Testing Fileless Malware that works on Every Operating System
ฝัง
- เผยแพร่เมื่อ 21 พ.ย. 2024
- In this video I investigate & reverse engineer an infostealer + clipper that works on Windows, Linux & macOS.
CORRECTION: Syndott is a real Software development house who were targetted by sophisticated threat actors (the same people responsible for what almost happened to our freelancer). They are not involved in this attack
Official Discord Server - / discord
Follow me on X - / atericparker
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate TH-cam stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024 - วิทยาศาสตร์และเทคโนโลยี
Syndott (The real one) responded, what appears to have happened here is a deep ID fraud targeting them. All of their online accounts were taken over, including the domain, which is why things looked as sketchy as they did.
I wanted to pin a comment to highlight that (along with a description edit). I am assuming that every company who's name & likeness was used here is legitimate (& unrelated to the attack).
Do we have reason to believe that though? Does syndott have anything legitimate out at all?
we got cross platform viruses before bloodborne on PC
Damm fr💀
And GTA 6 😔
Correct!
before GTA 6 😔🙏
Before HL2-EP3
Bet it doesn't work on TempleOS
Bet it doesn't work on Windows 95 either. Modern OStards btfo'd.
Just another reason to switch to TempleOS.
@@trevoreyre2775 lmao linux is so bad you need terminal for any basic task
@@trevoreyre2775 All hail Terry
Nothing works on temple os 😂
All those people saying "Yeah but it doesn't work on TempleOS" istg i'm gonna make a virus specifically for this
Making it do anything useful might be more interesting though, since you don't have a network stack...
@@TimeLemur6 replace all files by a clean windows installation
@@Golem642 do you... do you know what templeos is?
@@gibdo1675 I do, but do *you* know how installing an operating system works ?
I was trying to be evil by installing the worst thing you could to replace TempleOS
@@gibdo1675 Technically, if they somehow managed to install Windows via the payload from within TempleOS, that would make exfiltration/c2 significantly easier. 😅
So funny that the payload was formatted in a single loooooooooong line of code. It's like a reverse form of Security through Obscurity.
It's like the old FPS axiom that players don't look up. They assumed nobody would scroll right.
@@alexholker1309 Wat?
@@alexholker1309 ive never heard of that before. are you just making this up?
@@MrAsddasdasda in first person shooter games, players tend to have a blind spot where they don't look upwards that very much. It's not as much of a thing in "realistic shooters" like CS, but tends to show in games where vertical movement is a big part of the game, like TF2.
As a former roblox developer with experience on that platform since 2009, about 75% of roblox game viruses and backdoors are usually hidden as part of the game itself by that exact method. They do a script that actually does what it claims to do, but then append the payload on a random line far off the side.
0/10 virus. cant install on my psp. won't use anytime soon
couldnt get it to run on my Nintendo Wii, smh
Can't even run on my old, broken desktop that doesn't have a hard drive. I'm judging this malware very harshly for that.
0/10? This malware just installed on my LG fridge, now my food is wet instead of cold, I need help!
Nah, this deserves -100/10. Can't install it on my Wii U or my New Nintendo 3DS XL! Terrible!
@@cassiuscartland-1000/10 does not work on my game boy advance
and templeos is still not vulnerable.
security by obscurity
that's like saying your house is secure because you welded solid graphene sheets against the window and door frames and inside was just one big room with an abacus. Also no plumbing.
@@ottergauzeso a million dollar vault you can buy
@@ottergauzesounds like a sick ass house
Finally, a virus that works on every platform
Though I can’t seem to get it to run on my 3DS…must be a work in progress
This looks really interesting! Also the attacker didn't seem to provide any release packages. I am wondering if this could be behind some social engineering attempts to compromise developers or companies by submitting fake inquiries or collabs requests. A cool find indeed!
Edit: You can use git scm on Windows. There is even a portable version and it runs on Windows 10 out of the box. :)
Easier to download zips for a 1 off VM. Also the possibility the repo would get pulled.
@@EricParker
Did the attacker send setup instructions to the victims? I doubt it that many players would be able to follow those commands on the repo description. When I was 14 I didn't even know what git is (or maybe it was me just being dumb lol). Also, their preparation work and deployment look so refined that it even surpasses some APT attacks in complexity.
@@mu11668B This sort of attack is targeted towards developers so they would likely be familiar and even used to the workflow of downloading from a public repo and then building the software locally. In this case it appears the attackers want to target developers for cryptocurrency games(with the goal of stealing credentials and the potential goal of targeted wallets).
I approach all interactions on the internet where someone comes to me with a question, shares a program, or offers something either privately or publicly with the base assumption that it's a social engineering or malware attempt. Other people don't, and while I appreciate that people trust me not to be malicious, the lack of concern and how easily they say yes is uncomfortable. "Thanks for your trust. Don't do it again."
ok but for real, who is dumb enough to fall for these things. ive been on the internet some 20 years now and it hasnt happened to me
It has been less than a week since someone installed a program from a link I sent them without reading anything or performing any scans or searches.
@@Blox117 kids and the elderly usually as well as other people new to the internet.
Build Once Use everywhere !!!
jRat was crossplatform developed in like 2010-2011 using java and was promoted/sold on hackforums. It had its own issues where you could pwn the C&C server. The scary part was that when jRat was released, most AV software didnt even care to scan java files and whitelisted the JVM, so it was undetected for weeks/months on release.
we got Non-OS-Racist/All OS Inclusive Viruses before GTA 6 and Half-Life 3
Virus that will infect mo matter what OS you use before GTA V
Great video. Really like your explenations, you should consider creating a tutorial about reverse engeneering, so a full course or something.
You always bring awesome stuff and almost 100k congrats!
True compatibility some games just wish for
But the real question will this work on MS-DOS
It's not that far off than you'd think. DOS version of Python officially existed, although link to its zip file in web archive is dead. With right tools and network capabilities, it could be possible when compiled from source.
Windows 3.x runs on top of MS-DOS, so that also counts.
remember the cat ears at 100k
I never heard about an virus that work's on All Platforms. You told me about it!
i absolutely have no idea what youre saying but i have been watching your videos and i enjoy them so now im subscribed
TempleOS still not affected, huh?
Clearly the safest OS probably because it's protected by our Lord 🙏
@@Ascendance2001 and doesn`t have internet
@@Maxim67459 Just an extra security measure m8. Can't get viruses if you can't connect to the internet 💯💯💪
Nah, NPM doesn’t care about MITM attacks. It just happily ignores the Windows certificate store.
Neat, I'd love to go thru and deobfuscate these programs it seems legit fun.
best channel on youtube period.
Nice find thanks for sharing it.
i'm extremely sorry for being 7 hours late and not informing anyone about cat ears at 100k for such a long time
Thank god some developers are caring for all platforms.
i got a question when i downloaded a crack software it got a virus but the virus is different, it can upload youtube videos with out logging in my google acc. there's no notifi that my google has been login.
It could just be abusing your session, or actually uploading from your PC.
Probably a cookie stealer
whered u get the crack from, btw?
@@MurasakiShizu that was session cookie stealer malware, go into settings of your account and firstly add a 2FA method and then log out of every session. DO IT NOW BEFORE THEY ADD 2FA then you can be locked out
Rip
SERBIA MENTIONED RAAAHHHH🇷🇸🇷🇸🇷🇸🇷🇸🦅🦅🦅🦅
🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱🇦🇱
All platforms, except the one with the yellow lines
Snort IDS should detect this.
this is what I got caught from, the scroll thingy
Bro is using his computer like a telescope. Zoom at 300%
7:49 this number will haunt me forever....
WHEN YOU SEE IT
i had a perfectly happy life until I saw this number
@@mesalytic what number and why?
@@Avy42F 727, a number that haunted osu! player
WYSI
yeah I used one of those cheap virtual mailboxes for my llc and mine was at a used car dealership
Peter Parker has saved us once again from dodgy mawlare🗣🗣🗣
let's all love lain
Would it still work on OpenBSD/FreeBSD? Just curious
The payload would execute, but it wouldn't find much of anything.
@@EricParker Ty!
Is that what playstation OS is based on?
@@Ahmad-m1h4oplaystation os is based of BSD but i would guess is pretty different from what you can get from smth like freeBSD because playstation has been building on the same base for years
@@Ahmad-m1h4oyes
At this point base64 should be worth investigating in any script.
Can you do a video on the pirated games scene like IGG-Games or other uploaders?
I think that's pretty obvious, they are all modified packages so they will contain some sort of malware with it, you just gotta hope it isn't PC destroying.
If you don't want your information stolen, refrain from pirating games otherwise it's safe to do so.
btw that google street view is 9 years ago but ye its porbably similar
SERBIA MENTIONED 🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸🇷🇸
Drake has been really quiet since they dropped this
How does malware like this tell if you are in a VM or not? Is there a way to make it less oblivious to have a better chance at studying it?
component names and installed tools
Does it works on 1955 analogue computer?
I don't feel like cross-platforming viruses wouldn't be that hard to develop, especially considering ai these days.
New Eric Parker!!!! 😸😸🎉🎉
My pc bluescreened at 12:27 and i legit thought it was part of the video, till it wasnt.
interesting stuff starts at min 10 to 12. "OK"s starts inmediatelly.
What was the outcome when you posted the whole code into ChatGPT? Did you ask it to do an analysis of the whole?
Does it work on AmogOS?
Fellow bringus studios fan!
AmogOS is based on Linux so I’d assume it would
@themirrazz based on linux? What? No its based on debian bro...
@@HackManJay Debian is also based off of Linux. Therefore, AmogOS is based off of both Debian and Linux.
If you see "base64" in a script, it's probably malware.
Finally linux can gain more marketshare with the botnet now being supported on linux too
Is the telegram bot token readable in plain text, if so we can access it and see who is receiving the info and what info is being sent using that bot....
If they stopped viruses running on all computers with the user named lain they would get away with it lol
you should flood their ftp server with random stuff 😂
we got cross platform viruses before gta 6 thats crazy fr fr
how inclusive
don’t think you’re supposed to push the .env file to github either lol
just an html file that dectects what your computer is then downloads a virus based on that and runs it
Nope, this is all js and (what appears to be)python malware. The initial execution is done from an intentionally infected node.js repository and then it fetches additional payloads from server to then run and do additional activities. This attack attempted to get the user to infect themselves by downloading from the repository, using node to create the binary(node will translate the code for their architecture), and then run it(where the malicious code will then execute).
Another great video.
So they have the skills to create stuff this arguably just as sophisticated as the games (just in a different way), they have the ability to create this beautiful website, do all this marketing and get people who are interested in their services.... They have all these skills, so why ON EARTH are they cyber-criminals?!
more money
I wonder if there is a way to make your accounts carry snitching "malware" to people like this.
Lain would never download this software 😢
There was a Minecraft mod that was compromised and that runs on Java which runs on anything that can connect to the internet haha
"winget install git" in powershell is how you get git on windows
It's not executable so it's normal to get undetected
Day 3 asking him to look at aimmy
waiting for a switch version :)
will it work on my freebsd server or my openindiana vm?
BuT mY mAc CaN't GeT a ViRuS!!!
at 8:49 next to the wifi icon pops up a "screen recording" icon
Can you get it on ipads and kindles?
don't forget
So it DOESN'T actually run on ALL platforms, like the title says
and they're gone
hi from belgrade lol nice video tho
TempleOS is still safe for now
oh nah cross platform virus is crazy
Im of those that likes that software is universal. this is not what i meant...
So it's just Javascript malware, I mean yes, that is cross-platform. But kinda bait
we know its you tristan tate
your name for your VM was lain? hmmm.
the cat ears
What about FreeBSD? I use it so I'd definitely like to know.
so.. we have a all platform malware before we can play fortnite on a PSP
minecraft's biggest competeter
does it run on free bsd?
what the fuck did they actually try and base themselves in serbia
Jokes on you, I use TempleOS.
I had a Johnson file about a year ago my laptop I believe I got it from a I was either MSI afterburner Which I believe it was one of the models back that in the day when it first came out That was defective Because they started having people copying them and repasting them online using their Website that look legitimate Or it was a scheme game Based by Russian Roulette But I also played a few flight simulators as well So I don't know exactly what I got it from but it was a Johnson file And it extracted a crypto onto my computer for crypto mining I had to wipe the computer after I wiped the computer it flip-flopped my keyboard Okay is I believe it got into the boot sector file And was Disguising itself as part of the boot sector operating system so the Cardinal was Not wiping it Even though it was reformatting Windows I know that there's rare viruses that can survive reformations including computer wipes I also know that there is rare viruses that also affect the BIOS known as UEFI viruses that affect only the frameware. Brain on the motherboard what if that gets corrupted we all know that that's a pain in the butt to fix.
bet it doesn't work on 1kb storage of MS DOS
does it work on nokia symbian tho
Bet it wont work on Gigaset home phone.
wow
damn at least i use linux the changes are lower
'ello buddy
Overload their file upload server lmao
Cross Os not platform
Its been removed