Apologies for the random repeating parts in like, 2 seconds of the video. Seems like the file got corrupted whilst uploading - just pretend the video is HACKED and EVIL and that it adds to the atmosphere
@@Acoldfox would you rather lose a term (replacable, just takes long time) or lose your entire minecraft account, lose every single one of your files, its literally getting ratted but it effects much more (most likely non-replacable)
Although skyblock rats usually also steal all that other info, too; I still have to agree. The way viruses spread is terrifying, both in the digital and physical worlds!
I wanna make a joke comment but I just genuinely can’t stop appreciating the effort you two put into these videos. This feels like a legitimate documentary and it’s something that I feel like would be interesting even to those that have never played Minecraft in their life.
As a mod developper : A mod running in a sandbox doesn't really at all prevent making mods, as long as you do it well. Example : mods generally never really need to look for files beyond the game's location, so any file outside of that can be made unreachable to the game, without causing any real issue. Only cases where it would be problematic is if a mod needs a shared library to run, although those can just be placed inside of a folder accessible in the sandbox.
Kinda true, but mods (which arent really gonna be played by the public) ie. Instantly shutdown pc when a player dies or things like that won't work in a sandbox.. (other than that i completely agree with your point!)
Got a bit of a scare because only a few days before the scare, my friends and I logged into MC for the first time in ~6 months to play modded for the first time and started a world. Luckily we didnt hit a landmine according to Forge's scan, but we still decided to stay off the game til Forge announced it was safe.
Sucks that so many people are getting hacked just for playing games they enjoy. Its been happening a lot with older fps titles such as the old cod games and even some more recent ones like battlefield 5
17:50 currently, im working on a modding api for minecraft, using javascript. since the javascript engine is as sandboxed as it gets, the mod loader can control exactly what the mod can do. the whole mod loader should be done by early january next year
@@Xnoob545Compared to the JVM? It should be just as fast, since both the JVM and major JS engines use JIT compilation to optimize often-executed "hot" code into faster machine code, based on information about the code that's collected over the time (what branches are more likely, what types are usually used, etc.). Also, JS engines are maintained by folks at Google (for V8), Apple (for JSC), and Mozilla (for SpiderMonkey), so a large amount of effort has been put in to make JS as fast as can be. In the end, JS itself isn't significantly slower than Java, and the only aspect that is likely to be more bloated is file size, since traditional mods are distributed in a literal .zip file containing JVM bytecode, and JS doesn't have such a (standardized and stable) bytecode (V8's bytecode doesn't really count).
Very fascinating video, thanks for doing what you can to spread awareness that people shouldn't just download random mods without checking! I see it way too often even with people I've told over and over again not to.
Thanks for having the courage to make this video and educate us! I remember being one of many using curseforge when that happened and I had no idea what was going on. This educational yet simple video taught me alot!
15:23 this, this right there is why I don't save cookies on very important sites, (and why you shouldn't either) because its basically an open invitation for hackers to steal your login info.
the other big problem is, this is also a situation where you can get multiple false positives, there's plenty of legitimate mods that use classloaders, and this virus also tended to push like slightly different code to each other jar file
Hearing that song confused me, since it's my background music from Wallpaper engine. Spent a couple minutes trying to figure out why it was playing before I realized it came from the video, lul. Really enjoyed the game! :D
I didn't end up using new mods for about two months, and even now I still check every file manually for stuff. I don't use CurseForge anymore because of the way they kinda just don't usually care about normal malware, and only do things when someone big notices which sucks
wait, so if it uses that property to tell itself it's already run, could you potentially protect yourself from it by manually setting that property yourself?
The problem here is that programs which modify a lot of exe, jpg, docx, pptx, mp3, mp4 files are being instantly flagged as suspicious by AV companies, but the same principle doesn't apply for jar files.
The big issue of us mod developers is: we are also just he average person, most of the time we too just trust files our friends send us, because why would we read every single bit of code, for the very small chance something is wrong
11:19 I'm reading the code and the fact that this is another example of "people forget to make viruses for macos so there are less viruses" has never been so true as right here.
The virus came from somewhere..it likely started with one malicious person making the virus and putting it into a mod (probably one of the ones pretending to be other popular mods) and from there anyone who downloaded them grew infected which lead to it spreading to the modpacks they'd created.
They should have a system like tmodloader's/terraria's, where its impossible to get a virus and modding is available ingame and not in sketchy websites. And yes i know websites like curseforge arent sketchy, but as proven, it can still contain viruses.
Curseforge honestly doesnt care about anyone (not mod devs or users) they just want you to see more ads. They only do something if it is a virus or it brings negative attention
Is that me or there is a bug in the original source code at 7:27 before control obfuscation in 4th line: if (n=0) { because n will always be 0 (since n is assigned to 0) and thus that block will never be executed.
Slight correction? Maybe? The community mostly figured out what it was (they found the code and were sending out instructions on how to check your pc for it) far before curseforge did anything..I was there when all hell broke loose and everyone was panicking sending warnings in their servers and everyone was going to curseforges discord server to find out what was up..the panic happened during the night for the curseforge devs so we had to wait a while for them to wake up of which they reposted the info being sent out by others and then worked on the virus checker thing on sight. It was so bizzare to be there during it all 😅one of the mods in their discord server really tried to convince everyone there was no virus and stuff..yea no one exactly bought it and people acted pretty aggressively to their comments. Though it is true we didn't know at the time how infected curseforge was, or if curseforge itself was compromised..it was pretty scary ngl! We didn't know fully what the virus was programmed to do, where it came from (though we had a decent suspicion it was uploaded and infected people who downloaded it and thus infected those people's modpacks which spread it further), but we did know how to check for it! Crazy the virus stayed active that long without curseforge stomping it out (as you meantioned people had been on the case and were contacting curseforge about it about a week prior to the "massive panic day")..they only acted once it had grown to a massive level and everyone was freaking out. I had no idea it was that bad! Currently watching what the virus does..I cannot believe it steals that much omg
there is, in fact, a way to partially mitigate risks like this, which is running mc in a vm, but that doesn’t completely solve the problem, + it’s not something anybody is going to do
"Most mods arent even submitted in human-readable source code" well there's the problem right there. And the other problem is many, many mods' pages just have comments disabled, silencing anyone from speaking up and saying "hey, this is malware trash, do not download".
I don’t know if it’s just me, but when I look at obfuscated text with something like hello or something I can kinda see the text very slightly. Maybe I’m just seeing things.
Thank you i have been wonendering clueless around for far too long because i dont know anything abbout coding/java. Verry good explained even a complete brickhead like me understood it, verry gud👍
Wait, If you have the Ip of the server that sends the virus, can you Legally ddos the server ? like i mean it would be legal to use an illegal tool to shutdown an illegal software
i have this virus in my minecraft server, but virus doesnt work, it tries to login a site, but the site doesnt exist so it gives http error, normally i have to remove all of the plugins and redownload it but whatever, im too lazy for it
Moded is perfectly safe if you have an anti-virus, and be careful of what you download! Getting viruses on decent mod sights is pretty rare..even during this massive virus event only a small amount of the total curseforge users actually were infected (I think like 1% or something they said?), still a massive number (like a thousand or so people) but it was essentially a fairly low chance to be one of the infected.
@@auroraborealis2886 how? I'd say it is safer to play vanilla instead of modded because you know.... you're not modifying the client I have to mention that, even though vanilla is technically safer than modded, that doesn't mean it is dangerous. Not playing modded because you fear that you are vulnerable to viruses is like choosing not to travel by plane because there is a chance that it might crash
Ok my idea is the following: Make the creators pay a small tax, 5 euro or dollars or whatever. The point of this is to make the curse forge team have the man power to manually check the mods. The verified versions should have a check mark to them and boom, problem solved. That's the idea on short. From my point of view this should help them have less mods to verify and keep the players safe. Also the curse forge should focus more on customer supp
@@glitchyslime2538 yeah, it could, but this could be something more what tells you that the mod you are going to play is safe or at least checked by someone. You can still play as normal
u know its gonna be a good day when this madlad uploads edit: i dont think the current situation is good though, but its nice to have an upload from this mans
![Minecraft's Deadliest [Illegal] Hacked Client](/img/n.gif)
Apologies for the random repeating parts in like, 2 seconds of the video. Seems like the file got corrupted whilst uploading - just pretend the video is HACKED and EVIL and that it adds to the atmosphere
What do you mean "pretend". It is EVIL. On a serious note, it's pretty much nothing.
Brain aneurysm go brrr
dont upload a minecraft virus video at 3 am!!!
Yeah
yipee heaven fortress updat
that's 10 times worse than just getting ratted and getting your coins stolen in skyblock
10 TIMES BETTER IF I LOOSE MY TERM I WILL SOB, WHO CARES ABT MY CRYPTO OR MONEY OR PERSONAL INFO
@@Acoldfox they will probably sell your entire minecraft account, so no more term, no more minecraft, no more pc pretty much
@@Acoldfox would you rather lose a term (replacable, just takes long time)
or lose your entire minecraft account, lose every single one of your files, its literally getting ratted but it effects much more (most likely non-replacable)
@@KingTurtle2607 as someone who doesn't have a term, i see this as a win
Although skyblock rats usually also steal all that other info, too; I still have to agree. The way viruses spread is terrifying, both in the digital and physical worlds!
I wanna make a joke comment but I just genuinely can’t stop appreciating the effort you two put into these videos. This feels like a legitimate documentary and it’s something that I feel like would be interesting even to those that have never played Minecraft in their life.
make the joke
It IS a legitimate documentary, but who is Tyler? Is hellcastle schizophrenic?
@@tariksleftnut yes
As a mod developper : A mod running in a sandbox doesn't really at all prevent making mods, as long as you do it well. Example : mods generally never really need to look for files beyond the game's location, so any file outside of that can be made unreachable to the game, without causing any real issue. Only cases where it would be problematic is if a mod needs a shared library to run, although those can just be placed inside of a folder accessible in the sandbox.
Kinda true, but mods (which arent really gonna be played by the public) ie. Instantly shutdown pc when a player dies or things like that won't work in a sandbox.. (other than that i completely agree with your point!)
After seeing this video, I saw your comment and, I completely agree as a mod developer aswell.
@@nicky7006 these are edge cases, a good option would be to be able to disable mod-by-mod sandbox, with the sandbox being enabled by default
Got a bit of a scare because only a few days before the scare, my friends and I logged into MC for the first time in ~6 months to play modded for the first time and started a world. Luckily we didnt hit a landmine according to Forge's scan, but we still decided to stay off the game til Forge announced it was safe.
better safe than sorry, bro.
Sucks that so many people are getting hacked just for playing games they enjoy. Its been happening a lot with older fps titles such as the old cod games and even some more recent ones like battlefield 5
It's a shame. Only need a few people to ruin it for everyone else 😔
17:50 currently, im working on a modding api for minecraft, using javascript. since the javascript engine is as sandboxed as it gets, the mod loader can control exactly what the mod can do. the whole mod loader should be done by early january next year
How is the performance
I love JavaScript myself but am concerned about the slowness and bloat of such a high level language
@@Xnoob545Compared to the JVM? It should be just as fast, since both the JVM and major JS engines use JIT compilation to optimize often-executed "hot" code into faster machine code, based on information about the code that's collected over the time (what branches are more likely, what types are usually used, etc.). Also, JS engines are maintained by folks at Google (for V8), Apple (for JSC), and Mozilla (for SpiderMonkey), so a large amount of effort has been put in to make JS as fast as can be. In the end, JS itself isn't significantly slower than Java, and the only aspect that is likely to be more bloated is file size, since traditional mods are distributed in a literal .zip file containing JVM bytecode, and JS doesn't have such a (standardized and stable) bytecode (V8's bytecode doesn't really count).
As someone who knows a lot about IT security, this was a great video! I loved how you explained everything.
Very fascinating video, thanks for doing what you can to spread awareness that people shouldn't just download random mods without checking! I see it way too often even with people I've told over and over again not to.
i do not like sircow
its our favourite sb creater ❤
wait i swear you had other sb videos
@@dahamvich2789 eh i decided making videos isnt really for me and i only make them rarely now
🍔
This video is great! Love to see a documentary like video on Fractureiser.
2:13 the things in the back ground and the item used to show the infected file are from the mod ae2(applied energestics 2)
Thanks for having the courage to make this video and educate us! I remember being one of many using curseforge when that happened and I had no idea what was going on. This educational yet simple video taught me alot!
Thanks for the info
HellCastle and Tyler know more about malwareanalysys and stuff than i expected
Tyler scripted the entire video
15:23 this, this right there is why I don't save cookies on very important sites, (and why you shouldn't either) because its basically an open invitation for hackers to steal your login info.
the other big problem is, this is also a situation where you can get multiple false positives, there's plenty of legitimate mods that use classloaders, and this virus also tended to push like slightly different code to each other jar file
0:37 This music... did you play that game?
I Hope you did....
If you did how was it?
Hearing that song confused me, since it's my background music from Wallpaper engine. Spent a couple minutes trying to figure out why it was playing before I realized it came from the video, lul. Really enjoyed the game! :D
hopefully he did, very underrated game
I didn't end up using new mods for about two months, and even now I still check every file manually for stuff. I don't use CurseForge anymore because of the way they kinda just don't usually care about normal malware, and only do things when someone big notices which sucks
wait, so if it uses that property to tell itself it's already run, could you potentially protect yourself from it by manually setting that property yourself?
What if someone made a mod that spread like malware, but instead of doing harm, it just added a weird mob into all of the packs?
Herobrine. Everyone would think Herobrine is real😂
There's only 2 routes this could go
horror mob
or
skrunkly little scrimbo
Can we appreciate that this guy used "On Little cat Feet" from OneShot?
One of the most common Minecraft viruses will open the terminal app on your windows device.
The problem here is that programs which modify a lot of exe, jpg, docx, pptx, mp3, mp4 files are being instantly flagged as suspicious by AV companies, but the same principle doesn't apply for jar files.
on little cat feet is such a good song its so fitting for the background!!
Dude i am trying to stop my head from going crazy to the celeste ressurections OST
ah the 1am content from hellcastle, love it! at least it's a weekend...
POV: waiting for the 1 am piece of content that drops every 2 months
Dang it's 1am here too
6pm for me lol
I think I should sleep more bc I stay up like until 5am and wake up around 10 am
1 am gang
There is a version of the virus that actually deletes the virus then opens some anti virus webpages and then deletes itself
That's incredible
@@derpyslurp8779 is just someone who changed the code to be that thing, extremely basic coding
Not impressive at all
@@MilesProwerTailsFox it's impressive somebody did that at all lol
@@russianyoutube no, it’s always the first response to a big virus
@@MilesProwerTailsFox🤓🤓🤓
The big issue of us mod developers is: we are also just he average person, most of the time we too just trust files our friends send us, because why would we read every single bit of code, for the very small chance something is wrong
I am so thankful for the premier countdown music because I almost missed the premiere
This video in short: virus bad connecting to server stealing your entire Computer live
That song from celeste is such a banger tho
I loved that you used AE2 to describe this, great video!
Not related with the video but you using On Little Cat Feet for background music at the start is awesome
That Oneshot bgm mmmhh *chef kiss*
Pog Oneshot and Celeste background music
I like your use of Minecraft mods to explain a virus about Minecraft mods.
11:19 I'm reading the code and the fact that this is another example of "people forget to make viruses for macos so there are less viruses" has never been so true as right here.
Its funny because ik the people that did this and you really barely scratched the surface, it goes so much deeper and in so many more communities
Bro used OneShot music. That's straight up enough for me to like the video.
Btw error: the mods infected were not uploaded by a malicious person (probably) rather they didnt know they had been infected.
The virus came from somewhere..it likely started with one malicious person making the virus and putting it into a mod (probably one of the ones pretending to be other popular mods) and from there anyone who downloaded them grew infected which lead to it spreading to the modpacks they'd created.
They should have a system like tmodloader's/terraria's, where its impossible to get a virus and modding is available ingame and not in sketchy websites. And yes i know websites like curseforge arent sketchy, but as proven, it can still contain viruses.
Curseforge honestly doesnt care about anyone (not mod devs or users) they just want you to see more ads. They only do something if it is a virus or it brings negative attention
I'm glad it was caught quickly and didn't do that much damage, but still it shouldn't have been able to happen at all.
15:24 minor spelling mistake, sorry guy but the hackers win this one.
I was so cared at the beginning because I recently downloaded litematica like day before yesterday and thought that I might have gotten infected
I owned all of the mod packs, but luckily somehow used them all right before they were malicious.
19:24 who else thought he was gonna be sponsored by ExpressVPN
Fantastic video
Also I heard that OneShot OST :D
that guy who was the last really trolled us all
Is that me or there is a bug in the original source code at 7:27 before control obfuscation in 4th line:
if (n=0) {
because n will always be 0 (since n is assigned to 0) and thus that block will never be executed.
Time to start writing a script that overloads the malicious cloudbases with useless data
Or try to make the mod call home and infect the place it came from 😅
@@309electronics5 for realz
i love 11 pm content from hellcastle
i love 6pm content from hellcastle
Alright so is fracturizer gone now for people who has not already got it?
nah bro it feels like that thing happend weeks ago and curse forge already fixed everything
Thank lord I was on my 1 year minecraft hiatus.
Hellcastle made me think that Tyler would speak this time :)
When I got the notification all I saw for the title was minecraft's dead
i cannot overhear the oneshot ost, really good game
Slight correction? Maybe? The community mostly figured out what it was (they found the code and were sending out instructions on how to check your pc for it) far before curseforge did anything..I was there when all hell broke loose and everyone was panicking sending warnings in their servers and everyone was going to curseforges discord server to find out what was up..the panic happened during the night for the curseforge devs so we had to wait a while for them to wake up of which they reposted the info being sent out by others and then worked on the virus checker thing on sight. It was so bizzare to be there during it all 😅one of the mods in their discord server really tried to convince everyone there was no virus and stuff..yea no one exactly bought it and people acted pretty aggressively to their comments.
Though it is true we didn't know at the time how infected curseforge was, or if curseforge itself was compromised..it was pretty scary ngl! We didn't know fully what the virus was programmed to do, where it came from (though we had a decent suspicion it was uploaded and infected people who downloaded it and thus infected those people's modpacks which spread it further), but we did know how to check for it! Crazy the virus stayed active that long without curseforge stomping it out (as you meantioned people had been on the case and were contacting curseforge about it about a week prior to the "massive panic day")..they only acted once it had grown to a massive level and everyone was freaking out.
I had no idea it was that bad! Currently watching what the virus does..I cannot believe it steals that much omg
Damn. As a mod developer they deny my mod for having a somewhat similar checksum or having other jars in my modpacks ZIPs, but they don't catch this.
True lmao
You have given the best coverage on this I have seen. Good job.
fr
0:00-0:18 So, basically "Show some goddamn respect!"
there is, in fact, a way to partially mitigate risks like this, which is running mc in a vm, but that doesn’t completely solve the problem, + it’s not something anybody is going to do
@2:22 also because they have mostly been replaced by worms.
"Most mods arent even submitted in human-readable source code" well there's the problem right there. And the other problem is many, many mods' pages just have comments disabled, silencing anyone from speaking up and saying "hey, this is malware trash, do not download".
bc of the most recent virus infection on curseforge im totally scared to even run moded game
I don’t know if it’s just me, but when I look at obfuscated text with something like hello or something I can kinda see the text very slightly. Maybe I’m just seeing things.
It's kinda hard to get infected on Linux as there are like 0 linux compatible viruses and is also coded that way to easily bypass viruses
The only thing slowing humanity down is other humans being assholes... damn it
why they stealing that much information from me, i literally have nothing to lose
Thank you i have been wonendering clueless around for far too long because i dont know anything abbout coding/java. Verry good explained even a complete brickhead like me understood it, verry gud👍
Wait, If you have the Ip of the server that sends the virus, can you Legally ddos the server ? like i mean it would be legal to use an illegal tool to shutdown an illegal software
I don't think it's legal to DDOS for whatever reason.
@@notactuallyphobic yeah but would it be if we were to stop the virus from spreading ?
That's a really interesting question actually. I'd assume it's about the same as a vigilante
when i tried to install the curse forge anti virus and put that on total virus it was a virus how?
19:26 I thought he was gonna say "SURFSHARK VPN!!!!"
It's a good thing I have a 400 gigabyte backup of every mod I've played in the past 8 years!
2:35 put the turtle down man he dont need to suffer for a explination
why did you have power and a crafting terminal connected to the me system
Thx for the on time news T_T
(but a real thx for a comprehensive explanation of the code)
ONESHOT MUSIC ON THE BACKGROUND! I CAN HEAR IT FROM ANOTHER UNIVERSE
I heard the oneshot music, and instantly recognized it, i freaking love that game!!!!
2:07 "Summoned new Infected Friend" 💀💀💀💀
i have this virus in my minecraft server, but virus doesnt work, it tries to login a site, but the site doesnt exist so it gives http error, normally i have to remove all of the plugins and redownload it but whatever, im too lazy for it
Starting off with Oneshot music, nice
"and if this has ever happened"
*Insert rexona ad*
these viruses are the reasons I play exclusively vanilla mc
Moded is perfectly safe if you have an anti-virus, and be careful of what you download! Getting viruses on decent mod sights is pretty rare..even during this massive virus event only a small amount of the total curseforge users actually were infected (I think like 1% or something they said?), still a massive number (like a thousand or so people) but it was essentially a fairly low chance to be one of the infected.
Modded is NOT perfectly safe if you use Anti-Virus software!
vanilla mc is just as hackable lol
@@auroraborealis2886 how?
I'd say it is safer to play vanilla instead of modded because you know.... you're not modifying the client
I have to mention that, even though vanilla is technically safer than modded, that doesn't mean it is dangerous.
Not playing modded because you fear that you are vulnerable to viruses is like choosing not to travel by plane because there is a chance that it might crash
This type of virus is a worm
Couldn't you disconnect the internet so it cannot connect to the server.
Honestly if I was dumb enough to install the virus aint no way I'm figuring out I have it.
thanks for closure on this
i love how people comment before the video actually is done with the premiere
Waking up to hellcastle's video
day fixed
Cant we just make it so when a virus checks for a virus it’s thinks there’s one but there isint
every time i launch minecraft with atlauncher it scans mods for fracturiser. i love atl
Ok my idea is the following: Make the creators pay a small tax, 5 euro or dollars or whatever. The point of this is to make the curse forge team have the man power to manually check the mods. The verified versions should have a check mark to them and boom, problem solved. That's the idea on short. From my point of view this should help them have less mods to verify and keep the players safe.
Also the curse forge should focus more on customer supp
It could backfire into no longer having people uploading mod there anymore
Which in turn will make CF lose the popularity
@@glitchyslime2538 yeah, it could, but this could be something more what tells you that the mod you are going to play is safe or at least checked by someone. You can still play as normal
u know its gonna be a good day when this madlad uploads
edit: i dont think the current situation is good though, but its nice to have an upload from this mans
'just realizee you used oneshot's ost in some parts of the vid. Did you play the game & if yes, what do you think of it?
but link sayd free robux :(
LOL
The oneshot ost slaps
Am I crazy or can I not tell which is hellcastle and which is tylerrr
great vid!
i actually nearly downloaded Create: Diesel & Oil generators but im glad i didnt
Very informative video, great job as always!