with our powers combined, we will make all TH-cam commenters happy forever. EDIT: After some further comments, I've changed the title further to "Godot Game Engine Can Be Used to Make Malware". Let me know if that still doesn't tickle your fancy and what exact title you would prefer instead. EDIT AGAIN: Thus far the TH-cam Commenter Collective seems to like "Godot Game Used As a Malware" so that is set as the new title.
you shouldn't need feedback to realize that title is idiotic, you have almost 2 million subscribers, how about acting accordingly with some level of responsibility? i guess a good clickbait is more important than anything else these days
@@aventu-yt I'm not sure, that would read "Godot Game Engine Used as Malware Loader", but the article and demo doesn't show the game engine itself being a malware loader... it is what the game engine makes as a game that is malware. 🤔"Godot Game Used As Malware"?
Why not windows, linux or mac os used to make malware? Or loading files used to make malware? Google chrome makes malware? The engine is used as a dropper, not some malware making program. Godot is not some more sophisticated metasploit.
Are there many open source projects without large corporate backing that have the legal resources available to fight mid level, niche TH-camrs? I surely would stop donating if that's what they were doing with my money. It's clickbait, but that's why the logos gave us the ability to discern. Won't be the last clickbait you ever see.
I have a big issue with your title. It implies that the Godot Game Engine itself is what's responsible for creating and executing the RAT/Malware, and not the programmer who's deliberately sending an HTTP request to download a file and executing the executable. This is akin to saying that "Python Makes Malware", "C++ Makes Malware", "Unity Makes Malware", or "Unreal Engine Makes Malware". The title can't even be considered as clickbait, since it's just a flat out lie. Yes, I know you address this stuff near the end of the video, but that's the problem. It's near the end of the video, and the majority of viewers won't make it anywhere close to there. Anyways, I'm just hoping you'd change it to something more accurate (such as "Using Godot to load Malware" if you want to include Godot in the title, or "Loading Malware via Network Requests" if you want to account for the other platforms that can do this.) Thanks for taking the time to read this request.
Yeah, I jumped a little when I saw the title and paused another video just to watch it, because I have used Godot actively, but I'm glad your comment is the first I saw so it eased my mind
John has slowly become a typical youtuber nowadays. He's unnecessarily inflates video length to get more watchtime. It made be unsubscribe him from the first place. Now with this outright clickbait.... Nah.
I found this video to be quite interesting to watch overall. Additionally, I'm a bit concerned about the choice of title. While the content of the video was valuable, a title like that could potentially contribute to bad rep for the Godot engine. Godot is a smaller, open-source game engine, and perhaps a more neutral or balanced title would have been better as from seeing the title it would've made me think, like others have pointed out that it was the creators of the engine distributing malware themselves. Nonetheless, I appreciate you taking the time to share this information with the community.
Not changing the title yet despite people complaining doesn't make people happy John, it's frankly a little shitty. Edit: A lot more clear now, thanks!
I mean godot is just a game engine like several other game engine. whatever you did in this video can be done even in python pygame . Seems like a click bait .
yeah i dont really understand what exactly is godot specific in this method, to me it just seems like a shitty video to attack an open source project without any valid reason especially with the original title
Can't you do the exact same thing with python exe or nodejs exe? The point is signed exe doing unsigned behavior and you can do that with any script runner 😅
if people execute not signed code by unknown author what's the point? Godot it's only a mit opensource framework to create gAme without developing all the boilerplate of the physics rulez
Hey! A genuine question is here. Whatsapp shows me a warning message asking me if I trust the sender whenever I open a pdf document sent by him. Can pdf files be malicious? What about .docx and .ppt? Is there any chance I could get hacked opening some of these files carelessly?
pdf files can run javascript code, which means they can pose a threat, but can not for example deliver a payload without other exploits. However, they can make webrequests, meaning they can leak your IP address, and information how you are reading the pdf at the very least. This functionality is intentional part of the format but can compromise privacy. Plenty of PDF exploits have been found previously, so it is safe to say more will be found in the future as well. An example I found by quick search leaked the victims hashed password on windows, by trying to fetch content from an SMB (network share) server controlled by the attacker. To authenticate, the victims machine automatically submitted their credentials, but with hashed password. This is a real risk because a weak password could be broken with a dictionary attack. And in vulnerable environments (where older authentication method for smb is still used/allowed) this attempt to connect is enough to stage a man-in-the-middle attack to gain access to the wider system. So altogether, PDF files do pose a risk: - they can leak private information - they might be able to exploit a new or still unknown vulnerability of the reader you use - they might be able to exploit other vulnerable aspects of your network Mitigations against this are pretty easy, however: - always use an up-to-date reader - disable use of javascript in files in your readers preferences - scan any suspicious pdf you reseave with antivirus or malware detection tools, to see if it matches a known fingerprint (however not matching one does not mean the file is necessarily safe)
Any file you download can be a virus. If hackers find a way to exploit the program you use to view document files they can leverage that to send you a malicious file that when read with your pdf viewer or etc then executes some malicious code
Currently every single comment in the comment section (I scrolled through all of it) is about the old title being bad, so I want to add my comment just so it isn't all negative :) I'm 3:28 into the video so far, so I haven't seen most of it, but it's already interesting to realize how this could work. I've been very slowly trying to learn Godot (it should be very easy for me honestly, I'm great at programming in a lot of languages, but I can't keep focus long enough to really learn Godot for some reason), but I don't know much about it yet at all, so I'll probably learn quite a bit from this video. In general I've learned it's very frequently easier to learn from using something as it wasn't intended to be used than using it as intended, and this is definitely the former, so it should be fun :)
I read the article about a month ago as I am a Godot fan and I was amazed...it was a great read...and a somehow obvious vector that everybody missed...it's pure evil genius
Did you watch the video or bother reading the article? This isn't exclusive to Godot, you can achieve the exact same thing with almost any other game engine.
@@gamersunite9026 nah i was just joking, i actually use godot, and i know in this case, the bad guys "abused" the engine and that you can do this with any engine. when it comes to the engine... it's kind of bad, important features are "hidden away", it's messy ui etc... but i accept it anyways because it's one of the few good open source game engines, it don't really like using stuff like unreal or unity.
You can make malware with anything that can make code, this is probably just a heads up to be aware when downloading games/software in general. This is just an example using Godot, you could make malware with GameMaker, Unity, Unreal, Java, Rust, etc. and Godot is a very good engine for it's purposes.
How so? I personally think that Godot's existence, as a free-and-open-source alternative to the duopoly of Unity and Unreal is ultimately a very good thing for the game development ecosystem as a whole. After all, if Godot didn't exist as a viable alternative, the duopoly would be able to get away with much scummier business practices. Just off the top of my head, do you also remember the Unity Runtime Fee debacle (and other enshittification tactics recently employed by Unity Technologies)? And are you aware of Tencent's notable investments in Epic Games (and the fact that Unreal Engine's current 'free-to-start using' pricing model is thanks to this investment)? Now, with these rather worrying blemishes on the record of Unity and Unreal, would you agree with me that it's better to have a fully usable alternative engine out there which one can start using right now (Godot) than it is to be obliged to put up with the continued enshittification of the Unity/Unreal duopoly?
@@SkyFly19853 But why is it unnecessary? Is unreal engine also unnecessary because they made their own blueprint system? If you don't like it because they made their own language then you can use C# in Godot instead of GDScript.
With the outpouring of feedback on the original title of the video "Godot Game Engine Makes Malware", I've changed the title to "Godot Game Engine Used to Make Malware".
If you don't like that title either, please tell me exactly what title you actually want, and we can crowdsource -- with our powers combined, we will make all TH-cam commenters happy forever.
EDIT: After some further comments, I've changed the title further to "Godot Game Engine Can Be Used to Make Malware". Let me know if that still doesn't tickle your fancy and what exact title you would prefer instead.
EDIT AGAIN: Thus far the TH-cam Commenter Collective seems to like "Godot Game Used As a Malware" so that is set as the new title.
you shouldn't need feedback to realize that title is idiotic, you have almost 2 million subscribers, how about acting accordingly with some level of responsibility? i guess a good clickbait is more important than anything else these days
"Used as Malware Loader" would be accurate.
@@aventu-yt I'm not sure, that would read "Godot Game Engine Used as Malware Loader", but the article and demo doesn't show the game engine itself being a malware loader... it is what the game engine makes as a game that is malware. 🤔"Godot Game Used As Malware"?
Why not windows, linux or mac os used to make malware? Or loading files used to make malware? Google chrome makes malware?
The engine is used as a dropper, not some malware making program. Godot is not some more sophisticated metasploit.
It's honestly disappointing to see this sort of clickbait from someone who is knowledgeable in the topic.
That clickbait title is almost litigious.
Are there many open source projects without large corporate backing that have the legal resources available to fight mid level, niche TH-camrs? I surely would stop donating if that's what they were doing with my money. It's clickbait, but that's why the logos gave us the ability to discern. Won't be the last clickbait you ever see.
Next video: Rust and Go make malware
One could make Rust malware using Bevy game engine 😂. And boom: that's how you can be triggering game-devs and rust-fans in one go.
Clickbait. I thought Godot creators were distributing a malware.
What was the title?
@@jamnagang7462 "Godot Game Engine Makes Malware"
I have a big issue with your title. It implies that the Godot Game Engine itself is what's responsible for creating and executing the RAT/Malware, and not the programmer who's deliberately sending an HTTP request to download a file and executing the executable.
This is akin to saying that "Python Makes Malware", "C++ Makes Malware", "Unity Makes Malware", or "Unreal Engine Makes Malware". The title can't even be considered as clickbait, since it's just a flat out lie. Yes, I know you address this stuff near the end of the video, but that's the problem. It's near the end of the video, and the majority of viewers won't make it anywhere close to there.
Anyways, I'm just hoping you'd change it to something more accurate (such as "Using Godot to load Malware" if you want to include Godot in the title, or "Loading Malware via Network Requests" if you want to account for the other platforms that can do this.) Thanks for taking the time to read this request.
Yeah, I jumped a little when I saw the title and paused another video just to watch it, because I have used Godot actively, but I'm glad your comment is the first I saw so it eased my mind
John has slowly become a typical youtuber nowadays. He's unnecessarily inflates video length to get more watchtime. It made be unsubscribe him from the first place. Now with this outright clickbait.... Nah.
Shocking... Next thing you will tell us one can use C++ to write a virus too 😂
this title will bring a bunch of "oh i KNEW godot was bad" comments from people that dont even watch the video and just read the title.. amazing
Next Video: C# and C++ makes malware, aware!
Stupid clickbait title.
I found this video to be quite interesting to watch overall. Additionally, I'm a bit concerned about the choice of title. While the content of the video was valuable, a title like that could potentially contribute to bad rep for the Godot engine. Godot is a smaller, open-source game engine, and perhaps a more neutral or balanced title would have been better as from seeing the title it would've made me think, like others have pointed out that it was the creators of the engine distributing malware themselves. Nonetheless, I appreciate you taking the time to share this information with the community.
You are going to get a shit load of downvotes for that title
who cares Godot has gone to the dogs as is.
WE FOUND A UNITY DEV
@@andrewkelley9405 that drama about godot just exists on twitter, not in the real world.
@@andrewkelley9405 Common Unity L
This is clickbait. Do better.
crappy clickbait
This is one of those video you shit out when you just need the sponsor money. No respect for your fans
Not changing the title yet despite people complaining doesn't make people happy John, it's frankly a little shitty.
Edit: A lot more clear now, thanks!
Are you 12-years-old? really? reaaaally?
I mean godot is just a game engine like several other game engine. whatever you did in this video can be done even in python pygame . Seems like a click bait .
yeah i dont really understand what exactly is godot specific in this method, to me it just seems like a shitty video to attack an open source project without any valid reason especially with the original title
Can't you do the exact same thing with python exe or nodejs exe? The point is signed exe doing unsigned behavior and you can do that with any script runner 😅
So, programming language may build an instalable program with malicious intent?😅
DeArrow to the rescue. When I saw the original title, I was disappointed in John.
5:12 When TH-cam inserts a short commercial In the middle of your commercial for your sponsor...
Not the first time...
DeArrow de-clickbaits TH-cam titles and it only costs $1 wow
DeArrow costs nothing btw
Nearly 2M subs & yet your average video views is 70k, no wonder why you desperately needed clickbait.
Yeah, then face the fact that desperate clickbait leads to more falling off. It's a vicious cycle
if people execute not signed code by unknown author what's the point? Godot it's only a mit opensource framework to create gAme without developing all the boilerplate of the physics rulez
Please I am new to Cyber Security, the play list is not so clear on where I can start from . Any direction ?
read articles, books, etc related to the topic, start working with code snippets, watch videos also related to the topic.
Shitty and an unnecessary clickbait.
Anyone with the extension that tells you the estimated dislikes, could you share us some numbers on this one?
It seems that few people really understand what this is about
How does the game engine use the source code? Is it compiled? Can it be detected?
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
Uhh, you guys thought the engine itself was making malware? Like by itself? 😂
Hey! A genuine question is here.
Whatsapp shows me a warning message asking me if I trust the sender whenever I open a pdf document sent by him. Can pdf files be malicious? What about .docx and .ppt? Is there any chance I could get hacked opening some of these files carelessly?
pdf files can run javascript code, which means they can pose a threat, but can not for example deliver a payload without other exploits.
However, they can make webrequests, meaning they can leak your IP address, and information how you are reading the pdf at the very least. This functionality is intentional part of the format but can compromise privacy.
Plenty of PDF exploits have been found previously, so it is safe to say more will be found in the future as well. An example I found by quick search leaked the victims hashed password on windows, by trying to fetch content from an SMB (network share) server controlled by the attacker. To authenticate, the victims machine automatically submitted their credentials, but with hashed password. This is a real risk because a weak password could be broken with a dictionary attack.
And in vulnerable environments (where older authentication method for smb is still used/allowed) this attempt to connect is enough to stage a man-in-the-middle attack to gain access to the wider system.
So altogether, PDF files do pose a risk:
- they can leak private information
- they might be able to exploit a new or still unknown vulnerability of the reader you use
- they might be able to exploit other vulnerable aspects of your network
Mitigations against this are pretty easy, however:
- always use an up-to-date reader
- disable use of javascript in files in your readers preferences
- scan any suspicious pdf you reseave with antivirus or malware detection tools, to see if it matches a known fingerprint (however not matching one does not mean the file is necessarily safe)
Yes those files can be malicious
Any file you download can be a virus. If hackers find a way to exploit the program you use to view document files they can leverage that to send you a malicious file that when read with your pdf viewer or etc then executes some malicious code
Only 20% dislikes
30% now
@@christaylorakaskunk what's it now?
I was expecting better from you. Dislike.
This is this type of clickbait I really dislike. Unsubscribing.
TD for the title
More Zombie malware games
Currently every single comment in the comment section (I scrolled through all of it) is about the old title being bad, so I want to add my comment just so it isn't all negative :)
I'm 3:28 into the video so far, so I haven't seen most of it, but it's already interesting to realize how this could work. I've been very slowly trying to learn Godot (it should be very easy for me honestly, I'm great at programming in a lot of languages, but I can't keep focus long enough to really learn Godot for some reason), but I don't know much about it yet at all, so I'll probably learn quite a bit from this video. In general I've learned it's very frequently easier to learn from using something as it wasn't intended to be used than using it as intended, and this is definitely the former, so it should be fun :)
not godot 😂
Is it the Russians again?
Lol
This was a pile of shit, come on John wtf are you doing? how is this any diffeferent from ANY OTHER PROGRAMMING LANGUAGE ?
First
MHA!
unsubscribed because of clickbait title and cheap content
Creepy
No comment
I read the article about a month ago as I am a Godot fan and I was amazed...it was a great read...and a somehow obvious vector that everybody missed...it's pure evil genius
Grrrrrrrrrrrrrrrrrrrrrrrr me not smort me see Godot dissed me angerrrrrrr
😶😶
how is this clickbait eople
Kernel level anticheat they said .. what could go wrong 😂😂😂
Godot's twitter account manager was a bad person tbh.
has n0othing to do with what the video is about?? 💔
@@gamersunite9026 Yeah it doesn't, I just wanted to point that out.
3d
Fourth
first!
it just never ends, huh Godot?
applies to unity/unreal as well
Awesome content, I'm starting with godot engine and it's pretty cool ^^
john lots of respect from BANGLADESH
i just recommended godot to a friend
Rest assured that this is *not* a problem with Godot itself.
This is like saying 'The C++ programming language can be used to make malware'.
@ yeah, just kind of bad timing which i found funny
Clickbait. Now try the same with Unity or Unreal and see what happens.
as if things couldn't get worse for Godot.
Did you watch the video or bother reading the article? This isn't exclusive to Godot, you can achieve the exact same thing with almost any other game engine.
gonna do this with unity just to make you mad :3
Thanks for the great information.
communists trying to make a good game engine(impossible)
"Everything I don't like is communism!"
SOMEONE opened up the video to comment this without knowing this applies to every single engine...
@@gamersunite9026 nah i was just joking, i actually use godot, and i know in this case, the bad guys "abused" the engine and that you can do this with any engine. when it comes to the engine... it's kind of bad, important features are "hidden away", it's messy ui etc... but i accept it anyways because it's one of the few good open source game engines, it don't really like using stuff like unreal or unity.
I never ever liked Godot engine in the first place....
such an unnecessary game engine...
It is very calming to know, that only the Godot engine can be used to stage malware because it is impossible with other engines :shrug:
You can make malware with anything that can make code, this is probably just a heads up to be aware when downloading games/software in general. This is just an example using Godot, you could make malware with GameMaker, Unity, Unreal, Java, Rust, etc. and Godot is a very good engine for it's purposes.
How so?
I personally think that Godot's existence, as a free-and-open-source alternative to the duopoly of Unity and Unreal is ultimately a very good thing for the game development ecosystem as a whole. After all, if Godot didn't exist as a viable alternative, the duopoly would be able to get away with much scummier business practices.
Just off the top of my head, do you also remember the Unity Runtime Fee debacle (and other enshittification tactics recently employed by Unity Technologies)? And are you aware of Tencent's notable investments in Epic Games (and the fact that Unreal Engine's current 'free-to-start using' pricing model is thanks to this investment)?
Now, with these rather worrying blemishes on the record of Unity and Unreal, would you agree with me that it's better to have a fully usable alternative engine out there which one can start using right now (Godot) than it is to be obliged to put up with the continued enshittification of the Unity/Unreal duopoly?
@@ヽノ-u4t
Because it uses its own programming language which is unnecessary in the first place.
@@SkyFly19853 But why is it unnecessary? Is unreal engine also unnecessary because they made their own blueprint system?
If you don't like it because they made their own language then you can use C# in Godot instead of GDScript.
resetti. my favorite (probably not) animal crossing character