How not to Pirate: Malware in cracks on Github
Вставка
- Опубліковано 15 тра 2024
- How NOT to pirate, do not download cracks off github, you are likely to be hit by an infostealer that will hack your accounts.
Safely explore the dark web with Flare: hi.flare.io/pcsecuritychannel... (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - Наука та технологія
Let's say we installed a info stealer, Is there a way to prevent it from reading cookies?
I also want to know the answer of this question.
Not really. You are kinda fucked when you download the infostealer.
Immediately disconnect from the Internet then Investigate
@@Plazmal You could... But who has that time lmao
It reads your cookies at the exact milisecond it starts to run. And your data is already sent to a server (probably) overseas somewhere
pirating from github 💀
ikr who tf pirates from github
Not that Github isn't a mess anyway. 😅
Eyebrows were raised 😂🤦🏾♂️
Tbh best KMS script is hosted on github
@@ForDeath16I just used this and it had me doubting myself for a second loll thank you
A download button in github? That's suspicious.
I never managed to see one.
And the link is from another repository 💀
Easy to download on GitHub? Hmmm sus
gets me every time
I instantly noticed the download button to be a different repository. Major red flag.
You should see how stupid phishers are in emails it's gullible that people don't check and trace headers for any signs of flaws or have a link checker someone tried phishing my brother by claiming he didn't pay for his "Apple" phone when he never even bought one I called them out and they never replied and the funny part is the idiot was using his gmail what fucking idiot uses their own gmail to try and click bait someone?
As Thio Joe shows you can upload a file as a comment to any repository and it will show that repository url as the source of the info stealer .zip file
@@user-cl1rq1sg8m I know. And they didn't even bother to do that.
@@user-cl1rq1sg8m Here the file appears to be in a release, not as an attachment, since you can upload any files to repo releases. (not tags)
EDIT: examined the repo, looks like the user themselves released the malicious zip, the code itself belongs to some kind of role manager app?
Usually, software released on github doesn't have a direct download link and instead has a download in the "Releases" tab since things can change with each version.
It doesn't mean that if it does that it's safe, no, it still could be malware, but the telltale sign is a sketchy download link.
No smart person uses Google results to search for pirated software. You just use reputable websites which Google of course doesn't show on search results.
Disagree on that one for video games
@@staying_substantially6186 what do you mean?
@@staying_substantially6186 all sites that google lists when you type cracked are straight-up malware wdym?
@@staying_substantially6186 who tf uses google search for games? You go directly to fitgirl and the likes.
@@staying_substantially6186 opposite for me, most things on google arent that good, excluding a few. General search results, not reddit
You can def legally upload malware on Github but u have to write "Those files are dangerous and shall be ran on isolated environment for testing purpose". If the repository miss this statement , the author is trying to social engineering. Github itself can't stop this attack effectively, cuz (again) malware can be uploaded legally in some scenarios.
I will legally steal your Social password 😊
For teaching purposes you would make the user input their own dump IP instead
@@wsg1231yes dadi
...yes they can. It's their platform thus they can do whatever they want on it. My God, people are stupid these days.
You should be using the wording "allowed by their ToS" because literally no state in the world legally allows info-stealing never mind in the form of malware.
My favorite part about cracks (in this case for Microsoft's Office) is that only Windows Defender recognizes it as malicious software while other antiviruses don't.
because microsoft flags software they dont like as malicious, even if isnt.
Bro you don't download crack for Microsoft office 💀
@@Oruta563 You used to not long ago. I think many people still use older versions of Office so they don't have to do the 365 version (which was Microsoft's attempt to stop pirating).
@@in_vas_por8810So is MS office virus?
@@Oruta563You can absolutely crack office365
I just love the fact that every cyber security tip leads to "Just don't run anything untrusted on your device" at the end
When it comes to digital anything, it's always about trust. Piracy isn't actually any different in that regard.
That's just the ethos of digital security.
Windows for example 😅😂
What if i don't trust any software?
@@globalist1990 Not even a program you wrote yourself?
@@globalist1990 then good luck man life is hard for you
It's not even just softwares, even "corn" videos too. I think it's very keyword specific, like if you search for leaks, google will return results from github too. Very modern day limewire I'd say.
That readme should already bring up a huge red flag
Why is that?
Only having readme and the license on the GitHub, and having the download button, that downloads the whole software on the readme is completely wrong anyways. Real and legit piracy tools are going to be some sort of patcher with the source code provided and the download is going to be always on the "Releases" tab, and the readme going to tell us how to exactly use the tool and sometimes it is simply a CLI tool meaning you need to run some sort of terminal first and pass in some argument / parameters. Only thing you have to worry is the tool probably won't work "on your machine".
a github repo even having a download button is a huge red flag, like..... just build
Says readme is a red flag
Proceeds to not elaborate why
I downloaded the file (dont try at home) and Kaspersky did not detect its hash. It only detected it after I did an "in depth" scan. Virus total also shows that none of the popular antivirus software recognise the hash. What a joke, the file has been up for 2 months.
> I downloaded the file (dont try at home)
I mean, it's not downloading a virus that gives you a virus, it's opening the virus after downloading it but i get it
@@erroroliver this file isn't the virus though so it will never be detected as such, this file downloads a chain of viruses that continuously download more in order to scrape as much of your data as possible. its not like an active keylogger, they just searched for all your saved passwords from your web browser and all currently logged in apps and dumps all the info it gets so if every virus it downloaded isn't blocked immediately by your antivirus then your passwords are all compromised. i was dumb enough to fall for it a couple months ago and had to re install my operating system because for every 1 virus you detect they have downloaded 3 more. weird part to me is they only took my steam, reddit and instagram. also it detects if you run a windows scan and shuts off your pc lmfao
Yep! It's not the downloads that activates it. It's the executables.
@@erroroliver i know but why risk it, i did it in a VM because Kaspersky didnt detect it and I might have accidentally ran it. until the hash is known to all the different AV companies its dangrous. Its now showing as something like 50/100 on VirusTotal but before i reported it to Microsoft, Norton, Kaspersky, BitDefender and McAfee, it was 9/100.
When you ran it did it immediately got detected?
The sneakest ones(and these have been around for a long time) are repacked cracks where its the actual crack for a program but either due to a badly written crack or some simple exploit they can tag along extra things that get executed or they just write a wrapper for the original crack either way there are plenty who look like they did the job and thus make you way less suspicious about anything having gone wrong and makes it less likely you try to find a way to get rid of it.
Seen this happen to a few friends who all used the same reuploaded version of a game instead of getting it from the group who originally did it and they all had their info stolen and none of them knew why until they realize it all started after they got that game.
the ones making the malware get smarter but the average user seems to be getting more stupid.
Bro atleast tell us where did they download the repacks from. I always use fitgirl repacks are those safe?
@@pipacombate393 Listing the site here will most likely get the comment removed as they typically do when people mention places like it but her stuff if it comes from her .site are safe that much i can say.
@@pipacombate393There are lists on Reddit, if you are downloading from the original website, that should be safe
Hi, another great video. But I once had a question of interest. Do you know of any other channels (or would you make a video) that shed more light on spyware and malware on cell phones (especially iPhones)? As this is a topic that is often neglected, I would be interested to know whether users really notice whether malware or spyware is installed?
Thats a smooth transition to the sponsor segment
braucu ar vilcienu
Sponsorblock 😊
I would not be even slightly surprised if it was a publisher that placed the malware.
Sailing the seas hones your bullshit detector on pirating things
As a person who occasionally sails the sea, having a trusted platform helps a lot to find your pirated copy.
@@GregorianMG My issue as a newbie is finding safe waters to sail upon.
True but my bs detector has failed once =(
@@veteranhamster7410But those waters are home to large sea monsters😔
@@veteranhamster7410 1337xx is a good start. FitGirl and DODI repacks are highly respectable, and from that you can find more trusted sources.
beginner question but is it possible to get hacked merely by clicking a button in a web browser without receiving any kind of downloaded file?
I've been thinking for the last 2-3 years that the "big dogs" of malware (wannacry, etc) will gradually fade from common attacks. It's much easier and cheaper.
i gott a question, will having a portable chrome and having duplicated exe but there no trace of it saying chrome/google in process will that negate a stealer searching for those processe/default paths? also filecr is a site i use a lot lol
but even if you're not downloading a crack out of github you can never know if the crack is ok or not
because Antiviruses don't really like cracks on games - and when i'm downloading a cracked game - i downloading it with the crack in the installation of the game
that's why I look for source code of the crack, then look at the code and inspect it then finally compile it myself. I use stuff like pykms and etc.
Does also means they gonna make your computer running slow too right? Especially in windows explorer! 5:08
good information, nice channel, subbed
Flaaaarreeeeee!
Yooo it's the legend himself
Heyyyyy fellow Flare user! for those who don't know, John and I do a monthly (somewhat) hangout on our discord: discord.com/invite/y7q3qMM
So if ever wanted to hear UA-camrs talk about behind the scenes stuff, that's a gold session to join.
Hi, John
@@stage6fan475 i thought he isn't real john, (there's a underscore in name) 😭
This is why I couldn't get into many direct installation Ai systems and Git repositories that some influencers are pushing. Some in the instructions even encourage to disable your AV.
Hey, you should point out in another video in github or something, there is normal software in the malware repo's BUT at the veryy top of the repo's you scroll sideways, you will see a payload installing a malware
smoooooth sales pitch. Interesting site.
Woaw your video is SOO good, because i definitely download malware off github daily. You sure are a "security researcher"!!
somewhat unrelated but seeing that a "Toon-Boom" crack was apart of these campaigns made me realize they also go after artists and aspiring animators. I know I shouldn't be surprised but it still upsets me
please do a video about rav end point protection by reason labs
I've found quite a few of those on github, been making sure to report all the ones I find
Not saying that you should pirate, but having a FitGirl manning the ship can help out a lot.
How do we know if the software we already installed have info sealer
This is so accurate! My co worker downloaded something on GitHub and she confessed that it was an attempt to pirate a software. The infostealer manage to steal her notes and her cookies trying to hijack her sessions which was disrupted shortly since it was suspended by our IT Dept thereafter. We watch in real time how the infostealer did it's work and leave without a trace. So everyone! It's not like those malware or trojans where your computer are infected through a backdoor. It requires you to sort of execute it for it to run and operate it's working command.
The best way to avoid this is to not pirate softwares or games. Period.
This is why companies need to limit regular employee access
@@Oruta563 Yes and constant vigilance against behavioural patterns that leads to such penetration in the first place. Though infostealer isn't as heavyweight compared to other type of viruses such as leaving it's presence behind for future backdoor, it certainly warrants extra precautions such as changing your password for all accounts to prevent successful profiling penetration thereafter
Why is Defender UI actually recognized as a virus? You can also check that
What should u do if you got infected by this? Format?
Hi can you make a vid on atlas os. I think your input on whether or not its safe would be a cool topic.
I used atlas OS on top of the ghost spectre iso. It's safe. Even more safer than stock windows because there's no telemetry running, my processes only have like 50 processes on fresh install.
Same thing happened to me with a Mod for an Assassins Creed game yesterday. Exe was clean but the dll had a logger payload. Unfortunately i found out after running it. None of the normal tools (NPE, HitmanPro, Malwarebytes etc.) detected anything. Reinstalled windows anyway. Didnt format my other drives tho. Is there anything else i can do?
you mean besides taking more care about what you install on your PC? well you can try some advance HIPS utility like COMODO utility pack, some registry watcher like mjregwatcher. They MAY help you to make a right decision, but it's always your decision to run or not to run an unknown app or to hook a dll
I trust the song "RiveR - Solo" for my games and "known/trusted" pirates in the good ol pirate bay for other software
Theres no way this is happening, and theyre not all even gone, but when i uploaded memz to one of my repos to use on a vista vm (no tools moment) my account was banned after 1 day💀 and i cant get it back
I tried to download malware like that but my AV removed the file before I had a chance to test it with virus total
I was about to sign up with flare but they don't except gmail addresses. That's so strange
Does Microsoft Office app (cracked) that i got it from filelist can be a virus?
if you pirate from github thats on you tbh
The fun part is that even the screenshot of Obit states that it is the free version...
Why can't github/Microsoft scan for threats? I also found hacks for warzone on github/Microsoft. Probably root kit. 😅
I don’t want to give anyone idea (just typing this I might), but wouldnt github activation stuff like Windows activation or whatever may be, contain one of these?
If your referring to MAS no that’s completely different, they have a whole dedicated server and page explaining how it works but fakes do exist so be careful
So lets say, I use a VM with GPU pass-through. What will happen?
Will you please make a video about this matter?
The stealer will grab anything on that VM, GPU or not. Basically if you have that VM solely for gaming, it may not steal your credit card info, but will steal your online games credentials, as well as any game launcher info installed on that machine.
On a blank machine tho? Wont steal what's not there
I noticed this a while ago but forgot about it
Good info. Thanks. I'm sure so much of my data has been stolen, not like this, but still...
Could you analyze hydra launcher on git hub?
hydra launcher is trusted. it's basically a torrent client, and its source is up for everyone to read (and build its own release)
Hi please can you tell me how to track Powershell events in windows. Like which program triggered Powershell and what script was run in it. I saw somewhere it has something to do with gpedit, but I didn't understand it. It will be really helpful to all. Thanks
COMODO firewall is a way to catch system intrusions, including attempts to run powershell. Or any other program with good HIPS utility
@@user-od4gs3iu4t thanks
UPDATED 1
sorry to say (i am at 1 minute so dont judge me for the resoning...) but if the conclusion "Malware in Cracks on Github" only lays on 1 VT test?
then sorry to say...
but mostly EVERY crack gets detected on VT just because the softwar was "modified..."
but may there a more reasons XD
for this conclusion...
update1
3:47
an gdata report is more an reason :D
Actually my first ransomware that attack on my laptop is iobit software like their security, screen fecorder, and uninstaller, I installed qll of it and very next day my laptop now infected with ransomware I don't know what is the malware name but the extension I saw is .wrui
All cracks are considered malware of some kind even if they are genuinely harmless, because they make minor adjustments to the software on the system, just like a dangerous virus would. So you never know for sure if you screwed until you screwed,lol
nowadays people think github is a safe place to download stuff because it repos have source code, but it's already a huge red flag the repo itself only has a readme and license file and the download button redirects to somewhere else
It really is if you build it yourself and can read the code.
how is that repo still up...
A guy I know occasionally sails the high seas for software, and when he does he runs the cracks through virustotal just to be safe, how can this guy tell cracks/false positives from actual malware on VT? This person sees stuff like "packed" and "themida" on these files
Once you have quite an experience on sailing the high seas, you will bound to know where to look at good crack and how to avoid the bad crack with malware.
Hey Leo, Thanks for the video and sharing awareness. I would like to recommend a few steps to the audience on how to protect themselves from these threat actors.
1. Always use non-privileged user to operate your system on a daily basis
2. Run your browser using a different account.
3. Use Admin account with care and ensure you are 100% sure what you're doing.
4. Enable "Core Isolation" in Windows
5. Enable "Controlled folder access" and ensure to add only the known programs to the "Authorized" list.
Unfortunately that also happens to be highly inconvenient. I just do my research, rely on my antivirus and hope for the best 👍
thanks for the knowledge
i had something like this but i scanned it on virustotal it didnt give a flag tho it was virus
What if I download from direct github?
Still harmful?
Hey guys weird question but does anyone know any sites what you can download cursors without viruses?
Cursors, that sounds fun! I don't know, but I used to make them a long time ago, which is easy enough to do.
Cursor fx
Open Cursor Library, has an array of cursors. You do have to manually set everything to be said cursor in your pointer settings.
@@sunla how did u make them?
@@JajaofAbuja thanks 👍
We tried Flare, The company doesnt seem setup to accept new customers. They are insisting on phone interviews/verifications to demo their software. You got us interested in the software but the vendor dropped the ball on this one. Perhaps your next video can recommend another tool?
Ι kinda wonder. Why should someone download a cracked avast? I mean, he shouldnt even the official avast. :-)
is that a 3 swords style pirates jolly roger?
Same thing if people search on UA-cam for free-payed software linking to a phishing software
4:24 that's just a GPLv2 license lol
why would you goto an open source software hub for access to closed source software? Am I just thinking about this too rationally or who’s the target mark here?
i think its just people who know enough tech to know about open source then think "open source = safe"
It preys on the Dunning Kruger effect, people that thinks they know a lot about computers and the internet, while in reality just being ignorant.
@@romulo2714ironically the dunning-kruger effect has nothing to do with any of this
Lmao, you know who. Js and web devs.
because there ARE a lot of open source cracking/activation scripts
Wow, I found something on github and ran it, and an av provider stopped it from executing, I replicate it on a online sandbox and sure enough it is what it is, I even reset the entire computer in the end just to be extra safe.
How to know if the crack is really just a false positive or an actual virus? (without telling me to just purchase the app or install the free alternatives)
the short answer is: it's less expensive to pay for an app than for hiring an IT specialist who can make an informed decision about the modified file
Yolo it, then see it yourself.
Jokes aside, no easy answer here. I would say go for reputable source and then start from there.
I have already suffered this breach in April due to Telegram mod hack.
Telegram and WhatsApp are bad.
Could you review ESET NOD32?
Is fitgirl repack safe??
Yes she is among the most reputable people in pirating community
I was saddened to see this video after realizing that my pc was infected with trojans after downloading the wox app from github two days ago
In the meantime windows defender gave a warning message and when I scanned the pc with kaspersky I cleaned 4 trojans, but is this enough. What information was leaked?
Is flare easy to use for someone that has never been on the dark web?
I dont have dollars or money what must i do i need the app also
wait till people learn that file names are entirely aethstetic "you can even get malware in an msi file" made me lol
There's a Windows 11 activation script that's open source, but it's so much code I can't validate it myself but the r/piracy crowd just uses it
Yea no, never ever thought of downloading a random unverified repository from github. Its kinda obvious.
Even their website is very likely filled with bugs
i remember when i join to your discord and the moderators of the channel ban me for talk about crack and piracy , now we can?
Is there any free resources to check if your pc has malware?
Malwarebytes free, autoruns, process explorer
ESET online scanner seems like a good choice.
Analyzing malware is often harder than cracking software. I just make my own cracks whenever none of the trusted sources have one.
Not a trivial thing to do for most of.. well, anyone.
That sounds like so much more work than just using something open source
@talkingthoughts4747 he aint doing shit. He's here for attention: look guys how awesome I am.
@@visitante-pc5zcSpoken like someone who has never RE'd paid software before. Many paid softwares can be unlocked by just adding a mov and ret instruction to return true from a single function.
Try cracking denuvo games, if you can
Hope you had a good time in Nice ^_^
So what’s the correct way to pirate software?
On reputable sites.
Can kaspersky block these?
usually it has a lot of tags, thats a BIG red flag
Open source apps for mostly alternative to proprietary software not crack them.
In the early 2000's it was understandable to look for "options", but nowadays pirated software is so outdated. There is so much free and open source software for everything, that you don't need to pirate anything as a private person. No matter what software it is, there are free, safe, open source alternatives. Obviously not games, but this is not what we talk about here.
agreed for the most part. even VMWARE Pro just went free.
this is the same case as "valorant skinchanger"
Request: Could you make a dedicated token and session stealing video as I'd love to see it and I've fallen victim to it in the past. Nothing like giving a key to your front door to anybody!
Pirating software drops 99% after this video.
Great video as always!
Nah, the fact is that most of them will go to another site, I dont support it, but thats what always happens
To be fair, people who pirated for years and use their head know how to be safe when pirating, these days it's easier than ever (especially with reddit). Of course there are people who don't use their head, but that's on them, those people would probably get infected without pirating anything. It basically comes down to "download from trusted sources" and "don't run anything you don't trust".
@@Kalphalus I do support it, F companies
I do support it too, F you and the companies.
Nah, just look at other place, I already find mine.
Can you do a video on Microsoft's Recall? The AI thing they've got planned
that's why you should always check the repo and readme yourself and not go with the "Is on github so it should be fine!"
Run untrusted software in a sandbox or sandbox VM.
downloading a random exe off the internet to crack an antivirus must be the most chad thing I've ever seen
this also applies to hwid spoofers n all that
Pirating IObit or CCleaner is wild
i did that back then. 😂
pirating trash software is something else, truly
I would never pirate from Github and I'm very cautious about software Github needs to check their uploads or get banned in this day and age I only pirate video games that are considered abandoned whether you call it pirating is up to you because they don't really sell them anymore. However pirating software is where I cross the line I would just pay the subscription or just use basic protection on your computer that's the one real way to stay safe I mostly play Steam games I already know some pirating has viruses kind of hard to hack a Linux though.
The vast majority of virus alerts are false positives because of the software used to crack the game/program. You do get to know who you can trust for downloads but it takes experience and there's always a risk when using cracked software that someone has stuck a real virus in it.