About discord webhooks, they have a feature where you can delete them just by having its url, no need for having access to some control over it It's meant to help get rid of leaked links, so anyone can delete it if gets leaked, but also helpfull if you find malware with web hook link
Maybe not just delete them. Most of those trash tier malware comes from other open source skidware projects on GitHub. It's easy to generate fake messages in the exact format, and render the data useless on the receivers' end. :)
Unfortunately since it's behind the website proxy, you cannot delete them in this manner. Still, it's nice to know in case you come across a malicious webhook.
Thank you Eric for showcasing an example of this, since I've never seen it on action. IDEs (Visual Studio in this case) support running code for various reasons (mainly for automation of annoying tasks) at initializing a project, building it, exporting it, etc. This feature can be used for legit purposes, but also to run malware like this "cheat source code" does. Building from source code is not a completely safe process if you don't know *exactly* what you're dealing with. Additionally, not only the projects can be used to infect users, but also plugins, libraries and other components of the IDE that can be changed by the user.
Thank you Eric that you channel exists, this is exactly the type of opsec that we need more of on youtube. Simple demos of behaviours in context. Keep it up thank you 👍
I love "solution" files and other crap that executes arbitrary code for god knows what reason. The next on the list is npm and its pre and post scripts.
Sometimes they do important things that make setup easier. The problem is that we've gotten into the habit of trusting random source code from the Internet. In my day, if there was something wrong, you could blame your coworkers.
They usually come loaded with Visual Basic "prank" scripts (or code that does the same thing). They can also hide the taskbar, disable right-clicking, flip the desktop, make the CD tray open and close sporadically (if you have one), change the wallpaper, display a fake BSOD, etc. They pretty much give you access akin to being physically in front of the machine.
.Net 4 is still supported. It literally says supported versions on the download page you clicked. My guess is they want 4.x since it’s the last version that includes the command line compiler (csc.exe) to build the malware on the target.
If you ever come across their upload area, best to just keep sending random junk to it (made to look like what they are looking for) until it either exceeds their service limit (some free services, which you can also report for abuse) or they get fed up with fake stuff. For tgram bot uploads, it is also possible to delete all of their stolen stuff if you want to (or steal it yourself, to maybe identify and warn the owners of the data).
Crazy how I'm earning a bachelor's in cybersecurity but my University might as well just be a certification Farm atp because I learn everything awesome in the evening from channels like yours.
0:35 the correct option is actually to open with "Visual Studio Version Selector", because if you have multiple versions of Visual Studio, it'll automatically open the it with the version that matches the solution
Just want to add the non destructive removal isnt really something anyone should rely on. If you are hit this ahrs there is only one solution. Reinstall. And even then that moght not be enough if it has embedded itself in other places than your OS.
Is this about FodyWeaver specifically? I've encountered that before because of another developer but I had removed it at the time, seeing it as unnecessary.
As someone who has coded mod menus and programs programs for cod games i had false positives hits running virustotal on them but this definitely has a virus in it lol
hi eric, could you try to look at some JAR files for minecraft, there is a huge community for skyblock (a game on hypixel) and there is a LOT of ratting happening, like every second mod is a rat. could you maybe try to make a video on how to see if code is malicious or not
can't tell you 1. that's dangerous, it can infect your pc involuntarily by accidental clicks 2. bad actors can spread it to cause chaos 3. thats illegal 4. google's TOS says otherwise.
In semi related news, I just got an email about the GTA:SA leak people are talking about. Apparently it is fake and contains a malicious exe, source: www.heise.de/en/news/Leaked-source-code-of-GTA-San-Andreas-allegedly-contains-ransomware-10228731.html
@user-lx2ep9hd4k might be crackable by guessing keywords. Tominecon was a old encrypted mineraft related zip file that got cracked last year. Not by breaking the encryption but by automatically trying passwords from leaks and databreaches
just dont use cheats? its really not that hard to NOT ruin the experience for everyone else, yourself included. Im glad there is malware in this, cheaters deserve to have to re-install windows and lose all their files.
wow thats so cool bro, what a freaking bad ass(sorry for swearing), can i be your friend? NO ONE CARES LMAO. You're literally like 10 years old. Be a good little Timmy and dont go around downloading cheats for online games, it ruins the fun for us adults who just want to relax and enjoy an online video game.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
Can't believe the threat actor tried to viciously paw at you in real time.
big fan
@@randallvargas4457 massive celling fan
About discord webhooks, they have a feature where you can delete them just by having its url, no need for having access to some control over it
It's meant to help get rid of leaked links, so anyone can delete it if gets leaked, but also helpfull if you find malware with web hook link
Maybe not just delete them. Most of those trash tier malware comes from other open source skidware projects on GitHub. It's easy to generate fake messages in the exact format, and render the data useless on the receivers' end. :)
Unfortunately since it's behind the website proxy, you cannot delete them in this manner. Still, it's nice to know in case you come across a malicious webhook.
Holy shit the RAT guy connected!! That's crazy
when? timestamp?
@@UrokLizard 7:16
They have a whole team of exploiters on call 24h. I'm surprised they didn't connect sooner.
the trolling lol
Thank you Eric for showcasing an example of this, since I've never seen it on action. IDEs (Visual Studio in this case) support running code for various reasons (mainly for automation of annoying tasks) at initializing a project, building it, exporting it, etc. This feature can be used for legit purposes, but also to run malware like this "cheat source code" does. Building from source code is not a completely safe process if you don't know *exactly* what you're dealing with.
Additionally, not only the projects can be used to infect users, but also plugins, libraries and other components of the IDE that can be changed by the user.
Thank you Eric that you channel exists, this is exactly the type of opsec that we need more of on youtube. Simple demos of behaviours in context. Keep it up thank you 👍
I love "solution" files and other crap that executes arbitrary code for god knows what reason. The next on the list is npm and its pre and post scripts.
Sometimes they do important things that make setup easier. The problem is that we've gotten into the habit of trusting random source code from the Internet. In my day, if there was something wrong, you could blame your coworkers.
Neat, I didn't know a RAT could invert the mouse click... Now I wonder if my primary desktop got compromised a few years back
U can basically do anything if u have a rat
They usually come loaded with Visual Basic "prank" scripts (or code that does the same thing). They can also hide the taskbar, disable right-clicking, flip the desktop, make the CD tray open and close sporadically (if you have one), change the wallpaper, display a fake BSOD, etc. They pretty much give you access akin to being physically in front of the machine.
.Net 4 is still supported. It literally says supported versions on the download page you clicked. My guess is they want 4.x since it’s the last version that includes the command line compiler (csc.exe) to build the malware on the target.
I wonder what it would be like to watch the bad actor mess around with the vm, what key points they would target, things they'll generally do.
“Hello everybody” not fast enough
If you ever come across their upload area, best to just keep sending random junk to it (made to look like what they are looking for) until it either exceeds their service limit (some free services, which you can also report for abuse) or they get fed up with fake stuff. For tgram bot uploads, it is also possible to delete all of their stolen stuff if you want to (or steal it yourself, to maybe identify and warn the owners of the data).
Eric is probably one of the best channels to watch when you have to wake up in 4 hours. cool stuff analysis, good software/general advice.
hey eric! just wanted to let you know that i really value your videos and that i have learnt a lot.
I’d love to see what the threat actor does once they connect to the machine, out of morbid curiosity
Crazy how I'm earning a bachelor's in cybersecurity but my University might as well just be a certification Farm atp because I learn everything awesome in the evening from channels like yours.
13:04 an “x client” could also refer to a client for the x windowing system, which may be more common
You can delete a discord webhook via api stuff. you dont have to work at discord to do it.
if we don't know the actual webhook.
@ oh fair point. there is always ways to reverse engineer. i dont know how the webhook gets stored for the website baaed stuff through.
0:35 the correct option is actually to open with "Visual Studio Version Selector", because if you have multiple versions of Visual Studio, it'll automatically open the it with the version that matches the solution
Doesn't really matter considering this is a VM & not some kind of tutorial on using visual studio.
@Lorh_o yeah, doesn't really matter in this case, I just wanted to point it out
I find it at least a novel way to get around Data Execution Prevention. I suppose this explains why VSCode implemented trusted workspaces and such.
5:06: wtf was that RAR file …
Just want to add the non destructive removal isnt really something anyone should rely on. If you are hit this ahrs there is only one solution. Reinstall. And even then that moght not be enough if it has embedded itself in other places than your OS.
Not really done other than by state actors.
You are misinformed @@FadkinsDiet
5:20 what the hell, i just saw when the video was posted, but i knew about this type of code execution for like half a year, damn Microsoft
Is this about FodyWeaver specifically? I've encountered that before because of another developer but I had removed it at the time, seeing it as unnecessary.
What distro did you use to film this? (I saw you using KDE Plamsa when configuring the VM)
As someone who has coded mod menus and programs programs for cod games i had false positives hits running virustotal on them but this definitely has a virus in it lol
will you make a video about nl hybired my anti viras say it a virous but they say it is a false posotive
hey Eric what is the oficial download for process explorer?
microsoft store sysinternals suite
@@jakem5039 Thanks!
can you make video about NL Hybrid please!?
Wait, am i correct to assume this malware doesnt check anything Firefox related since it only looked at Chrome and Edge?
Not worth it, Firefox has such small market share
@@FadkinsDiet Meaning im immune to this malware! (not really lol but atleast the session grabber)
it steals firefox too
Can you see if roblox executor: Solara is a malicious program?
Lesson: Never get cheats for video games
Lesson: Download from trusted sources, and check whatever you're installing
@@chief-u3f That one too
Or if you do at least don't be a fool about it
Just create them yourself
@@chief-u3f That one too (RUclips deleted my reply :()
hi eric, could you try to look at some JAR files for minecraft, there is a huge community for skyblock (a game on hypixel) and there is a LOT of ratting happening, like every second mod is a rat. could you maybe try to make a video on how to see if code is malicious or not
ps i could show some examples which are well known
Can you check if project nocturno is legit?
hey, where did you download FRST64, whats the source?
can't tell you
1. that's dangerous, it can infect your pc involuntarily by accidental clicks
2. bad actors can spread it to cause chaos
3. thats illegal
4. google's TOS says otherwise.
that's crazy someone tried to crash the party lol
Is this a new exploit?
ye
Why you did this on Windows 10?
Can you make a video about NLHybrid i don’t know if it’s a virus or not
It's safe i used it and so does my friend who was a old mod
MS-HTA vs MS-Heych-TA
FIGHT!
FIGHT vs FIGCHT
MS-Hoo Tee Aaa
lets all love lain
for me xclient sounds like something for X11
I am not gonna download anything no more
Yo E can you do one on pulover's macro creator they say it has malware.
This was a very neat video, today I learned.
paws at eric
bot
@@grekandrew8995 im not a bot...???
nap time for you
@@Vaximous eepy
:3
yo i'm on time
omg miku hi big fan
@KayleighOwO your name seems familiar
@miku10v3 meow :3
@@KayleighOwO meow~ :3
Comment to boost the algorithm, incredible work
yea if that happens to me im just installing windows again
In semi related news, I just got an email about the GTA:SA leak people are talking about. Apparently it is fake and contains a malicious exe, source: www.heise.de/en/news/Leaked-source-code-of-GTA-San-Andreas-allegedly-contains-ransomware-10228731.html
It's fake news. The real one is called gtasasc.7z while this guy shows gtasa.7z
As for the real zip, nobody knows the password
@user-lx2ep9hd4k might be crackable by guessing keywords. Tominecon was a old encrypted mineraft related zip file that got cracked last year. Not by breaking the encryption but by automatically trying passwords from leaks and databreaches
The irony of using Opera while analyzing malware
Also, inverting the mouse buttons may indicate the RATer being left-handed.
no he just spammed every "fun" feature existing in their malware
@ Yeah, probably.
so the antivirus are scam..
child birth is a scam.
he used xworm on the vm
NOO WAYY THATS CRAZY!!!
Just don't use cheats off the internet. Make your own.
Just don't play games that you need cheats to play. Make your own games.
@@hereniho Don't play on the operating system just make your own.
just dont use cheats? its really not that hard to NOT ruin the experience for everyone else, yourself included.
Im glad there is malware in this, cheaters deserve to have to re-install windows and lose all their files.
@@selectionn Who ruined your Fortnite experience? People are gonna cheat, might as well be smart enough to make your own.
Shit's scary
hi eric parker
So this is a Microsoft specific exploit? One more reason to not use VS Code.
:clueless:
@@min3craftpolska514 You forgot to write anything in your comment.
I hate microsoft
We all do, mate. We all do.
@@какойтошизик What would happen if microsoft suddenly lost all windows source code after Windows 7?
thanks eric
ok
hii
Why are there so many children here asking you to look at roblox malware 😂
eric i love you
wtf
hi
Hi
damn
i know the owner of this
skid alert 🚨
how to get caught making malware: befriend someone like this
ericsniped
conclusion: only aquire open-source software from trusted code hosting websites, like github, gitlab, gitea, sourcehut, etc
Lol there is so much malware on github he's even made a video about it
@@mrtz187 I used gitea for our team. highly recommend
git will let anyone post anything.
no, conclusion: don't download project files, build it yourself instead & check the source code before.
@@monkaSisLife are makefiles safer?
WAKE UP F1LTHY
Type shii
crazy how im friends with the guy who made this xd
💀
wow thats so cool bro, what a freaking bad ass(sorry for swearing), can i be your friend?
NO ONE CARES LMAO. You're literally like 10 years old. Be a good little Timmy and dont go around downloading cheats for online games, it ruins the fun for us adults who just want to relax and enjoy an online video game.
blud youre a snitch
yo eric, you should chekc out exit lag, ive seen rumours about it being a RAT and i have it and am a little worried
hi
i know the owner of this
if u want more info, reponde to this message
and if u wanna know where its hidden just repond
@@塞kyoto塞 12 year olds thinking they are cool lmao so cringe
sugma