A Dangerous Crypto Scam is Targeting YouTubers
Вставка
- Опубліковано 14 бер 2023
- Yesterday, a pretty blatant #crypto #scam reached out to me via Discord to coordinate a promotional video. Obviously, I would never do a promotional video for a crypto game, so I decided to have a little bit of fun with them. However, what I uncovered was instead a very sophisticated and scary piece of malware.
I decided to perform a little bit of malware analysis on this and break their scam down to help raise awareness. While a scam like this may seem obvious if you have a strong technical background, this specific example was much more convincing than some of the others I've seen in the past.
They asked for a promotional video, I delivered!
Thanks for watching!
Subscribe:
/ @jauwn
Buy me a Coffee:
ko-fi.com/jauwn
Follow me on Twitter:
/ jauwnio
Join our Discord!:
/ discord - Ігри
I guess it makes sense that crypto scammers didn't think to hide from people inspecting elements on their site, they know cryptobros can't right click.
Lmao!
lol cryptobros unable to right click is probably my favourite example of a modern geas.
To be fair, the kind of person who falls for a crypto scam is too stupid to check.
lmfao
This joke's going over my head, can someone explain?
"Oh you're getting a virus alert from our software? Try disabling the anitvirus, that should get rid of the alert."
💀💀💀
Works for me every time, that was until i lost my anti virus subscription due to my bank being drained
Some game engines legitimately give antivirus alerts. Specifically older RPGMaker versions and Ren'py.
@@paranoiaproductions1221 Depends on where you launch them from in a newer Windows install, most times.
(protip, don't install anything but the RTPs in their default positions if you can, put everything in a folder on disc root (C, D, or whatever else the drive uses) instead.)
Source: I've just fought with RPG Maker 2000, 2003, and XP to get them on Win11, the RTP is fine on default path and my habit of putting the actual editors and games in a dedicated set of folders to remember what's using which engine has stopped antiviruses from whining (also stopped admin prompt and saves failing).
@@paranoiaproductions1221
Yes but you can tell when they are legit, also not every anti virus is the same I'd run something detected as a virus through at least one other program to check what kind it is
Wow, a scam that pretends to be a different scam. It's scamception!
I love that movie!
It's like when you tryna tell your friend is not gunna explode in Minecraft and you end up setting him on fire instead
@@XylophytaeI loved the part where Georgia Cloonèy scammed 200 dying children, jiggled her tits and started morbing all over the place.
@@MilesProwerTailsFoxTryna? Yeesh. That sounds bad, you might want to see a doctor about that.
It's more like a scam that pretends to be a recruitment for scammers, but the would-be recruits are actually the marks.
I have an Aunt Nancy, and it's good to finally know she isn't real. Thanks, Jauwn
We wouldn’t happen to be related, would we?
Same, except mine is my Uncle Nancy. Yeah, my grandparents were sadistic
@avgredditmod Boy named Sue situation. Did uncle Nancy meet his dad later on and start a barfight?
lol what a reference@@snakewithapen5489
@@avgredditmod what is "sadistic"
Reminds me of that GameStop NFT creator who made tons of sloth NFTs. They opened some malicious file to "collab" with someone, and ended up losing his seed phrase. This resulted in all the existing NFTs that had been sold to become worthless because the scammer had control of the wallet and could theoretically create more NFTs (although he just stole his money). Then the Sloth had to re-mint every single NFT with a new wallet and send the NEW, REAL nft to the old holders
🤣
Ah yes, another huge benefit of blockchain tech. Getting robbed blind with zero recourse. Future of finance for sure.
@@brandontoates Decentralization is so important though!
For thieves and scammers.
So much for non-fungible
If that can happen, why can’t they just assign randomized prices and worth the NFT since they can just ChatGPT new ones for free?
Not only was this entertaining, this was also educational.
I guess you could say that this content is called...
Edutainment.
Amazing quality breakdown, as a cyber security person I love to see advanced topics broken down into human basic English for those less tech literate. I wish I had the production skills you have to be able to help build this bridge of awareness and avoidance for vulnerable people. Keep up the spectacular work
glad you found it interesting as a security person! I have no formal cyber security training, so everything I shared was just stuff I taught myself over the years
@@jauwnthe best school is good logical thinking
My favorite goof-up in their chain of stupid steps here was the 760M file magically coming out of a 26M zip along with several other directories "worth" of files. That implies the data was trivially compressed (IE, like you said mostly 0 bits) or self-springing, because there's no way in the nine hells an actual proper program, not even a launcher, scrunched that effectively.
Unless it's Kkrieger which it's not.
Heck they could've just sent a small program without malware as a launcher and have it start to download the actual '700MB' file to make it look far more realistic.
@@someguy4915 Exe files downloading and then executing other exe files usually get detected by heuristic anivirus.
The classic "billion laughs attack"
That's pretty normal compression.
8:15 It's also worth noting that a stealer malware can also steal your cookies, which allows them to bypass your 2FA because they don't need to actually sign in.
Yup.
Just changing your password is enough to make this not work as well as unchecking the [Remember this location/this pc]
Cookie Monster: "And I took that personally"
i think this is the video where I realized this guy knew way more than I thought he did about tech stuff
Eh im still no expert though I just pretend I am
@@jauwnHow do I know that you're just pretending to pretend that you know, and actually DO know?
Yea I was genuinely impressed. My man's out here with fancy softwares all over the place when I thought he was only for the funny nft gaming. Keep up ur right work !
@@theor3472 if you have been through scam baiting vods some of these tools and info are infact out in the open also security researchers are in the tube which is also a good thing watching LPL led me to some pen testing channels which then led me to tech security pen testing related channels
@@jauwn😂
"there are no real people with the name nancy" -got me laughing
Great video! 👍 Just wanted to point out @ 10:32 that reporting these scams is _very important,_ even if no-one responds to your specific complaint. You might not notice any immediate action being taken, but that doesn’t mean the report doesn’t achieve anything. Scammers rely on people's reluctance to report, knowing it's not feasible for cybersecurity teams & law enforcement to investigate small numbers of incidents… so reporting “near-misses” or attempts like this one always provides valuable info while helping the issue reach critical mass to prompt action by authorities.
“Near-miss” data is also incredibly valuable for big-picture analytics & being proactive with security, _especially_ when there’s a significant social engineering element to it. If I get a scam text or email for a company I’m a customer of, I always report it to them because I know how useful that info is from the other side of the equation. Cybersecurity whack-a-mole is much easier to play if you can work out which hole they’re likely to pop out of next!
Every report gives every other report validity. One report is a false positive, a hundred reports is a matter of concern.
@@migueeeelet and a million reports is hopefully someone in jail (or at least fined, which I guess is... *fine.* ... yea that was a bad joke)
Hey! You forgot about the other places that style of ASCII art appears. Old all-text game walkthroughs and mod readmes.
Yeah, was gonna say so. I remember seeing that kind of stuff on old forums like gamefaqs frequently for guides.
Gamefaqs my beloved
GameFAQs! Just thinking about that takes me back. I used to read stuff on that site for hours as a kid.
I remember printing out and stapling together a walkthrough for Lego Star Wars 2; that thing got tattered from near-constant use.
I'm not in cyber security but seeing the breakdown of the virus, what it does on a virtual machine, and everything else was very educational. Much better than repeating "don't download weird things" again and again. You did a good job.
Great work, Jauwn. Their website and art actually look quite decent which is surprising. Still, the scam falls apart if you look closer. Or if you're not in the habit of downloading and running shady NFT games from the web. I guess that's an occupational hazard for you now. 🧐
Just another day out working in the mine field
I do have to wonder how much of the art was plagiarized, since clearly the text is.
@@asteroidrules Since it wasn't detected as AI made, I'm betting it wasn't and was just snagged off little known websites or sites that aren't cached by Google image so you can reverse search. (Such as pixiv). Just like was done with those articles. Easy to get professional quality material when you just steal it. No AI even needed.
I think they just booted up Inkarnate, a tool mostly used by Tabletop RPG GMs to quickly make fantasy worlds.
Fun fact, Magical World is a D&D slang term for a campaign or setting that revolves around the DM's sexual fetish(es)
You mean "Dare you enter my Magical Realm?"
@@coltonlong7562 All bow before the Whizzard
Would this magical world have anything to do with putting on a robe and wizard hat?
dude my ex was writing a magical world 😂
@@ZorotheGallade wizhard
Mate, I like to think I'm pretty up to date with all the scams going on, but this was mostly new to me, I firmly believe that EVERYONE should watch this video, super informative, I hope it can somehow go viral, I'll do my part.
I bet they stole the assets of an old failed crowdfunding game to make theirs look legit.
When I saw it, I immediately thought of concept art from nightmareworld (a game prototype created entirely for the sake of demonstrating the incompetence of the developers of "dreamworld", an NFT scam game).
I don't think it is from nightmareworld, but some of it looks similar.
J, excellent video showcasing how easy it is to create a fully fleshed out profile online that appears legitimate at the surface level, and we could all use the refresher regardless of how experienced we are!
P.S. I know gosh darn well you didn't just pronounce 1337 as thirteen thirty-seven.
If you think I'm going to say the word "leet" out loud in 2023 you're dead wrong
@@jauwn it's "one thousand three hundred and thirty-seven"
LOLOLOLO 1053R @@jauwn
@@Unnamed86 You forgot "In The Year of Our Lord" at the beginning
@@Unnamed86no it's one thirty three seven
One thing you didn't mention but is a HUGE red flag is a password-protected archive next to a password in a text file. The only reason I've ever seen that done is so that your antivirus cannot snipe the file dead as you're downloading it, as it has no way to decrypt the archive and access the contents.
You ever see a password-protected archive like this, it should go directly to trash, no matter what it claims to be.
I looked it up and saw that there are people named Nancy😱
Fake (real)
After that ASCII art I thought there would be an installer playing a royalty free song.
My guess is that the art and gameplay clips look legitimate because it is. They probably stole it from another crypto project or a failed kickstarter.
I came across a facebook bot today, i posted something with the word "hacked" in a public post and almost immediately i had someone with no posts and an obviously fake account comment with a link to someone who is her "computer wiz" and then the fishy link. I instantly blocked the user, took the post private and deleted the comment.
All things considered the level of polish they put in to their fake website and social media should have been a red flag, it looks way too good to be a crypto game.
Dang, now Jauwn is getting into investigative videos? I can only like a video once my dude!
Also, I would so enjoy a video just going over the cringe email offers you get ngl
you should of cobbled together a game launcher for the game and sent them a screen shot of that
Dude seriously tried to Bioshock you? “would a you Kindly to be turning off your abitivrus software please now kindly.”
That game must've trained me to never listen to anyone saying "kindly" do anything
Best. Thumbnail. Ever. Thumbnailed.
Probably worth noting that SMS 2FA is usually considered one of the least secure 2FA types
😅 everyone keeps commenting this lol, I pinned my response. But SMS 2FA is miles better than Email 2FA, which is what I was trying to get at in the video. Guess it wasn't very clear
I like the explanations and programs featured to give a deeper look at things. Would a list of the sites used be put in the description or via text on screen for reference?
It could just be stolen art, do a reverse image search
i watched this and expected your subscriber count to be like 500k wtf, this video was awesome + you’re definitely gonna grow very quickly :))
its not entirely pointless math its a enlarge prompt, its entire purpose is basically to fill the code with pointless data, it basically is a bunch of math that is designed to increase its own file space, with the malware attached to it basically what happens is the code runs and gains the same error over and over wile secretly running the malware in the background. at least as far as i know
Yuuuup you are right I learned that after making the video
yeh malware coding is like a whole thing, use to do stuff about f12 coding at collage and what applications binary can have@@jauwn
CIH did a similar thing back in the 1990's
yerp@@MandrakeFernflower
obsessed with the way you systematically deconstructed their whole deal, informative ~and~ satisfying
i've taken down a couple of websites like these, the scammers are always from countries where the police don't even care even when you send them their address and full name of the scammer, they just open another website and continue stealing money
well NFTS are always a scam the way i see it
Awesome work Jauwn. And, just for the record, I believe March 28rd will be the day of the MOASS. Buckle up.
Running a virtual is crazy useful to protect your pc I wish I understood more about this kind of stuff
Man...... You are tickling my fancy making me feel internet savvy and unscammable in this video. The ASCII art brought me back to TPB glory days.
I love watching videos wherein which scammers are exposed. Well done! Hopefully the report you sent in was able to get them taken offline, if even only temporarily.
This is the most clean and simple exposition of a real scam , i see now how little one has to know to "hack" people...
All you could do with just money and almost none computer knowledge.
Thanks for this video
still hard to believe people like this can exist, it’s great how there are websites to handle these viruses
"Crypto Scam"
Next time someone asks you for an example of a tautology.
Great analysis! I am particularly interested in your knowledge of the intricacies of this. Are you just a power user, or did you go to school for InfoSec? I did myself, so it feels to me like you did too, or you just do a lot of good self research. I'm curious to the case. I'd like to see more content of dissecting scam attempts, they are fun to watch the scammers fail spectacularly
Just a power user! Nothing I learned in school really helped me learn this sort of stuff. I learned way more just from being a PC power user since the early XP days, and was even more pushed to learn by my father who used to be a big PC enthusiast in the late 90s-early 2000s.
I think the best way to learn this sort of stuff is to take an honest interest in it and start teaching yourself. School is great and all but your passion to learn will teach you far more in the long run.
@@jauwn Thank you for the response, yeah I've been an early PC power user myself since the early Win 2000 days. Interesting to hear your perspective. Like I mentioned, I hope you might do more of these scam attempt investigation videos they are fun to watch. I'm pretty much watching anything you put out though lately
Thanks for the reminder to set up 2FA. I have it on a lot of my stuff but I had forgotten to set up non-email version on one of my more important passwords.
I am wondering if the scammer got the assets of some abandoned project to make their website looks legit?
Yeah this whole thing just screams "scam"
The funniest part is that it still exists and people are still falling for it. Someone just messaged me saying he lost $10,000+ of crypto from downloading it.
@@jauwn damn
@@jauwn I partly blame legitimate developers of Windows software who teach users to allow privileged access for every little thing. That way, when a malicious software comes along and asks for access, most users will click Yes without a second thought. I also blame Microsoft for making it seem like not a big deal to let software run as administrator and even higher privilege than that. That's what I like with Linux. Running a software as root is scary, as it bloody well should be.
@@oliver_twistor i think its a double issue ngl, on one hand, making it so easy/the norm to run things as admin or allow admin privileges is bad, but it's not helped that a suprising amount of normal stuff just often doesnt run without them.
I know this will sound stupid but I actually ran the exe on my PC. Took me 20 mins to realize what happened and I wiped my drives clean, reinstalled windows and did a ton of scans.
This was about 7 days ago and I had text docs with some semi-important info. Nothing has happened so far though.
And I safe now or can this thing survive even a clean reinstall?
Not stupid at all! Like I said this is a very convincing scam.
As far as I know, there are very few pieces of malware that can persist through a full system wipe, and I wouldn’t think this one would be an exception. I would make sure to change every single password you have, starting with you email. You also want to make sure that you have 2FA enabled for all accounts.
If they didn’t steal anything yet, there’s a chance that either you simply didn’t have anything interesting for them to steal, or they haven’t gotten around to it yet. If you had any seed phrases stored on the computer, those are probably compromised though, so I would get all of your crypto out of their ASAP.
If they do manage to steal any of your crypto (if you have any) then it would be interesting to see what wallet they sent it to
@@jauwn Thanks for the reply. Already did all of that. FWIW I also played with the exe file in a controlled environment and malwarebytes found nothing. I also managed to scan it online (can't remember which one allowed the upload of such a large file) nothing was found.
Avast picked it up and from your video I see that NOD did too. Did you manage to discover which files does it scan for?
Not sure I understand your question. What files does what scan for?
Consider all your browser passwords sold
I love this IT investigation arc.
Jauwn you did it again, this video is extremely entertaining, well put together AND informative.
Your content is getting better and better with every upload :')
Can't wait for the next crypto scam XD
This was a really interesting video; educational and funny. Loved it.
excellent breakdown of the scam! knowing how these things look and work is super helpful
I appreciate getting to see how scams like this work
There's been a few times that this kind of knowledge came in handy when helping my parents with certain situations
I guess that's the art to it. Don't download suspicious files... Unless a generally trustworthy youtuber happens to recommend it after they sound slightly strange in a video.
No reference to old Gamefaqs with the ASCII art smh.
Your videos are entertaining ,continue making content plz
It must be good that i'll like never interact with this blockchain stuff then
but if i change my mind and start using basic crypto (like Bitcoin) then i'll simply mine it and trade it as that seems much less volatile than buying a digital asset and hoping it doesnt crash in price
Nah it’s not worth it you’re not missing anything by just ignoring anything crypto
@@jauwn fair enough
@@jauwn if i HAD to choose between mining or these nft games tho, i would choose mining because if you have hardware, you only really gotta pay the electricity used by the rig
@@tylern6420You cannot possibly mine efficiently enough to pay for the electricity you are using to mine in the first place. Maybe if this were 10 years ago.
man, the website looks so good too. they should have made an actual game XD
You are a gift to humanity; thank you.
Oppa Gangnam style. Elite haxxzor defending skills on display. Good vid!
i feel like that website is probably built off someones school project, which is why it looks so good... they likely WANTED to make a game at some point but dropped off because they realized it was more difficult than they expected. files fall into the internet cracks, some random shmuck rebrands it as a web3 project, bam boom scam time.
I had my discord almost stolen by this type of scam and trust me it is ALWAYS smart to have 2FA, if i didn’t have discord support help me i would had been done for
I had to completely restart my PC and that was always my most embarrassing moment, and to be honest seeing that scam being shown still scares me
You'd be a great malware investigator, Jauwn. I'd watch the fuck out of that.
It says something about the quality of crypto games when you get better website design and more effort from direct scam attacks then the actual 'triple-A' games.
The sheer amount of tools and techniques you used to pick this malware apart is what really impressed me. I consider myself pretty computer savvy but have not heard of 2/3 of these applications. Thanks for the detailed breakdown, inspired me to look into how some of these tools work so I can at least feel like I can browse more safely.
These are my favourite of your videos.
I've taken a reverse engineering course as part of cybersecurity coursework, and worked with debuggers like IdaPro. Windows defender probably couldn't scan it for at least a couple reasons. One, it is novel, and lots of scanning is signature based, and perhaps the file definition table wasn't up to date, especially if you are using an unpatched windows VM. Two, and probably the biggest one, is that lots of malware is packed, that is compressed, in such a way as to obscure its intentions, and make it harder to analyze. The unpacking program will decompress the actual instructions before running those. It's possible the program was packed, though having at least one scanner successfully figure out what it was tells me that it wasn't THAT novel, as most malware worth their salt will use a custom packer (variants of UPX packer are common) and require manual analysis of some kind to reverse engineer. The inflated filesize is a separate issue which I think you covered well.
I find it funny how crypto games keep asking to be sponsored and end up getting completely exposed
These 27 megabyte zip files that extract into a full game-like size are real funny. They are usually just endless downloader links and download an insane amount of bloatware programs and add toolbars to your browser. The only reason they can be compressed so much is because the file is padded with a bunch of zeroes/ones.
Fantastic video Jauwn!
My childhood remembers ascii artwork at the start of walkthrough guides back in the day for games.
8:18 Please remember that token stealing will bypass MFA.. that's the truly scary part.
Also, SMS 2FA is among the weakest type, as your phone number is a fairly easy target for social engineering.
I think the most depressing thing to me is that (assuming not everything on the site is stolen) they have what could be an interesting looking game. Like drop the NFT thing and make it some kind of Card Battler or Darkest Dungeon style game out of it and they'd probably actually make money off it.
This is great. Awesome video man.
2FA that sends a code to your phone is actually pretty bad these days. Too easy to Sim swap people if they think you're worth it. An authenticator app is a better option
Thats some nice detective work their Nancy Drew
Guess this is how LTT got hacked lol
Haha most likely
I know I'm 4 months late but you're basically right. What happened was I guess one of the employees received a email for a fake sponsorship and sent a pdf file. But it actually wasn't a pdf and was actually malware
"Our new game engine, a program ran on a local device, uses Blockchain Technology, a means of intercommunication between a set of devices!" What Does That Even Mean
My mom’s name is Nancy and our last name starts with B. Suspicious.
that ending is taking me out XD
Thanks to this video, I could tell a friend-of-a-friend was hacked when they asked me to test an indie game "she" and "some friends" were "working on." They had an actual UA-cam of fake game footage and a fake website, too.
Hell yeah!
You can open the exe in a hex editor and just remove those null characters
5:24 I would like to add that I see ascii text like that commonly in emulators and the such as well (which is well, borderline hacked/cracked software, but still)
i declare marshall law against crypto scams
Hey what is the application you used to detect stuff like redline and the others i need something like that i feel my computer has gotten slower but the programs i use show up nothing i fear it’s cuz they exceed file limit
ESET
@@jauwn thanks man i appreciate doing research on it now much needed as i download a lot of the internet lol
ASCII art like that is a safety blanket for people for the real people of the Internet, seeing it being used to steal money from real people and not corporations breaks my heart.
Hey, they wanted to see a short recording of you launching the "game", right? Why not take a quick recording of you launching the .exe, asking "huh, it didn't open up. Did I do something wrong?" And then wait for them to notice they didn't even get any real info.
Bruh I got a crypto ad💀
9:35 I think they took a working polynomial solver and made it loop over a array of 10 (probably random) unsolvable polynomials multiple times. That's really weird, but I assume it's just another thing they just put in there as a distraction.
The most suspicious part of this was seeing the ASCII art without hearing some banger of a chiptune song blaring.
another important thing... exe files are generally small... if you have an exe that's 100s of MBs, that's a red flag in general... a lot of the real work is done in other files...
5:25 and GameFAQs!
In the event that I was a part of a crypto game I would ask you to review it, in part because at the very least I wouldn't let it be crap.
as a web designer, that website was pretty cool.
My favorite day of the month the 28rd
"If you know, you know"
OH I know...
There's a darker aspect to this interaction, considering your anti-crypto stance and the possibility that a worm like that could be used to capture the credentials of say, your youtube account. It could have been a targeted attack
"Hello dear" sounds familiar innit
Y'know, gameFAQs still uses that ASCII art