I guess it makes sense that crypto scammers didn't think to hide from people inspecting elements on their site, they know cryptobros can't right click.
@@paranoiaproductions1221 Depends on where you launch them from in a newer Windows install, most times. (protip, don't install anything but the RTPs in their default positions if you can, put everything in a folder on disc root (C, D, or whatever else the drive uses) instead.) Source: I've just fought with RPG Maker 2000, 2003, and XP to get them on Win11, the RTP is fine on default path and my habit of putting the actual editors and games in a dedicated set of folders to remember what's using which engine has stopped antiviruses from whining (also stopped admin prompt and saves failing).
@@paranoiaproductions1221 Yes but you can tell when they are legit, also not every anti virus is the same I'd run something detected as a virus through at least one other program to check what kind it is
Reminds me of that GameStop NFT creator who made tons of sloth NFTs. They opened some malicious file to "collab" with someone, and ended up losing his seed phrase. This resulted in all the existing NFTs that had been sold to become worthless because the scammer had control of the wallet and could theoretically create more NFTs (although he just stole his money). Then the Sloth had to re-mint every single NFT with a new wallet and send the NEW, REAL nft to the old holders
8:15 It's also worth noting that a stealer malware can also steal your cookies, which allows them to bypass your 2FA because they don't need to actually sign in.
@@Mario583a You don't need a password for cookies, though. You can change it all you want if the site doesn't de authenticate that session, the cookie gives you access to the already logged in session. The "Remember this pc" also has nothing to do with saving session data in cookies which are stored in a trivially accessible database locally by your browser.
Amazing quality breakdown, as a cyber security person I love to see advanced topics broken down into human basic English for those less tech literate. I wish I had the production skills you have to be able to help build this bridge of awareness and avoidance for vulnerable people. Keep up the spectacular work
glad you found it interesting as a security person! I have no formal cyber security training, so everything I shared was just stuff I taught myself over the years
I'm not in cyber security but seeing the breakdown of the virus, what it does on a virtual machine, and everything else was very educational. Much better than repeating "don't download weird things" again and again. You did a good job.
Yea I was genuinely impressed. My man's out here with fancy softwares all over the place when I thought he was only for the funny nft gaming. Keep up ur right work !
@@theor3472 if you have been through scam baiting vods some of these tools and info are infact out in the open also security researchers are in the tube which is also a good thing watching LPL led me to some pen testing channels which then led me to tech security pen testing related channels
My favorite goof-up in their chain of stupid steps here was the 760M file magically coming out of a 26M zip along with several other directories "worth" of files. That implies the data was trivially compressed (IE, like you said mostly 0 bits) or self-springing, because there's no way in the nine hells an actual proper program, not even a launcher, scrunched that effectively.
Heck they could've just sent a small program without malware as a launcher and have it start to download the actual '700MB' file to make it look far more realistic.
When I saw it, I immediately thought of concept art from nightmareworld (a game prototype created entirely for the sake of demonstrating the incompetence of the developers of "dreamworld", an NFT scam game). I don't think it is from nightmareworld, but some of it looks similar.
Great video! 👍 Just wanted to point out @ 10:32 that reporting these scams is _very important,_ even if no-one responds to your specific complaint. You might not notice any immediate action being taken, but that doesn’t mean the report doesn’t achieve anything. Scammers rely on people's reluctance to report, knowing it's not feasible for cybersecurity teams & law enforcement to investigate small numbers of incidents… so reporting “near-misses” or attempts like this one always provides valuable info while helping the issue reach critical mass to prompt action by authorities. “Near-miss” data is also incredibly valuable for big-picture analytics & being proactive with security, _especially_ when there’s a significant social engineering element to it. If I get a scam text or email for a company I’m a customer of, I always report it to them because I know how useful that info is from the other side of the equation. Cybersecurity whack-a-mole is much easier to play if you can work out which hole they’re likely to pop out of next!
Yeah, the place I work for does this funny thing where THEY send you spam/fishing emails. Like, the cybersecurity team is the one sending them. If you report the spam you get a little “Good Job!” pop-up. I don’t know how well it works in general, but now MY first response at seeing something even slightly Sus is to report it as spam.
Great work, Jauwn. Their website and art actually look quite decent which is surprising. Still, the scam falls apart if you look closer. Or if you're not in the habit of downloading and running shady NFT games from the web. I guess that's an occupational hazard for you now. 🧐
@@asteroidrules Since it wasn't detected as AI made, I'm betting it wasn't and was just snagged off little known websites or sites that aren't cached by Google image so you can reverse search. (Such as pixiv). Just like was done with those articles. Easy to get professional quality material when you just steal it. No AI even needed.
Mate, I like to think I'm pretty up to date with all the scams going on, but this was mostly new to me, I firmly believe that EVERYONE should watch this video, super informative, I hope it can somehow go viral, I'll do my part.
One thing you didn't mention but is a HUGE red flag is a password-protected archive next to a password in a text file. The only reason I've ever seen that done is so that your antivirus cannot snipe the file dead as you're downloading it, as it has no way to decrypt the archive and access the contents. You ever see a password-protected archive like this, it should go directly to trash, no matter what it claims to be.
I came across a facebook bot today, i posted something with the word "hacked" in a public post and almost immediately i had someone with no posts and an obviously fake account comment with a link to someone who is her "computer wiz" and then the fishy link. I instantly blocked the user, took the post private and deleted the comment.
J, excellent video showcasing how easy it is to create a fully fleshed out profile online that appears legitimate at the surface level, and we could all use the refresher regardless of how experienced we are! P.S. I know gosh darn well you didn't just pronounce 1337 as thirteen thirty-seven.
All things considered the level of polish they put in to their fake website and social media should have been a red flag, it looks way too good to be a crypto game.
1:16 These are SUSPICIOUSLY similar numbers. You'd expect them to have closer to 16,000 Twitter followers if they have that many people on their Discord. It's a much less high-commitment action, so you'll automatically get more traction on that platform. Them being the same implies bots purchased in equal amounts for each Social Media Platform they're engaging on.
I thought that this is just a crypto scam uncover channel, I was pleasantly surprised when you start pentesting, packet capturing, and reverse engineering the scam
This is the most clean and simple exposition of a real scam , i see now how little one has to know to "hack" people... All you could do with just money and almost none computer knowledge. Thanks for this video
Dang, now Jauwn is getting into investigative videos? I can only like a video once my dude! Also, I would so enjoy a video just going over the cringe email offers you get ngl
I've taken a reverse engineering course as part of cybersecurity coursework, and worked with debuggers like IdaPro. Windows defender probably couldn't scan it for at least a couple reasons. One, it is novel, and lots of scanning is signature based, and perhaps the file definition table wasn't up to date, especially if you are using an unpatched windows VM. Two, and probably the biggest one, is that lots of malware is packed, that is compressed, in such a way as to obscure its intentions, and make it harder to analyze. The unpacking program will decompress the actual instructions before running those. It's possible the program was packed, though having at least one scanner successfully figure out what it was tells me that it wasn't THAT novel, as most malware worth their salt will use a custom packer (variants of UPX packer are common) and require manual analysis of some kind to reverse engineer. The inflated filesize is a separate issue which I think you covered well.
Immediately after this video I got an ad from (legit) bank warning about opening links that pretend to be postal service, your bank, IRS etc. and to stay safe online
😅 everyone keeps commenting this lol, I pinned my response. But SMS 2FA is miles better than Email 2FA, which is what I was trying to get at in the video. Guess it wasn't very clear
i've taken down a couple of websites like these, the scammers are always from countries where the police don't even care even when you send them their address and full name of the scammer, they just open another website and continue stealing money
its not entirely pointless math its a enlarge prompt, its entire purpose is basically to fill the code with pointless data, it basically is a bunch of math that is designed to increase its own file space, with the malware attached to it basically what happens is the code runs and gains the same error over and over wile secretly running the malware in the background. at least as far as i know
Thanks to this video, I could tell a friend-of-a-friend was hacked when they asked me to test an indie game "she" and "some friends" were "working on." They had an actual UA-cam of fake game footage and a fake website, too.
March 28rd is one reason i love this channel..like for real, this is one of my favorite channels. And im not a gamer, its just such good content. You have a great personality and you do a thorough job of explaining stuff while keeping it engaging.
The sheer amount of tools and techniques you used to pick this malware apart is what really impressed me. I consider myself pretty computer savvy but have not heard of 2/3 of these applications. Thanks for the detailed breakdown, inspired me to look into how some of these tools work so I can at least feel like I can browse more safely.
I like the explanations and programs featured to give a deeper look at things. Would a list of the sites used be put in the description or via text on screen for reference?
I was suspicious about how a 700+MB exe file can come out of a 27MB zip file. That level of compression just doesn't make sense. So I now know that you can make a fake exe that's filled with fake data to make it look over 20 times bigger than it actually is, as long as you don't compress it. Also I suspect the art may be plagiarised; If I look up the art lead, I can't find anything about her except her Twitter account which appears to all be crypto stuff, she doesn't appear to have a presence on any art sites (at least not under that name), no art comes up on image search, so I'm suspicious. (There's also the fact that I pretty much expect a scam project within a scam community to do plagiarism.)
the “no real people are named Nancy” made me actually have to stop and think, because i actually know no one, family, friend or celebrity, named Nancy. my mind just kept going to Nancy Wheeler. i know that people named Nancy exist, but I don’t know any
8:18 Please remember that token stealing will bypass MFA.. that's the truly scary part. Also, SMS 2FA is among the weakest type, as your phone number is a fairly easy target for social engineering.
I'm a Police officer and I'm tired of taking these reports where people are scammed anywhere from 100 to seriously $50,000. It's quite unfortunate tho, Grind Techiei Seriously thank you for flagging down these swindlers. You make me want to spend my next 10 years learning how to do this𝘀
I know this will sound stupid but I actually ran the exe on my PC. Took me 20 mins to realize what happened and I wiped my drives clean, reinstalled windows and did a ton of scans. This was about 7 days ago and I had text docs with some semi-important info. Nothing has happened so far though. And I safe now or can this thing survive even a clean reinstall?
Not stupid at all! Like I said this is a very convincing scam. As far as I know, there are very few pieces of malware that can persist through a full system wipe, and I wouldn’t think this one would be an exception. I would make sure to change every single password you have, starting with you email. You also want to make sure that you have 2FA enabled for all accounts. If they didn’t steal anything yet, there’s a chance that either you simply didn’t have anything interesting for them to steal, or they haven’t gotten around to it yet. If you had any seed phrases stored on the computer, those are probably compromised though, so I would get all of your crypto out of their ASAP. If they do manage to steal any of your crypto (if you have any) then it would be interesting to see what wallet they sent it to
@@jauwn Thanks for the reply. Already did all of that. FWIW I also played with the exe file in a controlled environment and malwarebytes found nothing. I also managed to scan it online (can't remember which one allowed the upload of such a large file) nothing was found. Avast picked it up and from your video I see that NOD did too. Did you manage to discover which files does it scan for?
It says something about the quality of crypto games when you get better website design and more effort from direct scam attacks then the actual 'triple-A' games.
Great analysis! I am particularly interested in your knowledge of the intricacies of this. Are you just a power user, or did you go to school for InfoSec? I did myself, so it feels to me like you did too, or you just do a lot of good self research. I'm curious to the case. I'd like to see more content of dissecting scam attempts, they are fun to watch the scammers fail spectacularly
Just a power user! Nothing I learned in school really helped me learn this sort of stuff. I learned way more just from being a PC power user since the early XP days, and was even more pushed to learn by my father who used to be a big PC enthusiast in the late 90s-early 2000s. I think the best way to learn this sort of stuff is to take an honest interest in it and start teaching yourself. School is great and all but your passion to learn will teach you far more in the long run.
@@jauwn Thank you for the response, yeah I've been an early PC power user myself since the early Win 2000 days. Interesting to hear your perspective. Like I mentioned, I hope you might do more of these scam attempt investigation videos they are fun to watch. I'm pretty much watching anything you put out though lately
I had my discord almost stolen by this type of scam and trust me it is ALWAYS smart to have 2FA, if i didn’t have discord support help me i would had been done for I had to completely restart my PC and that was always my most embarrassing moment, and to be honest seeing that scam being shown still scares me
Jauwn you did it again, this video is extremely entertaining, well put together AND informative. Your content is getting better and better with every upload :') Can't wait for the next crypto scam XD
i feel like that website is probably built off someones school project, which is why it looks so good... they likely WANTED to make a game at some point but dropped off because they realized it was more difficult than they expected. files fall into the internet cracks, some random shmuck rebrands it as a web3 project, bam boom scam time.
"If something seems too good to be true, it probably is." I learned a slightly different version studying business in college: "If something seems too good to be true, it is."
Thanks for the reminder to set up 2FA. I have it on a lot of my stuff but I had forgotten to set up non-email version on one of my more important passwords.
"Our new game engine, a program ran on a local device, uses Blockchain Technology, a means of intercommunication between a set of devices!" What Does That Even Mean
I appreciate getting to see how scams like this work There's been a few times that this kind of knowledge came in handy when helping my parents with certain situations
These 27 megabyte zip files that extract into a full game-like size are real funny. They are usually just endless downloader links and download an insane amount of bloatware programs and add toolbars to your browser. The only reason they can be compressed so much is because the file is padded with a bunch of zeroes/ones.
ASCII art like that is a safety blanket for people for the real people of the Internet, seeing it being used to steal money from real people and not corporations breaks my heart.
Brother please take care always and your team, *VortexTrace* you're the hero of us who helped watched out for this scumb**gs and give us knowledge not to be scam by these animals and aliens. Please never give up helping to those innocent people….!!!
The funniest part is that it still exists and people are still falling for it. Someone just messaged me saying he lost $10,000+ of crypto from downloading it.
@@jauwn I partly blame legitimate developers of Windows software who teach users to allow privileged access for every little thing. That way, when a malicious software comes along and asks for access, most users will click Yes without a second thought. I also blame Microsoft for making it seem like not a big deal to let software run as administrator and even higher privilege than that. That's what I like with Linux. Running a software as root is scary, as it bloody well should be.
@@oliver_twistor i think its a double issue ngl, on one hand, making it so easy/the norm to run things as admin or allow admin privileges is bad, but it's not helped that a suprising amount of normal stuff just often doesnt run without them.
Hey, they wanted to see a short recording of you launching the "game", right? Why not take a quick recording of you launching the .exe, asking "huh, it didn't open up. Did I do something wrong?" And then wait for them to notice they didn't even get any real info.
2FA that sends a code to your phone is actually pretty bad these days. Too easy to Sim swap people if they think you're worth it. An authenticator app is a better option
Looking at this again, I think I know why your virus did a bunch of useless calcs; It detected it was in a VM sandbox. A lot of droppers now can detect if they're in a VM and do a bunch of misdirecting junk rather than unpacking their payload in a bid to make it harder for security researchers to work out how they function, and it seems like you hit that here.
I think the most depressing thing to me is that (assuming not everything on the site is stolen) they have what could be an interesting looking game. Like drop the NFT thing and make it some kind of Card Battler or Darkest Dungeon style game out of it and they'd probably actually make money off it.
but if i change my mind and start using basic crypto (like Bitcoin) then i'll simply mine it and trade it as that seems much less volatile than buying a digital asset and hoping it doesnt crash in price
@@jauwn if i HAD to choose between mining or these nft games tho, i would choose mining because if you have hardware, you only really gotta pay the electricity used by the rig
@@tylern6420You cannot possibly mine efficiently enough to pay for the electricity you are using to mine in the first place. Maybe if this were 10 years ago.
I guess it makes sense that crypto scammers didn't think to hide from people inspecting elements on their site, they know cryptobros can't right click.
Lmao!
lol cryptobros unable to right click is probably my favourite example of a modern geas.
To be fair, the kind of person who falls for a crypto scam is too stupid to check.
lmfao
This joke's going over my head, can someone explain?
"Oh you're getting a virus alert from our software? Try disabling the anitvirus, that should get rid of the alert."
💀💀💀
Works for me every time, that was until i lost my anti virus subscription due to my bank being drained
Some game engines legitimately give antivirus alerts. Specifically older RPGMaker versions and Ren'py.
@@paranoiaproductions1221 Depends on where you launch them from in a newer Windows install, most times.
(protip, don't install anything but the RTPs in their default positions if you can, put everything in a folder on disc root (C, D, or whatever else the drive uses) instead.)
Source: I've just fought with RPG Maker 2000, 2003, and XP to get them on Win11, the RTP is fine on default path and my habit of putting the actual editors and games in a dedicated set of folders to remember what's using which engine has stopped antiviruses from whining (also stopped admin prompt and saves failing).
@@paranoiaproductions1221
Yes but you can tell when they are legit, also not every anti virus is the same I'd run something detected as a virus through at least one other program to check what kind it is
Wow, a scam that pretends to be a different scam. It's scamception!
I love that movie!
It's like when you tryna tell your friend is not gunna explode in Minecraft and you end up setting him on fire instead
@@XylophytaeI loved the part where Georgia Cloonèy scammed 200 dying children, jiggled her tits and started morbing all over the place.
@@MilesProwerTailsFoxTryna? Yeesh. That sounds bad, you might want to see a doctor about that.
It's more like a scam that pretends to be a recruitment for scammers, but the would-be recruits are actually the marks.
Reminds me of that GameStop NFT creator who made tons of sloth NFTs. They opened some malicious file to "collab" with someone, and ended up losing his seed phrase. This resulted in all the existing NFTs that had been sold to become worthless because the scammer had control of the wallet and could theoretically create more NFTs (although he just stole his money). Then the Sloth had to re-mint every single NFT with a new wallet and send the NEW, REAL nft to the old holders
🤣
Ah yes, another huge benefit of blockchain tech. Getting robbed blind with zero recourse. Future of finance for sure.
@@brandontoates Decentralization is so important though!
For thieves and scammers.
So much for non-fungible
If that can happen, why can’t they just assign randomized prices and worth the NFT since they can just ChatGPT new ones for free?
I have an Aunt Nancy, and it's good to finally know she isn't real. Thanks, Jauwn
We wouldn’t happen to be related, would we?
Same, except mine is my Uncle Nancy. Yeah, my grandparents were sadistic
@avgredditmod Boy named Sue situation. Did uncle Nancy meet his dad later on and start a barfight?
lol what a reference@@snakewithapen5489
@@arandomstreetcat what is "sadistic"
8:15 It's also worth noting that a stealer malware can also steal your cookies, which allows them to bypass your 2FA because they don't need to actually sign in.
Yup.
Just changing your password is enough to make this not work as well as unchecking the [Remember this location/this pc]
Cookie Monster: "And I took that personally"
@@Mario583a You don't need a password for cookies, though. You can change it all you want if the site doesn't de authenticate that session, the cookie gives you access to the already logged in session. The "Remember this pc" also has nothing to do with saving session data in cookies which are stored in a trivially accessible database locally by your browser.
@@pantallahueso ah yes
The ol' session hijack trick
Not only was this entertaining, this was also educational.
I guess you could say that this content is called...
Edutainment.
Amazing quality breakdown, as a cyber security person I love to see advanced topics broken down into human basic English for those less tech literate. I wish I had the production skills you have to be able to help build this bridge of awareness and avoidance for vulnerable people. Keep up the spectacular work
glad you found it interesting as a security person! I have no formal cyber security training, so everything I shared was just stuff I taught myself over the years
bro just try, i'm sure you'll manage to make some at least decent videos
I'm not in cyber security but seeing the breakdown of the virus, what it does on a virtual machine, and everything else was very educational. Much better than repeating "don't download weird things" again and again. You did a good job.
i think this is the video where I realized this guy knew way more than I thought he did about tech stuff
Eh im still no expert though I just pretend I am
@@jauwnHow do I know that you're just pretending to pretend that you know, and actually DO know?
Yea I was genuinely impressed. My man's out here with fancy softwares all over the place when I thought he was only for the funny nft gaming. Keep up ur right work !
@@theor3472 if you have been through scam baiting vods some of these tools and info are infact out in the open also security researchers are in the tube which is also a good thing watching LPL led me to some pen testing channels which then led me to tech security pen testing related channels
@@jauwn😂
My favorite goof-up in their chain of stupid steps here was the 760M file magically coming out of a 26M zip along with several other directories "worth" of files. That implies the data was trivially compressed (IE, like you said mostly 0 bits) or self-springing, because there's no way in the nine hells an actual proper program, not even a launcher, scrunched that effectively.
Unless it's Kkrieger which it's not.
Heck they could've just sent a small program without malware as a launcher and have it start to download the actual '700MB' file to make it look far more realistic.
@@someguy4915 Exe files downloading and then executing other exe files usually get detected by heuristic anivirus.
The classic "billion laughs attack"
That's pretty normal compression.
I bet they stole the assets of an old failed crowdfunding game to make theirs look legit.
When I saw it, I immediately thought of concept art from nightmareworld (a game prototype created entirely for the sake of demonstrating the incompetence of the developers of "dreamworld", an NFT scam game).
I don't think it is from nightmareworld, but some of it looks similar.
Hey! You forgot about the other places that style of ASCII art appears. Old all-text game walkthroughs and mod readmes.
Yeah, was gonna say so. I remember seeing that kind of stuff on old forums like gamefaqs frequently for guides.
Gamefaqs my beloved
GameFAQs! Just thinking about that takes me back. I used to read stuff on that site for hours as a kid.
I remember printing out and stapling together a walkthrough for Lego Star Wars 2; that thing got tattered from near-constant use.
Yeah I've seen those when playing FNF moods.
Great video! 👍 Just wanted to point out @ 10:32 that reporting these scams is _very important,_ even if no-one responds to your specific complaint. You might not notice any immediate action being taken, but that doesn’t mean the report doesn’t achieve anything. Scammers rely on people's reluctance to report, knowing it's not feasible for cybersecurity teams & law enforcement to investigate small numbers of incidents… so reporting “near-misses” or attempts like this one always provides valuable info while helping the issue reach critical mass to prompt action by authorities.
“Near-miss” data is also incredibly valuable for big-picture analytics & being proactive with security, _especially_ when there’s a significant social engineering element to it. If I get a scam text or email for a company I’m a customer of, I always report it to them because I know how useful that info is from the other side of the equation. Cybersecurity whack-a-mole is much easier to play if you can work out which hole they’re likely to pop out of next!
Every report gives every other report validity. One report is a false positive, a hundred reports is a matter of concern.
@@migueeeelet and a million reports is hopefully someone in jail (or at least fined, which I guess is... *fine.* ... yea that was a bad joke)
Yeah, the place I work for does this funny thing where THEY send you spam/fishing emails. Like, the cybersecurity team is the one sending them. If you report the spam you get a little “Good Job!” pop-up. I don’t know how well it works in general, but now MY first response at seeing something even slightly Sus is to report it as spam.
Great work, Jauwn. Their website and art actually look quite decent which is surprising. Still, the scam falls apart if you look closer. Or if you're not in the habit of downloading and running shady NFT games from the web. I guess that's an occupational hazard for you now. 🧐
Just another day out working in the mine field
I do have to wonder how much of the art was plagiarized, since clearly the text is.
@@asteroidrules Since it wasn't detected as AI made, I'm betting it wasn't and was just snagged off little known websites or sites that aren't cached by Google image so you can reverse search. (Such as pixiv). Just like was done with those articles. Easy to get professional quality material when you just steal it. No AI even needed.
I think they just booted up Inkarnate, a tool mostly used by Tabletop RPG GMs to quickly make fantasy worlds.
Mate, I like to think I'm pretty up to date with all the scams going on, but this was mostly new to me, I firmly believe that EVERYONE should watch this video, super informative, I hope it can somehow go viral, I'll do my part.
You are _never_ up to date on the scams.
"there are no real people with the name nancy" -got me laughing
One thing you didn't mention but is a HUGE red flag is a password-protected archive next to a password in a text file. The only reason I've ever seen that done is so that your antivirus cannot snipe the file dead as you're downloading it, as it has no way to decrypt the archive and access the contents.
You ever see a password-protected archive like this, it should go directly to trash, no matter what it claims to be.
Fun fact, Magical World is a D&D slang term for a campaign or setting that revolves around the DM's sexual fetish(es)
You mean "Dare you enter my Magical Realm?"
@@coltonlong7562 All bow before the Whizzard
Would this magical world have anything to do with putting on a robe and wizard hat?
@@ZorotheGallade wizhard
@@ZorotheGallade Don't you mean the Jizzard?
My guess is that the art and gameplay clips look legitimate because it is. They probably stole it from another crypto project or a failed kickstarter.
I came across a facebook bot today, i posted something with the word "hacked" in a public post and almost immediately i had someone with no posts and an obviously fake account comment with a link to someone who is her "computer wiz" and then the fishy link. I instantly blocked the user, took the post private and deleted the comment.
J, excellent video showcasing how easy it is to create a fully fleshed out profile online that appears legitimate at the surface level, and we could all use the refresher regardless of how experienced we are!
P.S. I know gosh darn well you didn't just pronounce 1337 as thirteen thirty-seven.
If you think I'm going to say the word "leet" out loud in 2023 you're dead wrong
@@jauwn it's "one thousand three hundred and thirty-seven"
LOLOLOLO 1053R @@jauwn
@@Unnamed86 You forgot "In The Year of Our Lord" at the beginning
@@Unnamed86no it's one thirty three seven
After that ASCII art I thought there would be an installer playing a royalty free song.
All things considered the level of polish they put in to their fake website and social media should have been a red flag, it looks way too good to be a crypto game.
1:16 These are SUSPICIOUSLY similar numbers. You'd expect them to have closer to 16,000 Twitter followers if they have that many people on their Discord. It's a much less high-commitment action, so you'll automatically get more traction on that platform. Them being the same implies bots purchased in equal amounts for each Social Media Platform they're engaging on.
I thought that this is just a crypto scam uncover channel, I was pleasantly surprised when you start pentesting, packet capturing, and reverse engineering the scam
This is the most clean and simple exposition of a real scam , i see now how little one has to know to "hack" people...
All you could do with just money and almost none computer knowledge.
Thanks for this video
obsessed with the way you systematically deconstructed their whole deal, informative ~and~ satisfying
I looked it up and saw that there are people named Nancy😱
Fake (real)
Dang, now Jauwn is getting into investigative videos? I can only like a video once my dude!
Also, I would so enjoy a video just going over the cringe email offers you get ngl
The most suspicious part of this was seeing the ASCII art without hearing some banger of a chiptune song blaring.
"Dear" and "Kindly" are instant flags that whatever being pitched is a scam
Dude seriously tried to Bioshock you? “would a you Kindly to be turning off your abitivrus software please now kindly.”
That game must've trained me to never listen to anyone saying "kindly" do anything
you should of cobbled together a game launcher for the game and sent them a screen shot of that
I've taken a reverse engineering course as part of cybersecurity coursework, and worked with debuggers like IdaPro. Windows defender probably couldn't scan it for at least a couple reasons. One, it is novel, and lots of scanning is signature based, and perhaps the file definition table wasn't up to date, especially if you are using an unpatched windows VM. Two, and probably the biggest one, is that lots of malware is packed, that is compressed, in such a way as to obscure its intentions, and make it harder to analyze. The unpacking program will decompress the actual instructions before running those. It's possible the program was packed, though having at least one scanner successfully figure out what it was tells me that it wasn't THAT novel, as most malware worth their salt will use a custom packer (variants of UPX packer are common) and require manual analysis of some kind to reverse engineer. The inflated filesize is a separate issue which I think you covered well.
Awesome work Jauwn. And, just for the record, I believe March 28rd will be the day of the MOASS. Buckle up.
Immediately after this video I got an ad from (legit) bank warning about opening links that pretend to be postal service, your bank, IRS etc. and to stay safe online
Probably worth noting that SMS 2FA is usually considered one of the least secure 2FA types
😅 everyone keeps commenting this lol, I pinned my response. But SMS 2FA is miles better than Email 2FA, which is what I was trying to get at in the video. Guess it wasn't very clear
i've taken down a couple of websites like these, the scammers are always from countries where the police don't even care even when you send them their address and full name of the scammer, they just open another website and continue stealing money
its not entirely pointless math its a enlarge prompt, its entire purpose is basically to fill the code with pointless data, it basically is a bunch of math that is designed to increase its own file space, with the malware attached to it basically what happens is the code runs and gains the same error over and over wile secretly running the malware in the background. at least as far as i know
Yuuuup you are right I learned that after making the video
yeh malware coding is like a whole thing, use to do stuff about f12 coding at collage and what applications binary can have@@jauwn
CIH did a similar thing back in the 1990's
yerp@@MandrakeFernflower
Thanks to this video, I could tell a friend-of-a-friend was hacked when they asked me to test an indie game "she" and "some friends" were "working on." They had an actual UA-cam of fake game footage and a fake website, too.
Hell yeah!
Running a virtual is crazy useful to protect your pc I wish I understood more about this kind of stuff
Best. Thumbnail. Ever. Thumbnailed.
i watched this and expected your subscriber count to be like 500k wtf, this video was awesome + you’re definitely gonna grow very quickly :))
March 28rd is one reason i love this channel..like for real, this is one of my favorite channels. And im not a gamer, its just such good content. You have a great personality and you do a thorough job of explaining stuff while keeping it engaging.
thanks buddy
The sheer amount of tools and techniques you used to pick this malware apart is what really impressed me. I consider myself pretty computer savvy but have not heard of 2/3 of these applications. Thanks for the detailed breakdown, inspired me to look into how some of these tools work so I can at least feel like I can browse more safely.
I like the explanations and programs featured to give a deeper look at things. Would a list of the sites used be put in the description or via text on screen for reference?
I was suspicious about how a 700+MB exe file can come out of a 27MB zip file. That level of compression just doesn't make sense. So I now know that you can make a fake exe that's filled with fake data to make it look over 20 times bigger than it actually is, as long as you don't compress it.
Also I suspect the art may be plagiarised; If I look up the art lead, I can't find anything about her except her Twitter account which appears to all be crypto stuff, she doesn't appear to have a presence on any art sites (at least not under that name), no art comes up on image search, so I'm suspicious. (There's also the fact that I pretty much expect a scam project within a scam community to do plagiarism.)
It could just be stolen art, do a reverse image search
Came for the crypto scam, stayed for the fun malware analysis work.
You are a gift to humanity; thank you.
the “no real people are named Nancy” made me actually have to stop and think, because i actually know no one, family, friend or celebrity, named Nancy. my mind just kept going to Nancy Wheeler. i know that people named Nancy exist, but I don’t know any
still hard to believe people like this can exist, it’s great how there are websites to handle these viruses
8:18 Please remember that token stealing will bypass MFA.. that's the truly scary part.
Also, SMS 2FA is among the weakest type, as your phone number is a fairly easy target for social engineering.
Man...... You are tickling my fancy making me feel internet savvy and unscammable in this video. The ASCII art brought me back to TPB glory days.
I am wondering if the scammer got the assets of some abandoned project to make their website looks legit?
I'm a Police officer and I'm tired of taking these reports where people are scammed anywhere from 100 to seriously $50,000. It's quite unfortunate tho, Grind Techiei Seriously thank you for flagging down these swindlers. You make me want to spend my next 10 years learning how to do this𝘀
I know this will sound stupid but I actually ran the exe on my PC. Took me 20 mins to realize what happened and I wiped my drives clean, reinstalled windows and did a ton of scans.
This was about 7 days ago and I had text docs with some semi-important info. Nothing has happened so far though.
And I safe now or can this thing survive even a clean reinstall?
Not stupid at all! Like I said this is a very convincing scam.
As far as I know, there are very few pieces of malware that can persist through a full system wipe, and I wouldn’t think this one would be an exception. I would make sure to change every single password you have, starting with you email. You also want to make sure that you have 2FA enabled for all accounts.
If they didn’t steal anything yet, there’s a chance that either you simply didn’t have anything interesting for them to steal, or they haven’t gotten around to it yet. If you had any seed phrases stored on the computer, those are probably compromised though, so I would get all of your crypto out of their ASAP.
If they do manage to steal any of your crypto (if you have any) then it would be interesting to see what wallet they sent it to
@@jauwn Thanks for the reply. Already did all of that. FWIW I also played with the exe file in a controlled environment and malwarebytes found nothing. I also managed to scan it online (can't remember which one allowed the upload of such a large file) nothing was found.
Avast picked it up and from your video I see that NOD did too. Did you manage to discover which files does it scan for?
Not sure I understand your question. What files does what scan for?
Consider all your browser passwords sold
It says something about the quality of crypto games when you get better website design and more effort from direct scam attacks then the actual 'triple-A' games.
Great analysis! I am particularly interested in your knowledge of the intricacies of this. Are you just a power user, or did you go to school for InfoSec? I did myself, so it feels to me like you did too, or you just do a lot of good self research. I'm curious to the case. I'd like to see more content of dissecting scam attempts, they are fun to watch the scammers fail spectacularly
Just a power user! Nothing I learned in school really helped me learn this sort of stuff. I learned way more just from being a PC power user since the early XP days, and was even more pushed to learn by my father who used to be a big PC enthusiast in the late 90s-early 2000s.
I think the best way to learn this sort of stuff is to take an honest interest in it and start teaching yourself. School is great and all but your passion to learn will teach you far more in the long run.
@@jauwn Thank you for the response, yeah I've been an early PC power user myself since the early Win 2000 days. Interesting to hear your perspective. Like I mentioned, I hope you might do more of these scam attempt investigation videos they are fun to watch. I'm pretty much watching anything you put out though lately
I had my discord almost stolen by this type of scam and trust me it is ALWAYS smart to have 2FA, if i didn’t have discord support help me i would had been done for
I had to completely restart my PC and that was always my most embarrassing moment, and to be honest seeing that scam being shown still scares me
"Crypto Scam"
Next time someone asks you for an example of a tautology.
Jauwn you did it again, this video is extremely entertaining, well put together AND informative.
Your content is getting better and better with every upload :')
Can't wait for the next crypto scam XD
i feel like that website is probably built off someones school project, which is why it looks so good... they likely WANTED to make a game at some point but dropped off because they realized it was more difficult than they expected. files fall into the internet cracks, some random shmuck rebrands it as a web3 project, bam boom scam time.
This needs far more views to spread awareness of this kind of scam
"If something seems too good to be true, it probably is." I learned a slightly different version studying business in college: "If something seems too good to be true, it is."
Hearing Jauwn spell out "thirteen thirty-seven" instead of saying "leet" kind of hurts me
@@sofastuffing good
well NFTS are always a scam the way i see it
I love this IT investigation arc.
Thanks for the reminder to set up 2FA. I have it on a lot of my stuff but I had forgotten to set up non-email version on one of my more important passwords.
"Our new game engine, a program ran on a local device, uses Blockchain Technology, a means of intercommunication between a set of devices!" What Does That Even Mean
I appreciate getting to see how scams like this work
There's been a few times that this kind of knowledge came in handy when helping my parents with certain situations
Hey that ASCII text isn't JUST from nefarious files, it's also from every gamefaqs walkthrough circa 2010
My childhood remembers ascii artwork at the start of walkthrough guides back in the day for games.
These 27 megabyte zip files that extract into a full game-like size are real funny. They are usually just endless downloader links and download an insane amount of bloatware programs and add toolbars to your browser. The only reason they can be compressed so much is because the file is padded with a bunch of zeroes/ones.
No reference to old Gamefaqs with the ASCII art smh.
man, the website looks so good too. they should have made an actual game XD
I find it funny how crypto games keep asking to be sponsored and end up getting completely exposed
ASCII art like that is a safety blanket for people for the real people of the Internet, seeing it being used to steal money from real people and not corporations breaks my heart.
I use ascii art for my batch programs to just make em look nicer
i declare marshall law against crypto scams
I teach computer science. This was an excellent video about the importance of following basic safety practices when online.
Pointless math? Wow it is a crypto game after all
Only recently discovered your channel and been binging the content. Didn't ever expect to see VT, Triage, and Ghidra referenced. Love it.
Brother please take care always and your team, *VortexTrace* you're the hero of us who helped watched out for this scumb**gs and give us knowledge not to be scam by these animals and aliens. Please never give up helping to those innocent people….!!!
Yeah this whole thing just screams "scam"
The funniest part is that it still exists and people are still falling for it. Someone just messaged me saying he lost $10,000+ of crypto from downloading it.
@@jauwn damn
@@jauwn I partly blame legitimate developers of Windows software who teach users to allow privileged access for every little thing. That way, when a malicious software comes along and asks for access, most users will click Yes without a second thought. I also blame Microsoft for making it seem like not a big deal to let software run as administrator and even higher privilege than that. That's what I like with Linux. Running a software as root is scary, as it bloody well should be.
@@oliver_twistor i think its a double issue ngl, on one hand, making it so easy/the norm to run things as admin or allow admin privileges is bad, but it's not helped that a suprising amount of normal stuff just often doesnt run without them.
My mom’s name is Nancy and our last name starts with B. Suspicious.
explaining it like i was 5 was Very good and i rly liked this vid. Educational , simple 2 follow and quite Funny tbh
Searching the IP at ~9:47 seems to lead to other 'projects' like this one.
Hey, they wanted to see a short recording of you launching the "game", right? Why not take a quick recording of you launching the .exe, asking "huh, it didn't open up. Did I do something wrong?" And then wait for them to notice they didn't even get any real info.
The AI Detector will also say that clearly AI generated Artwork, has less than 10% AI in it. It's not reliable Proof.
2FA that sends a code to your phone is actually pretty bad these days. Too easy to Sim swap people if they think you're worth it. An authenticator app is a better option
Looking at this again, I think I know why your virus did a bunch of useless calcs; It detected it was in a VM sandbox. A lot of droppers now can detect if they're in a VM and do a bunch of misdirecting junk rather than unpacking their payload in a bid to make it harder for security researchers to work out how they function, and it seems like you hit that here.
Very well could be the case
I think the most depressing thing to me is that (assuming not everything on the site is stolen) they have what could be an interesting looking game. Like drop the NFT thing and make it some kind of Card Battler or Darkest Dungeon style game out of it and they'd probably actually make money off it.
5:09 depends on the game, for example cdda has only around 70 MB and its huge
It must be good that i'll like never interact with this blockchain stuff then
but if i change my mind and start using basic crypto (like Bitcoin) then i'll simply mine it and trade it as that seems much less volatile than buying a digital asset and hoping it doesnt crash in price
Nah it’s not worth it you’re not missing anything by just ignoring anything crypto
@@jauwn fair enough
@@jauwn if i HAD to choose between mining or these nft games tho, i would choose mining because if you have hardware, you only really gotta pay the electricity used by the rig
@@tylern6420You cannot possibly mine efficiently enough to pay for the electricity you are using to mine in the first place. Maybe if this were 10 years ago.
Oppa Gangnam style. Elite haxxzor defending skills on display. Good vid!
excellent breakdown of the scam! knowing how these things look and work is super helpful
Thats some nice detective work their Nancy Drew
Imagine when bots are going to become sentient.
OnlyFan bots and crypto bots are going to rule the world.