Cities Skylines II Malware [FULL REVERSE ENGINEERING ANALYSIS]

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии • 168

  • @jacobnelson9789
    @jacobnelson9789 13 дней назад +13

    As someone studying Cyber Security, who is currently doing Malware and Exploit Analysis, this is such amazing content. Thanks John

  • @JeffNoel
    @JeffNoel Месяц назад +108

    Ohhh this will be good. When John posts a video of that length, you open Obsidian and start taking notes.

    • @alexdefoc6919
      @alexdefoc6919 Месяц назад +3

      Notes like how to or how to not......? 😂

  • @MrDeineZehe
    @MrDeineZehe Месяц назад +23

    Im watching you for a couple years now, and i love this deep dive. As someone with a casual intrest in software security this is amazing. Please keep doing those. The length of the video might be problematic for the youtube algorithm but i want to tell you i love it!

  • @KaungKhant-yz8nd
    @KaungKhant-yz8nd Месяц назад +10

    Have no idea the process for about 2 hour video but have fun watching and learning how professionals doing reverse engineering till the end while feeling imposter syndrome. Thank you

  • @cinder9912
    @cinder9912 24 дня назад +4

    even if I did plenty of malware analysis myself, I still picked up a few extra tricks from this video. Thank you John, your analysis was amazingly done and I loved it from start to finish!

  • @zombies1238
    @zombies1238 Месяц назад +11

    Super detailed analysis and I'm quite happy to see much of the cyber security scene come together to show how this attack would work. Makes me sad to see some developer tried to mess with mods. This is another example of why you don't need 10,000 different launchers.

  • @Kylle812
    @Kylle812 Месяц назад +4

    I love videos like this. Watching John investigate how it all come together, is very interessing to watch.

  • @johnsully96
    @johnsully96 Месяц назад +19

    This is exactly how Disney got busted with BeamNG mods. Crazy to see in yet another place and thanks for the breakdown! Fascinating stuff.

    • @TheWanderingNeko
      @TheWanderingNeko 11 дней назад +1

      disney? beamng? what happened?

    • @SkullModder
      @SkullModder 7 дней назад

      @@TheWanderingNeko quick search says someone at diney download a beamng malware mod which got the company infected and data stolen.

  • @fdert
    @fdert Месяц назад +2

    this was a lot of fun going through this with you! great education, thanks john

  • @kapstersmusic
    @kapstersmusic Месяц назад +5

    Wow. Impressive skills. Don't mess with John Hammond!! Thanks for posting something so in depth.

  • @mintshock
    @mintshock Месяц назад +26

    ❤ Thanks for covering this. And I would like to give my full appreciation for you and the community for looking into this. Your guys quick and Understandable analysis has helped restore peace of mind for many people in the CS2 community.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +3

      It hit very close to home, for me. I don't like people destroying my hobby. :(

  • @scoopp3902
    @scoopp3902 13 дней назад +1

    Banger video, not enough long form C/C++ RE content on RUclips!

  • @jayrizzo1454
    @jayrizzo1454 12 дней назад +1

    Impressive. Good video. Thanks for sharing random 1am video suggestion but good stuff.

  • @daddelcrafter3874
    @daddelcrafter3874 Месяц назад +2

    Usually dont comment but this was a great one! Love the indepth talk. Thinking about going for maldevacademy right after finishing up my OSCP

  • @liveemt
    @liveemt 13 дней назад +1

    Great Video! Fantastic help, and teaching tool. AS a person who was effected by this hack and spect several days on wireshark watching activity; it's great to see what it was actually doing!!!

  • @JadeLockpicker
    @JadeLockpicker Месяц назад +4

    Having seen the bit from low level and mentioning this was on the way, I've been waiting. Oh boy, did this deliver on what I wanted.

  • @johnwesolowski1134
    @johnwesolowski1134 Месяц назад +2

    Really love these longer vids of you reverse engineering malware or dissecting through the code of malicious files :)

  • @EricParker
    @EricParker Месяц назад +69

    The binja virus is spreading.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +7

      Thanks for your video, Eric! I originally approached this in Ghidra, but that function that packs the exe into all those mov instructions doesn't de-compile in Ghidra (or IDA for that matter). Asked about it in the OALabs server, and Xusheng, one of the Binja devs, has been SUPER helpful as he helped me take a look at it in Binja. :)

    • @LowLevelTV
      @LowLevelTV Месяц назад +15

      ghidragang ghidragang ghidragang

    • @vroometernal
      @vroometernal Месяц назад +3

      wow its my favourite f5 youtuber

    • @EricParker
      @EricParker Месяц назад +6

      @@LowLevelTV Even low level is cheating on IDA now. Poor thing.

    • @Yadobler
      @Yadobler Месяц назад +1

      Using nixos, binja seems to be the only thing that works out of the box. IDA does its own installation thingy that fails, and ghidra explodes because of java issues

  • @dataolle
    @dataolle Месяц назад +1

    Love the longform videos! Great stuff!

  • @MyRandomness987
    @MyRandomness987 Месяц назад +2

    This video is amazing!!! Love to watch you work!! I think a really good video if possible, when you unpack another malware or whatever, do a live stream and maybe have people from the white hat would on with you and make a really fun live vid!!! I wish this video was longer lol. I always learn so much from your videos!

  • @monkaSisLife
    @monkaSisLife Месяц назад +7

    1:25:18 is this related to minecraft?? Default Minecraft port is 25565

    • @blorger
      @blorger 12 дней назад

      probably just a random port commonly open

    • @jellylovecz5475
      @jellylovecz5475 11 дней назад

      @@blorger I suggest you're both right
      This port being the default for Minecraft servers makes it a commonly open port

  • @deejayphroh8265
    @deejayphroh8265 Месяц назад +1

    Wow you are thorough. great analysis. great video!

  • @xprowler404x
    @xprowler404x Месяц назад +3

    woah i was lisrening not realizing this was fresh, john i enjoy the content and i'm a 2nd year in cybersec (in part thanks to ur vids) so thanks for inspiring me

    • @xprowler404x
      @xprowler404x Месяц назад +1

      OH THIS IS A PEBWALKING malware! omfg i was just researching this yt algo strikes again

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      @@xprowler404x This malware does some really cool stuff! Does some "manual" syscalls, too...

  • @mikehenkelman2111
    @mikehenkelman2111 Месяц назад +2

    You're always awesome to watch John, never cease to amaze me with your level of expertise at such a young age!

  • @locknessko
    @locknessko Месяц назад +1

    A very moreish sample. Thanks for the shoutout!

  • @maximelenfer6280
    @maximelenfer6280 Месяц назад +7

    You should make a script/app to have a grey window with a low opacity placed where your camera is so you can still see through but know what we can't see on the video!

  • @ceka50
    @ceka50 15 дней назад

    Woke up sunday morning and somehow this came up on my feed so I was laying in bed half asleep watching this. I don't even watch any other malware/reverse engineering videos.

  • @guled493
    @guled493 Месяц назад +2

    That was amazing. learnt a lot from that. keep up the good work.

  • @godlia_
    @godlia_ Месяц назад +7

    Port 25565? as a minecraft kid that gave me whiplash

  • @mytechnotalent
    @mytechnotalent Месяц назад +4

    Interesting breakdown John. Binary Ninja definitely is incredible. Got lost a bit in some of the __scrt functions.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +2

      Each compiler has a different startup, but as you go through samples, you will learn the paths to the user main code. There's also other paths, potentially, but I usually just go through the entry point.
      Another good thing you can do is use different languages (Rust, C++, C) and compile exes and dlls and figure out the path to user main. Can help a lot using a PDB as well. Make sure you also try different tool chains, like MSVC and G++ will generate different startup code and a different path to user main.

  • @The1RandomFool
    @The1RandomFool Месяц назад +1

    I really liked this in-depth reverse engineering video. I want to see more like this.

  • @tukaram4606
    @tukaram4606 Месяц назад +1

    thnx for this master piece John 🙂🙏

  • @frfr108
    @frfr108 Месяц назад +1

    these videos are awesome. Incredible work

  • @jovanhimal669
    @jovanhimal669 Месяц назад +5

    The binary ninja you have used is - is that free edition ?

    • @nordgaren2358
      @nordgaren2358 Месяц назад +4

      Yes! Everything we did in this video was done with the free version!

  • @Swanky2024
    @Swanky2024 Месяц назад +2

    I've used a ton of game mods in the past. Also downloaded indie games from around the internet. Stupid in hindsight probably. I'm pretty sure i've seen dll around. It might not be typically nefarious, but is there a way for me to check? I take it a normal microsoft defender search won't pick up on the PEB thingamajig.

  • @CX330Blake
    @CX330Blake Месяц назад +2

    Hello John, I’m wondering what’s the best decompiler in ur opinion, Binary ninja, IDA or Ghidra? It will be helpful if you can made a video for it! Thanks for reading and BTW I love this video’

    • @nordgaren2358
      @nordgaren2358 Месяц назад +3

      I think it can really depend on what you are doing, but, Binja is REALLY good for malware. I have really been enjoying it. Ghidra is good for collaborations, with it's server capabilities. It is a bit more obtuse to use, but it's still good. I haven't used IDA, much at all, so I can't really tell you how that compares.
      For this video, I originally approached the de-compilation in Ghidra, but some things let me to try out Binja (Mainly that big function that doesn't de-compile with Ghidra at all. I really liked the de-compilation of stage 2 with Binja, so John and I decided to use Binja for the entire video, but I will say there are one or two places where Ghidra does a better job interpreting the disassembly and generating a better de-comp.
      All in all, it doesn't hurt to know/use multiple tools!

    • @CX330Blake
      @CX330Blake Месяц назад

      @@nordgaren2358Thanks for replying! Just wondering which should I buy lol, but it looks like Binja is the best choice for now I guess.

  • @realname5630
    @realname5630 Месяц назад +1

    Yeah, very good and I learned a lot. Thanks 🖤

  • @pinkerdroit
    @pinkerdroit Месяц назад +1

    Always been lacking trust to download Mods for games... 😩 Cheers for this in-depth long video! 💛🌟👍

    • @dagda1180
      @dagda1180 Месяц назад +1

      Steam's workshop is generally safe, as well as Nexus. Nexus specifically runs mods through virustotal, and if that's not possible it'll have to be manually reviewed.

  • @fastman7772
    @fastman7772 Месяц назад +3

    I learn a lot from this. This is my first experience of reverse engineering.

  • @DavidAlvesWeb
    @DavidAlvesWeb Месяц назад +6

    Your effort on this one didn't go unnoticed my friend :)
    What a video! 🥇

  • @ZomgLolPants
    @ZomgLolPants 13 дней назад

    i'm drunk, have no background in cybersecurity, and entertained as hell by this.

  • @justinolsen488
    @justinolsen488 Месяц назад +2

    Game announcements get posted to steam and paradox forums

  • @freddyrene960
    @freddyrene960 11 дней назад +1

    I have no idea what this is or whats going on, but im here

  • @nordgaren2358
    @nordgaren2358 Месяц назад +4

    I don't remember if you mentioned it at the specific part it comes up in the stage 2 binary, but stage 2 also grabs the syscall value out of the virtual protect function from ntdll and calls it manually by writing the machine code to one of those allocations it makes.
    Such sophisticated techniques for such a dud payload! Haha!
    🙏

    • @nordgaren2358
      @nordgaren2358 Месяц назад +1

      @@gooniesfan7911 I am not sure if they needed to do this on most windows machines, or not. It's perplexing, because I would say it's not a novice technique.
      detection can be really fickle. The big reason they are using the NtVirtualProtect calls is to write an inline hook in that name mangled V8 export that the binary will call on occasion. I do this all the time in my DLL mods, though, and all I do is import the function normally. They rarely get flagged by anti virus, too. Sometimes they do, but it's hard to tell what caused it, some times.

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      @@gooniesfan7911 I don't know that it does. I think it would effect some stuff from the C++ std library, as it changes over time code wise, as well as possible the types of optimizations available, which could change the generated machine code, and maybe some different registers for holding values.
      Who knows with the obfuscation, too.
      The specific compiler would be needed if you wanted to recreate the malware from scratch and get an identical re-compilation. They do this a lot with old games.

    • @bugzorc
      @bugzorc Месяц назад +1

      ayo nord, man if you might find time to sit down, write up a roadmap on how to understand this shit in depth, would truly appreciate it or a send a link

    • @nordgaren2358
      @nordgaren2358 Месяц назад +1

      @@bugzorc can you find me on Discord?

    • @bugzorc
      @bugzorc Месяц назад

      @@nordgaren2358 yah sure what's ur @

  • @Bunny99s
    @Bunny99s Месяц назад +1

    Isn't it possible to essentially create constant list out of the dll name / function name list so binja could replace the hardcoded values with the constant name? That would simplify the "lookup".

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      Right now the only way I can figure out how to do this is to make some enums.

  • @nemplayer1776
    @nemplayer1776 Месяц назад +2

    The reason the python code had the else output as well in the for-else loop is because else runs if there is no break in the original for-loop, if you put break after printing everything out it wouldn't have ran. Nothing big but just a sidenote.

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      It was just because of the decomp. Ghidra shows it much clearer.
      The code is actually pseudo C

    • @nemplayer1776
      @nemplayer1776 Месяц назад +2

      @nordgaren2358 I don't think you replied to the right comment my guy

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      Ohh, you are talking about his python code for the hashing algo. Yes. My bad.

  • @maxmoon3162
    @maxmoon3162 Месяц назад +1

    Exactly this type of content!

  • @soundslike8454
    @soundslike8454 17 дней назад

    This is definitely one of your better videos (at least for us reverse engineering nerds)

  • @dimatter
    @dimatter Месяц назад +4

    who new Seth Rogan was into RE as much as weed 😯

  • @visionary4787
    @visionary4787 Месяц назад +17

    This whole situation feels like a warning shot. With gaming increasingly relying on mods and user-generated content, there needs to be a system in place that helps safeguard players. This could be stricter moderation, better security on mod distribution sites, or even in-game warnings for players about the risks of third-party mods. In the end, this incident underscores an important reality: that even in a community built around fun and creativity, we have to stay vigilant to protect ourselves from evolving cybersecurity threats.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +4

      Well, we actually have a lot of this. Game will warn you that using mods is risky. Nexus mods sends things to Virus Total, posts that report publicly on the mod page, and if there's something suspicious, they have someone verify it, internally.

    • @sirseven3
      @sirseven3 Месяц назад +2

      A warning doesn't really go far. People read less and less the more we progress as an information age society. The responsibility should be on the site hosting these third party mods.

    • @XDRosenheim
      @XDRosenheim Месяц назад +2

      > or even in-game warnings for players about the risks of third-party mods.
      This will do literally nothing. People will press "okay" and continue anyway.

    • @JamesHalloway_24
      @JamesHalloway_24 Месяц назад

      @@nordgaren2358 virustotal is only useful if the program is well known though

    • @dagda1180
      @dagda1180 Месяц назад

      @@JamesHalloway_24 There's always a risk, correct. However, in the majority of cases viruses added to mods tend to be "malware as service" additions.

  • @gardian06_85
    @gardian06_85 14 дней назад

    regardless of how the mod developer's machine got infected, or the end exfiltrated information. This could easily be seen as an exploit of being able to get passed AV/AM by not having the payload not explicitly written directly in the dll or exe (this could happen in mac and Linux as well kind of) to then have that injected application be executed, and because it never existed as a file AV/AM never gets a chance to evaluate it. at some point AV/AM would need to have access to active memory in order to intervene, but this functionality is almost necessary for JIT in the first place.

  • @jimkats1
    @jimkats1 Месяц назад +3

    I would assume this malware would be reused as it's quite an effort to obfuscate all these within a dll for a crypto wallet that very few people from the target audience would use. I know that even from the few victims the threat actor would still make a lot in return, but still this quite an effort, assuming the person who pushed the update to the CS2 mod is the same who did for the GTA5 one.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +1

      Yea, I am interested to see if this sample shows up again with a different function. The packing was interesting.

  • @Luna_Midori5
    @Luna_Midori5 Месяц назад

    I looked up flare and the model was odd, no priceing on most pages when I did, it was confusing, is there a open scr or self hosted ver that could use LLMs or other tech to check?

  • @crudmonkey
    @crudmonkey Месяц назад +2

    The 11/13 date for that mod creator’s password showing up in flare at the end is concerning…

  • @chsovi7164
    @chsovi7164 Месяц назад +8

    "more often than not" seems a bit of a stretch

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      I think he means if you're just download mods off the internet, as he mentioned trusted modding sites right after.

  • @MizunaGames
    @MizunaGames Месяц назад +1

    "More often than not" seems a bit hyperbolic. My 2000+ mods in Skyrim beg to differ.

  • @biocode4478
    @biocode4478 15 дней назад

    "more often than not" is an insane way to open this

  • @ItsQualitycontent
    @ItsQualitycontent Месяц назад +1

    A few years ago this happened in Minecraft.
    When you got a infected plugin it would infect all the other plug-ins and when devolopers published an update on the forums the chain contenued

    • @nordgaren2358
      @nordgaren2358 Месяц назад +1

      That was much worse than this, actually. This could have been pretty bad, too, but fracturizer was nuts!

    • @afraid2letgo
      @afraid2letgo Месяц назад

      Really? Do you remember the name of the author/plugin? I'm struggling to recall this situation 😵‍💫

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      @@afraid2letgo just look up fracturiser

  • @suntracker844
    @suntracker844 Месяц назад

    John is that the MX master 4?

  • @ai_is_a_great_place
    @ai_is_a_great_place Месяц назад +5

    I was the 1k like but I also didn't understand a single word and idk why I watched expecting it to suddenly understand it. But then the bitcoin site popped up and I completely agreed that is was sussy sus 😏

  • @jovanhimal669
    @jovanhimal669 Месяц назад +2

    OMG, this is so good, I wanted to deep dive into some dammn dlls, I know some

  • @Denzarki
    @Denzarki 13 дней назад +1

    Do i know wtf is going on? No.. are you blowing my mind.. yes..

  • @professionalcat9928
    @professionalcat9928 Месяц назад +3

    oh my god finally another reverse engineering video

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      Been trying to find more interesting malware, so we can have more of these RE videos. :) Send it our way, if you find some!

  • @vic028
    @vic028 13 дней назад +1

    Came here for cities skylines, stayed for reverse engineering and some sleuthing!

  • @masteryourmind2760
    @masteryourmind2760 Месяц назад

    I got a serious question. Where is the difference in a password of lets say 24 characters of just random placed 0 and 1 and a mixed password with letters, numbers and special characters within the same amount of characters? Beside the max possibilties of course.
    Edit: had a typo

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      That's pretty much it. Max possibilities skyrocket, because it's exponential each character you add.

  • @BizzarFunker
    @BizzarFunker 12 дней назад +1

    You got a nice chair

  • @motokokusanagi7375
    @motokokusanagi7375 Месяц назад +2

    Sick stuff, loved it!

    • @sleepymincy
      @sleepymincy Месяц назад +2

      Wow you watched that hour and a half (EDIT: actually almost 2 hours) video fast!!

  • @anonExploit1_0
    @anonExploit1_0 Месяц назад +1

    nice brother

  • @xpltd1
    @xpltd1 9 дней назад +1

    your smart.

  • @aronm5329
    @aronm5329 Месяц назад +1

    Paradox use to allow mods through steamfor CS1, they stopped because they said thier own proprietary would be safer 🙄

    • @jimkats1
      @jimkats1 Месяц назад

      They still allow through Steam for CS1. Paradox Mods is for CS2 only.

    • @tobbakken2911
      @tobbakken2911 Месяц назад +1

      They didn't say anything about being more safer, but people that don't have their game on steam (Microsoft) and for consoles to have custom maps and assets. Also the dickering is insane for steam workshop for some reason, stuff like this could happen anywhere

  • @Freeben2A
    @Freeben2A Месяц назад +2

    And that's why you use air-gapped hardware wallets for crypto-currencies...

  • @Rogueferula
    @Rogueferula Месяц назад +1

    More please. :)

  • @ntolman
    @ntolman Месяц назад +5

    Meh. I'm going to continue using mods in my games. Downloading ANY program you cannot personally verify as safe is risky, and yet you do it every day.

    • @nordgaren2358
      @nordgaren2358 Месяц назад +3

      I think it's just important that we understand the risks. Most of my mods are DLLs that don't have any exports, because they are meant to inject themselves into the game and patch code and data. This makes it harder to determine what is and isn't malware, although FastMath.dll with no exports is a dead giveaway. My mods are also all open source, and if anyone wanted to, they could compile it, themselves.

  • @Prodigy1329
    @Prodigy1329 Месяц назад +2

    I love the content, I love the educational aspects of it
    I detest that this opens with "more often than not, the [mod] will be malware"
    Can we please not with the fearmongering? I've been playing and modding games for 15 years and can count on one hand the number of malicious mods I've downloaded. The vast majority, as long as you're coming from a reputable source, are perfectly fine.
    Yes, there is a chance it slips through the cracks and you can get bad actors hiding in plain sight, but that definitely doesn't constitue "more often than not".
    The ONLY defense I can see in this is if it's very specifically talking about game hacks and game trainers, which are not "mods", they're cheats and hacks. Very, very big difference, and when lacking context within the first 30 seconds of a video from a cyber security expert, can be horrifically misleading.
    Do better, John, please.

    • @_JohnHammond
      @_JohnHammond  Месяц назад +2

      You already stated the stipulation, "as long as you're coming from a reputable source". How many reputable sources are out there? Single digits? Compared to all the possible sources on the Internet? (spam, ads, any number of the RUclips video offering mods downloads, Mega, Google Drive, gofile, etc..). Thinking of forums like Nexus Mods or CurseForge is just two places-- not a majority.

    • @schwingedeshaehers
      @schwingedeshaehers Месяц назад

      @@_JohnHammond steam workshop, paradox forums, sometimes for minecraft, the server of the project but have to be looked up, and github

    • @Prodigy1329
      @Prodigy1329 Месяц назад

      @@_JohnHammond At best, that's an ignorant take. At worst, it's malicious.
      Nexus has over 10 billion downloads, Steam Workshop is built into the most popular storefront in PC gaming. If you search for anything on PC modding, you'd be hard-pressed to find a malicious source over Nexus, Steam, ModDB or the official forums.
      I'm not disagreeing that there's few of them, but the mod in question you're talking about came from the official game forum.
      What you're saying is akin to "every word document you download is malicious because there are more malicious sources than there are safe". Yes, sure, on paper it's not wrong, but it's not using common sense either. Most word documents you'd be downloading aren't coming from a sketchy website, it's coming from a source you trust.
      So please, don't make silly blanket statements that all mods are bad, it's a bad take and hurts the wonderful modding communities out there. Instead, educate that even trusted sources can be unsafe and to take proper precautions.

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      @@Prodigy1329 So you didn't finish the sentence?

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      @@schwingedeshaehers Look up fractureiser.

  • @jacknapier7092
    @jacknapier7092 Месяц назад +1

    Holy crap i wish i could do this

  • @vroometernal
    @vroometernal Месяц назад +2

    next time just go to 0x1000

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      But that isn't always something you want to look at. We started from entry, because we can track down the order of things. With the second stage, this brings you to some library code and the function that sends the data to the C2, but you don't really get to see how this function gets called, because the function that calls it is a dead end.

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      There's a lot of ways to RE the same sample :)

  • @AaronKreider
    @AaronKreider 13 дней назад +1

    "More often than not, the mod will be malware" That's just false. Don't spread lies.

    • @AaronKreider
      @AaronKreider 13 дней назад

      You have one example that was short lived. It's most likely that your risk is significantly below 0.1% - not 50.1%.

    • @nordgaren2358
      @nordgaren2358 3 дня назад

      @@AaronKreider You will need to list sources for this claim.

  • @sapiente9112
    @sapiente9112 Месяц назад +1

    GENIOOO i

  • @BaloneySandwichWithKetchup
    @BaloneySandwichWithKetchup Месяц назад +1

    "more often than not"? *really bro?*

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      He means random mods off the internet.

  • @HexaLabCheats
    @HexaLabCheats Месяц назад

    John when are we getting an official John Hammond onlyfans?

  • @Ourgekj
    @Ourgekj Месяц назад +1

    Downloading mod for game is safe when the modding method is sandboxed and don't allow DLL injection like CS2...

    • @nordgaren2358
      @nordgaren2358 Месяц назад

      That's not true either, unfortunately.

  • @cameron5465
    @cameron5465 Месяц назад +1

    4?!

  • @minhducnguyen1271
    @minhducnguyen1271 Месяц назад

    I see no 7 so 7!!!

  • @SEKIRO-g4v
    @SEKIRO-g4v Месяц назад

    Who wants to become a global hacker?

  • @DarthWindu14
    @DarthWindu14 Месяц назад +1

    6

  • @georgidimitrov8571
    @georgidimitrov8571 Месяц назад +1

    3

  • @NitrogenXP
    @NitrogenXP Месяц назад +1

    2

  • @frizzykid100
    @frizzykid100 14 дней назад

    Your introduction is ridiculously alarmist. "nothing is safe! Your mods are hiding malware!"
    This shit happens. There are always bad faith actors. There is insentive from the communities that host these mods to make sure they are safe because it's also a threat to their own operation too..

    • @nordgaren2358
      @nordgaren2358 3 дня назад

      Nothing is safe, though, and telling people that it is, is doing them a disservice.

  • @HelloThere-xs8ss
    @HelloThere-xs8ss Месяц назад

    bro talks *at* people

  • @HartRussell
    @HartRussell 12 дней назад

    “More often than not”…. Not even close. I’d go so far as to say the vast majority of Mods do not have malware

  • @xppaicyberr
    @xppaicyberr Месяц назад +2

    1

  • @iamwitchergeraltofrivia9670
    @iamwitchergeraltofrivia9670 Месяц назад +1

    More malware 😊😊😊😊 malware 2025 📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈📈