0:36 If you aren't doing anything shady, sandboxes analyzing your application shouldn't be a concern for you. That dialog is definitely a red flag to me.
@@XtremuZ idk. Their excuse is that it doesn’t run as well in a VM environment. I think that’s just an excuse though because why would they go through all of that effort to prevent you from using the product with a license you purchased? It only works on Windows which is the worst part
@@mare65 Shadowplay and instant replay are both exceptionally good pieces of software. If you have no use for neither I guess you could call it bloatware.
I would have thought DLL Hijacking would be more prevalent because it's not that hard to do and can give the impression that the app is legitmate. For example, some of those "cheats" videos could replace a DLL the game uses instead of straight away shipping an executable, which, to a non techy person, wouldn't be that suspicious in comparaison to running an .exe file. Not to mention the amount of sites that upload DLLs and how easy it would be for them to just embed malware in that, while still maintaining the illusion of safety to non techy people.
10:31, why’s it look like it’s a binary text print but if you squint your eyes a little you can see like a guy sitting at a desk with someone over his shoulder? 🤨 Not weird at all. 💀
A video on how to properly use VirusTotal would be very beneficial. I'm new to the Security scene and I use it all the time, but I'm not sure how to 'properly' use it!
Its very simple, GPT could easily guide you through it, you could also very easily google this. You are actively delaying your learning by waiting for people to answer your questions when you could just go find the answers yourself. Eric is not some expert either.
I can answer this question. You need to set your antivirus whatever it may be to scan within files. Usually it's called a deep scan. Also scan for files bigger than 4mb. So for example I'm using Superantispywar. I would turn off ignore files bigger than 4mb. Your scan will take all day but it'll detect. Turn off Ignore non-executable files as you're looking for DLL based viruses. turn off scan only known file types. Turn off Ignore file system information. Hope this helps.
I know I have commented this before, but it would be interesting to see how Smart App Control in Windows 11 does agains this type of attack. It's supposed to check signatures or reputation for executables and DLLs and in theory it sounds like it could protect against a lot of malware that signatures won't detect. Still haven't seen a single test of it sadly.
I can imagine eric accidentally running this on his native machine, and saying “alright, let me run this- FUCK! Oh my fucking god I ran it on my native machine-“
Just curious, I notice the video is in 1440p and 4K but doesn't look much different than 1080p. Are you upscaling to get YT to apply the VP9 codec by any chance?
Tbh nvidia, whether hiding malware or not, has tons of bloat. I know this due to those stupid game ready drivers - there's no way to completely get rid of old ones once you update it. Unironically, it's easier to do a fresh download of windows than trying to deal with nvidia's shit.
I actually pried my Windows 11 activation from a dying motherboard. Using a power supply hotwired with a UPS battery I coaxed the board to boot up long enough to make a Microsoft Account and register the license.
I wouldn't call this new but certainly not as common. Nvidia could verify the expected libraries prior to loading them and I'm surprised if they aren't for some of them but at a certain point it just isn't practical. Many don't need updates very often but those that do would need to be accounted for whenever Nvidia updates their software. I do this for some 3rd party libraries packaged with my programs for various reasons. That said, in cases like this the installer is already a red flag but that wouldn't always be necessary to use this same technique.
Question: Is this technique as viable on Linux (i.e. use a legit executable but a compromised library) as on Windows? Asking because I'm a Linux user and I just realized I don't know how easy it is to use a compromised library on my OS of choice. Guessing it's roughly the same, just don't know.
Of course. It is even easier on Linux, because ".so" files don't have Digital Signatures. Anything accessible to user is available for the attacker. But in order to compromise system library (i.e. installed to /lib/ ) and establish persistence at system level, attacker have to get root access first. This is why you should never execute some software, you just downloaded from external source, as root. This is why you should never blindly trust binary files from external sources. Always analyze build scripts and at least skim through source code, before compiling it and execute it.
@@RmFrZQ Ok, thanks. I think us Linux folks should see if we can improve things a bit, then. Generally, I'm very careful from where I install things and how. If I see any software installation involving sudo, curl and piping curl into a shell, I just refuse to install it because it just feels like a red flag.
@@the-answer-is-42 Oh, don't get me wrong, there are many solutions and techniques exist already. SELinux and AppArmor help with restricting access to areas where some app should never have. Also there are various isolation techniques ranging from simple, like chroot, to more complex, like containers and VMs.
theres a website i like using for software, and its a community who back engineer paid software and when they upload it they leave in the description what it is and how it works
No it does. Otherwise how the hell would it load a chromium WebView in the first place? Search and Read: "Electron Internals: Building Chromium as a Library"
Nahh I'm so cooked 💀. I could easily and maybe already have downloaded legitimate looking software without having any idea it was malicious. I would really appreciate inquiring on methods to determine whether the file(s) I'm downloading are malicious.
Can someone ans my question so some times when I am using my pc my cmd would randomly pop up on my screen and them go away I did the scan and there wasn't any malware or anything like that and I did the full scan FYI so anyone can help me out 😊
I probably dont have any malware since I dont download things often but I hope if I did get one from that one time I downloaded a few mods for Minecraft I hope mcafee can find it worst case scenario a hard drive reset
I don't understand anything that's being said in the video or in the comments. It feels like watching aliens interact, the aliens in question being reddit tech nerds
5:30 I couldn't help but laugh at the CnC server URL. Are the hackers polish or something?? Well that be concerning but there are bad actors in every nation and ours sure has some technical talents that may go astray...
hold on... you have opera?now i know for sure you dont know what your doing.... wait right next toit is firefox? with the lovely mozilla malware... get better at computing before you make vids... i still cant get rid of the empty mozilla maintenance empty registry from the one time i down loaded firefox....
Sponsored by PIA VPN.
Go to piavpn.com/EricParker to get 83% off Private Internet Access with 4 months free!
Dude that vpn is bad for privacy
@@lussor1 i think its legit but not sure tho coz this is the first time i heard the name of this vpn
Eric aren't you the guy who made video on such VPNs?
@@lussor1 The quest for the bag makes people ignore these things
@@BlueIsLeet so true, like nord and operagx everywhere
Got me laughing after running the malware not once but twice
0:36 If you aren't doing anything shady, sandboxes analyzing your application shouldn't be a concern for you. That dialog is definitely a red flag to me.
yeah... Legitimate software devs were also recommending "disable your AV protection and/or SELINUX"..
Solidworks freaks out if you try installing it in a sandbox of VM environment. Very sophisticated anti-VM as well
@@tpd1864blake why is that?
@@XtremuZ idk. Their excuse is that it doesn’t run as well in a VM environment. I think that’s just an excuse though because why would they go through all of that effort to prevent you from using the product with a license you purchased? It only works on Windows which is the worst part
@@tpd1864blakewtf is a vm?
>Legitimate Software
>NVIDIA GeForce Experience
There is a legitimate version of GFE; this is a fake malware version. Popular software is quite often impersonated.
@@soundspark I'm pretty sure what they mean is that GeForce Experience is bloatware that often gets mistakenly installed during driver installation.
@@mare65 Shadowplay and instant replay are both exceptionally good pieces of software. If you have no use for neither I guess you could call it bloatware.
@@paranoiaproductions1221 OBS can do both better with a bit of setup.
@@soundspark scare if/when they outcompete in SEO
I had a dream in which I clicked a TH-cam ad and accidentally downloaded malware onto someone else's computer 😭😭
lmaooo i wish it was like that for real
Stop clicking stuff, my computer is going haywire
bros life cannot be this mundane
I have some malware nightmares as well
5:25 you can tell that someone in that group speaks polish
Kurwa!
kurwa
0:40 "This installer requires administrator permisson to run. Press OK to run the installer, or press Cancel to quit" - less sus.
@@isheamongus811 thank you for the ideas
OK runs it, Cancel runs it quietly
"RUNTMX2.DLL" is missing. "OK"
I would have thought DLL Hijacking would be more prevalent because it's not that hard to do and can give the impression that the app is legitmate. For example, some of those "cheats" videos could replace a DLL the game uses instead of straight away shipping an executable, which, to a non techy person, wouldn't be that suspicious in comparaison to running an .exe file. Not to mention the amount of sites that upload DLLs and how easy it would be for them to just embed malware in that, while still maintaining the illusion of safety to non techy people.
which is why you only use trusted mods from legitimate sources and reputable modders and not shady cheats
It IS prevalent. It's just not used to attack random kids cause doing so is unnecessary.
It is widelly used. Steam client dll is the biggest target
10:31, why’s it look like it’s a binary text print but if you squint your eyes a little you can see like a guy sitting at a desk with someone over his shoulder? 🤨
Not weird at all. 💀
A video on how to properly use VirusTotal would be very beneficial. I'm new to the Security scene and I use it all the time, but I'm not sure how to 'properly' use it!
Its very simple, GPT could easily guide you through it, you could also very easily google this. You are actively delaying your learning by waiting for people to answer your questions when you could just go find the answers yourself. Eric is not some expert either.
I can answer this question. You need to set your antivirus whatever it may be to scan within files. Usually it's called a deep scan. Also scan for files bigger than 4mb. So for example I'm using Superantispywar. I would turn off ignore files bigger than 4mb. Your scan will take all day but it'll detect. Turn off Ignore non-executable files as you're looking for DLL based viruses. turn off scan only known file types. Turn off Ignore file system information. Hope this helps.
@@krispyford6558It only takes me a few hours.
I know I have commented this before, but it would be interesting to see how Smart App Control in Windows 11 does agains this type of attack. It's supposed to check signatures or reputation for executables and DLLs and in theory it sounds like it could protect against a lot of malware that signatures won't detect. Still haven't seen a single test of it sadly.
I can imagine eric accidentally running this on his native machine, and saying “alright, let me run this- FUCK! Oh my fucking god I ran it on my native machine-“
Just curious, I notice the video is in 1440p and 4K but doesn't look much different than 1080p. Are you upscaling to get YT to apply the VP9 codec by any chance?
unrelated I love the dokuro pfp :)
I’ve never seen that being done! Learning stuff everyday
Drivers from the "usual" sources" ? You mean those fake driver websites, not NVIDIA official website?
Tbh nvidia, whether hiding malware or not, has tons of bloat. I know this due to those stupid game ready drivers - there's no way to completely get rid of old ones once you update it. Unironically, it's easier to do a fresh download of windows than trying to deal with nvidia's shit.
Don't activate windows!! stay strong brother
A certain github
these are throwaway vms, no point activating.
I actually pried my Windows 11 activation from a dying motherboard. Using a power supply hotwired with a UPS battery I coaxed the board to boot up long enough to make a Microsoft Account and register the license.
@@soundspark You change the motherboard and license is still valid?
@@seedneyas long as the old motherboard never boots again Microsoft assumes its fine…
the nvidia installer should compair the sha256 and or size
That takes effort and care for security
@@User-kq3od i feel like Nvidia has enoght money lol
The reason why people put passwords is because the antivirus can’t scan it usually this is used to send malware via email.
Don’t download free video editing programs if you don’t want 5 RATS on your device.
are you doing these videos with windows defender on or off? thats a pretty big thing to be an oversight for it
Can't trust anything these days 😓
5:09 "nonce_proof" ... huh? are they using the term, or is that just a weirdly (hilariously) unfortunate shortening of something?
it has a different meaning in cryptography.
Which software did he use to capture network traffic?
The proxy he uses is mitmproxy with wireguard on the vm.
@@SmilerRyanYT thank youuuu
What is the of the tool like wirshark 0:58 here
mitmproxy running through wireguard
I wouldn't call this new but certainly not as common. Nvidia could verify the expected libraries prior to loading them and I'm surprised if they aren't for some of them but at a certain point it just isn't practical. Many don't need updates very often but those that do would need to be accounted for whenever Nvidia updates their software. I do this for some 3rd party libraries packaged with my programs for various reasons.
That said, in cases like this the installer is already a red flag but that wouldn't always be necessary to use this same technique.
I'm gonna guess DLLs!
Question: Is this technique as viable on Linux (i.e. use a legit executable but a compromised library) as on Windows?
Asking because I'm a Linux user and I just realized I don't know how easy it is to use a compromised library on my OS of choice. Guessing it's roughly the same, just don't know.
yes...
Of course. It is even easier on Linux, because ".so" files don't have Digital Signatures.
Anything accessible to user is available for the attacker.
But in order to compromise system library (i.e. installed to /lib/ ) and establish persistence at system level, attacker have to get root access first.
This is why you should never execute some software, you just downloaded from external source, as root.
This is why you should never blindly trust binary files from external sources. Always analyze build scripts and at least skim through source code, before compiling it and execute it.
@@RmFrZQ Ok, thanks. I think us Linux folks should see if we can improve things a bit, then.
Generally, I'm very careful from where I install things and how. If I see any software installation involving sudo, curl and piping curl into a shell, I just refuse to install it because it just feels like a red flag.
@@the-answer-is-42 Oh, don't get me wrong, there are many solutions and techniques exist already. SELinux and AppArmor help with restricting access to areas where some app should never have. Also there are various isolation techniques ranging from simple, like chroot, to more complex, like containers and VMs.
@@the-answer-is-42 yeah, shady install scripts are a serious threat to the 7 people in the world that use Linux desktop
You have a collection of very useful tools.
Thanks to this now I'm more paranoid to even install signed software
theres a website i like using for software, and its a community who back engineer paid software and when they upload it they leave in the description what it is and how it works
Nice video dude..
Btw what would u recommend as the best antivirus for the best overall protection? Is Norton 360 a good option?
lol
Common sense and VirtualBox if your skeptical
Borderline schizo levels of paranoia, and a keen eye.
Can You make a tutorial for the wireguard thing and how to setup a config for it
Huh... I did not expect that it could be possible to do so!
Thanks for the video!
I could listen to this man speak 24 7 ❤😊
Electron is not CEF
They are separate projects and Electron does not depend on libcef
No it does. Otherwise how the hell would it load a chromium WebView in the first place?
Search and Read: "Electron Internals: Building Chromium as a Library"
the nvidia software you downloaded was a fake one, right?
The installer was legit. The DLL the installer was looking for was not.
nvidia exe is real, libcef is fake.
"new way"? Nah, it's an old way commonly named ratting software where rat is the malware.
Compromised package is not legitimate software
A tale old as time.
i have a feeling i have a ton of these sitting in my pc to cleanse
How
Nahh I'm so cooked 💀.
I could easily and maybe already have downloaded legitimate looking software without having any idea it was malicious.
I would really appreciate inquiring on methods to determine whether the file(s) I'm downloading are malicious.
shouldn't Electron get a hash of all it's dlls?
If you're internal you can just hook everything if you care
Companies don't sign dlls most of the time. It's a huge attack surface.
Can someone ans my question so some times when I am using my pc my cmd would randomly pop up on my screen and them go away I did the scan and there wasn't any malware or anything like that and I did the full scan FYI so anyone can help me out 😊
I probably dont have any malware since I dont download things often but I hope if I did get one from that one time I downloaded a few mods for Minecraft I hope mcafee can find it worst case scenario a hard drive reset
Pretty ironic that you use Opera while talking about malware
I remember trolling PIA customer service. Good VPN though, i bought it afterwards.
Why💀💀
@@SparklesFall its funnye
Have fun getting all your data logged while using PIA!
@@slayyyter4686 it works fine so far, no red flags
Why😔😔😔
I don't understand anything that's being said in the video or in the comments. It feels like watching aliens interact, the aliens in question being reddit tech nerds
How they hook dll on legimated software
Opinion on verizon rn?
the telco?
@@EricParker ig yeah
@@EricParker Yes its down atm
@@Subtleminecraftplayerhuge outage in Alaska, the whole state was out
wait, you guys didn't check every single file from an archieve of a pirated game before running it?!?
Pls, use dark mode in your videos!!
5:30 I couldn't help but laugh at the CnC server URL. Are the hackers polish or something?? Well that be concerning but there are bad actors in every nation and ours sure has some technical talents that may go astray...
hey man can we get a virustotal tutorial
where is the cat girl costume..?
I have GeForce Experience from the Nvidia website am i safe?
of course
If you have to ask a question like that, you're probably not at all safe, and it's not because of a program.
Safe and bloated
Running untested, viewer submitted code at 150k
One of the domain names sounds very Polish :)
Bro's accent switching between American and English and a tiny bit of posh scots, please help me understand what's going on
hi
peak content
Where is the cat pfp Eric
hehehe
You look related to this lol
If anything is free. Genuineley why shouldnt it be malicious
9thj
dude, activate your windows like bruh🙄
this is so easy and has been seen alog time ago its cute you think this hahaha
1st🗿
maid suit at 200k
We don't need to know about your fantasies, thanks.
hold on... you have opera?now i know for sure you dont know what your doing.... wait right next toit is firefox? with the lovely mozilla malware... get better at computing before you make vids... i still cant get rid of the empty mozilla maintenance empty registry from the one time i down loaded firefox....