Tracking Malicious "Tutorials" on YouTube
Вставка
- Опубліковано 13 лип 2024
- In this video I monitor for a few known bad keywords and track down the rate & viewcounts of these malicious videos.
Official Discord Server - / discord
Follow me on X - / atericparker
0:00 Initial Setup
11:54 Looking at the Data
18:10 Testing the Most popular Malware on UA-cam, distributed as valorant cheats, fortnite & valorant skin swappers amongst other things.
This is a modern twist of the classic "contacts list" email worm where the hackers will compromise each UA-cam channel and then reuitilize it for spreading the worm further. Reaching far and wide beyond channels directly related to gaming.
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate UA-cam stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024 - Наука та технологія
Hello eric, this is everybody
This gave a good chuckle 😆
?
Hello everybody and Eric, this is Ohio.
@@Floofie_boinoooo
@@Solaceon You are going to Ohio. This is not up for debate.
I love that Windows executables still display "This program cannot be run in DOS mode" if, for some reason, you're lunatic enough to try to do such a thing.
Typical effect for forking over and over from older builds.
timestamp?
@@W4LTER_Skanska It's not shown _doing_ that in the video but he highlights the text in the hexdump around 19:05.
It's just a part of the PE(portable executable) format, nothing weird in that i think.
Thanks.
If only the dislike button wasn’t removed…
The report button still exist.
@@Floofie_boi if only theyd be able to actually ban people in time, what if, they add like a rating system so while youtube reviews the video you can still see if its bad, like, likr a dislikr count.. wait a minute...
You can easily see dislikes with an add on but yeah they are def used less now
@@isaacplorins6652 not quite, you see, rytd worked like that right after the dislike thing stopped showing yes, then it wss able tovshow the real dislike number, but nowadays the api to get the dislikes doesnt exist anymore, sooo the only way to get the dislikes is guess, so what rytd does is it takes all the dislikes people with the extension do and display it (and maybe guess a little)
@@isaacplorins6652 doesn’t see all of them. It’ll be better built in.
The worst thing about these videos are they could EASILY be stopped, for example blocking suspicious links in descriptions or making more popular videos show first. Come on youtube.
botting views...
@@Awesomium3 They'd never be able to bot as much as legitimate ones have gathered other time
In UA-cam's position they can't win with people like you.
Restrict links in description? Damn UA-cam is so strict, I can't even link my website!!
No restriction? Damn UA-cam doesn't care about malware and protecting their users 🙄
UA-cam only shows popular videos first?
'Wow, youtube doesn't care about promoting small creators 🙄'
Even having a whitelist of certain domains is a horrible solution. And theres a reason stolen accounts are being used, it bypasses the already in-place restriction for adding links to your UA-cam Description.
'User Looks up Hacks'
'User Gets Hacked'
'User's account gets used to spread hacks'
It's a self-fulfilling prophecy. Assholes fueled by other assholes!
I say good riddance. You look up hacks, enjoy your ruined credit score and lack of accounts that follows. It's only fair in my eyes 😂👋
And you know whats even better? when you get a message on Discord with a spam message advertising some dodgy Discord server or game cheat from a friend, you know who the people to avoid are.
And as Eric Parker said, Google has already made it harder for Google Account Stealers to work. So that is, quite literally, targeting the issue of spreading at its core...
You'd ruin small channels like me :(
Im actually against this because it would ruin some of my favourite music channels who upload their raw files on other sites
Thank you for making a video on this. Unfortunately two years ago my little cousin was over at my house and he downloaded a free fortnite hack that he saw from UA-cam, my entire PC and home network got ratted. I learned a lot from that experience. You are one of the only UA-camrs that makes educational videos on malware that makes it easy for the average man to understand, I Inspire to make the level of sophisticated videos you do one day.
bro uploads faster than the speed of light, dropping a sub rn
WAS THAT A GD REFERENCE!?!?!?!!?!?!?
Bro uploads faster than the fake cheats videos
This channel reminds me of the old mutahar virus videos, those were always a treat to watch. Great to see something to a similar effect!
those videos with just the squiggly text telling you how to download (malware) are EVERYWHERE on stolen channels, including to claim having cheats for different games (rainbow six seige)
Something you could look into when it comes to malware is the many Hypixel Skyblock mods for auction flipping and some others. Some of the mods I've come across are mostly copy-pasted account stealers (made with Java since they're Minecraft mods)
11:49 AHH my eyes!! Why would you flashbang me like that? 😥💔
Didn't really think about it. Linux can be a bit inconsistent with dark themes.
lol da flashbang
Your videos are so relaxing, no hectic cuts, relaxed style and it's fun to watch :D
Great work, this is really cool! The UA-cam API also provides the "videos/reportAbuse" endpoint, which allows for reporting videos under a "Digital security" category. Perhaps that could pair well with this program to allow flagging at least some of the videos (perhaps the most viewed, or the fastest growing in views)? I believe that flagging a video does make it a bit more likely to be noticed by the YT moderation bots, but not sure on that.
I saw that although the ratelimit is pretty low. As I said, I don't particularly care to flag the videos because they're hacked accounts and they'll be removed when the accs are reclaimed.
@@EricParker Ah, alright! Hopefully the accounts are reclaimed...
We fr need more people like Eric on UA-cam exposing these malware techniques.
A lot of people don't know what some malware are and download anyway. I'm mostly glad that Eric goes into depth of most malware communication which a lot of people won't want to do.
👏 ❤️
love your videos, the way you explain things and the tone of your voice are great and keep me engaged with the video better than a lot of other youtubers. glad to see your channel growing dude 💜
Great video Eric! Hope you’re having a good day
@16:00 This isn’t a hacked channel. This is an actual person making “media” which are videos made by customers to promote a certain cheat software & he’s most likely being paid for it.
There are legitimate cheat developers who post videos and ask customers to post videos of their software & they have a very different look from the spam you see from hacked channels (non-generic titles and thumbnails, descriptions that link to a discord server or a sellix website, the videos are actually edited like something you’d see from a typical gaming channel with sound effects, transitions, memes…). These channels also stay up way longer than bot channels
VirusTotal: We have 650MB file size cap
Malware Makers: Im gonna fill the file with 0 so it gets bigger size
Triage (A VM website): Dont forget about me
keep doing this kinda stuff 🙏
i love watching eric parker
Hey Eric, I am wondering if you could do a video of you attacking a command and control center? Sorry if I have already missed you doing so, I just think the topic would be pretty interesting, do they often have safeguards against that?
Considering it (hinted at it when I said "leave them some gifts"). Also thinking about making a tool to do it.
It's not really attacking so much as just sending junk data that looks like normal stealer data. Most of the time the logs are sold downstream, if it's all filled with junk they will possibly give up.
@@EricParker I really like the idea of providing a tool for people to haggle these services by, especially now that you have published a video about creating a safe space to quarantine threats with. I wondered if that was a hint lol, I appreciate your response!
you should do a video about all those sketchy image results that frequently show up on google where they're essentially selling pngs at a discounted price, i'm curious on where that rabbit hole leads
Eric has some serious beef with fortnite skin swappers 😂
So I’ve been watching your content for some time now and I have to say, you really deserve more attention and subscribers (although I don’t think that’s your type, I don’t think you care about some numbers in a website, in a good way). Not only is your content professional, you do it in a way that keeps me, and probably other people hooked, because even I am studying CS currently and I find most channels like this boring, yours however, I don’t know what you do but it’s not 😂
Welcome aboard!
I started a similar project to this a while back looking at minceraft hypixel and skyblock dupe/macro mods as thats still a huge amount of videos being released often with the same pasted malware with maybe 1-2 different java obfuscators used, the UA-cam API makes this harder due to the limits but i can now use some of the things from this video to try improve my own system, if you have any other ideas i could implement to streamline the process especially as down the line i would love to include a static java analysis tool that uses known malicious author names, class names, known stealer strings (database paths etc that) would be greatly appreciated
Why does the members first thing appear in the description when I don’t see any members in the comments
cries in yaml, love you're videos
Very interesting, thank you. One criticism though, the text size on some of your screen shots was far too small for me. I realize it was raw from your workspace which you view on a good sized monitor, but YT video on a laptop did my eyes no favors.
Hey Eric, just want to say thanks for being willing to look into Vape V4. I just have one question though. is the sample that you have a pirated version or a sample of the actual client?
Pirated, as far as I know the real one is legit.
zlawg we know you cheat on hypixel 😭😭😭@@EricParker
@@EricParker The real one is legit, i actually have it. The reason it falses antivirus's is due to it injecting a dll and being obfuscated with themida, the signed versions dont have any issues for me though
I don't recommend downloading any cracked minecraft client. Vape V4 is very common to be ratted. I've also looked into other well known clients like Rise and have also found rats. One of my friends even got this one client designed to bypass a server named MushMC and was infected with Bladabindi (NJ Rat).
I love how you call calling an api a "payload". Very much what a pentester / cybersecurity person would say.
You should make a video on the different spreading methods the hackers use
yo guys wake up, eric parker just posted!!!
what suprises do you send to those scammers? mind explaining in the next part? love your videos
Depends. The discord bot ones you can actually delete their whole logs, for redline I can just insert garbage.
@@EricParker thats so cool
eric pythonker??? (love your vids tho dude, keep it up)
Could you make a video on how to perform threat hunting (for phishing sites) and also how to extract telegram chat Id from it since that’s what hackers use
Hello Eric I Have A Question Can You Download The Glorious Model O Software OG For The Model O/D Wired Because I Was Using VirusTotal On The Setup Wizard For It And It Said It Has W32aidetectmalware And I Wanna Know If It Is False
My xtrfy mouse drivers were detected too.. I think it's more common for mouse drivers to be false positive
Aight Ty
Stop Typing Like This
Nah Imma Do My Own Thing
@@TheEmmaWorld Have fun with nobody being able to read your comments and looking like an idiot I guess
Those uploads have "PK" at the start which is a zip file.
Thanks for this :)
damn your sub count has significantly raised in last weeks
I noticed that as well, before a month he was around 15k now he is 35k 🎉
I appreciate how accessible his videos are even to people outside of the cybersecurity/pentesting field, and his cadence / voice is lovely to listen to.
I was shocked to see that he only had around 9k subs when I found my first video of his, because I would have expected a much higher sub count from his content. (Maybe this kind of relaxed, less flashy content isn't really rewarded by the current algo? Which is a shame.)
The "PK" at the start of a file (e.g. at 22:02) suggests that it is a ZIP file, it would have been interesting to see the contents of those
you should cover malware that uses adobe flashplayer possibly even malware games
How good are you at python?
Hey man, what do you think is the best antivirus? I would really like to know your opinion.
PS: great videos
I don't have a strong opinion on AVs, arguably any of the decent 3rd party ones (IE Kaspersky) are better by 'obscurity' because malware is less likely to have an auto disable.
IMO most 3rd party anti-virus just adds another system vulnerability, consumes resources and unnecessary outside of environments that truly needs constant protection. They also give people a false sense of security.
For the vast majority of users being smart about what you so online is better than anything. Never assume anything is safe, even if you think you downloaded a program from an official site at the top of a search result. Defender is competent enough for the rest as a backup since many 'hackers' uploading malicious files really aren't that clever and often reuse bits of code that have been out in the wild for a while.
Common sense goes a long way.
The F-22 Raptor features an advanced stealth design, and is designed to be a long-range, fast, highly maneuverable aircraft, with the capacity to carry a variety of weapons. It also has advanced sensors, allowing for long-range detection, tracking and targeting capability. The F-22 Raptor is a dual-engine fighter, and is powered by a pair of Pratt & Whitney F119-PW-100 engines, which provide a combined 29,000 pounds of thrust.
🎉🎉
hell yeah
@@Bouncing_water This F-22 jet is one of the most advanced fighter aircraft ever built, with the capability to conduct air-to-air and air-to-ground missions. It was designed to replace the Lockheed Martin F-16V Fighting Falcon, and is the first fighter aircraft to combine the stealth capabilities of the F-117A to the high performance capabilities of fourth-generation fighter aircraft, combining these capabilities with an advanced electronics system to produce the highest-performing tactical fighter in the world.
@@glefyr 15 f15s don’t even compare
Can you look into a popular cheat for rust called quantum? It’s incredibly expensive and I’m pretty sure it’s malware
No it isnt
Hello can you Explain how i can hacked trough a website by just visiting it? And what is NoScript? thanks
If the site has a 0 day.
@@EricParkerDoes that basically just mean if the website has knowledge of a vulnerability not yet discovered by the browser distributor?
I really like your videos, however it sometimes feels like I'm zoomed in too much before figuring out it's just the video. For me it would work better if the whole screen or at least window is captured. 🙂
Had feedback the other way before. A large chunk of views are on mobile so I try to make it readable.
For VMs I just turn up the DPI settings, but when capturing my main desktop, I usually do it this way. Would consider other approaches though.
@@EricParker I see, yes. For mobile, it probably makes more sense. I'm just used to watching other coders, and I do watch on desktop. I'm probably representing a minority audience. :D VSCode also supports zooming the entire UI via CTRL + Plus/Minus. Maybe that might be another approach for VSCode sessions in the future?
Pardon me if I'm replying to the wrong reply (I'm one of those mobile viewers,) so I'm glad to know it was an intentional decision!
why does it say "members first" on the right of the time uploaded
Clicked the wrong button pre publish. Didn't matter because I had no members.
this is for 3yrs and youtube didynt even do enythink!
23:10 That's ZIP file data being displayed as text.
The format of your python script 💀
I love this content
What's with the cuts in audio?
timestamp?
its seriously time for youtube to change their TOS and ban these hacking promotion videos
It'll be interesting to see how everything averages out between average views and life time on them.
Do i hear a mixed American Accent / UK. As i hear Northern English accent but then it turns "American"
I got hacked because i fell on an application like these things and links. I'm so dumb to realized tho but still not sure if it is the one who hacked me. My traffics are rerouted and more likely my machine is spoofed
welp, it's surely the same as the one in the video. The scary thing is that i didn't even run it as administrator. However, a windows process is executing maliciously called RegAsm.exe. I found out that RegAsm is used for registering assemblies. That's all, i learned my lesson. First the hacker got my riot account which is installed in my system.. i mean all of my installed application like windows store, roblox, riot, and send me a login/reset codes. The nightmare starts when my riot acc email was changed into .ru bypassing my gmail 2FA. Also after i reinstalled windows, i'm still haunted because my gmail accounts were all signed out because of malicious activity in my newly reinstalled windows 11.
You mean you have reinstalled windows and you still facing a malicious activities ?
Are sure ? , if so, how did you know.
Please reply because I want to know more.
smart!
Good vid! Keep up the good work
Hello Eric, can you show me how to Crack a apk?
Not allowed on UA-cam.
@@EricParker maybe on patreon or odyssee? 😉
8:14 He got a point!
14:41 WHEN YOU SEE IT
can you share the DB ?
I might at some piont yes.
Good
Love ur vids ❤
Yeah gonna jump on the programming language comments.
Rust is great, with you so far. And I won't say that SQL doesn't have some interesting properties. But damn I sure don't like it.
It has a huge amount of cruft. Similar to C(++), which is why I prefer Rust.
* There's the annoying bits, like
* that everyone insists on capitalizing all sql commands... Why?! I've got better things to do than constantly pressing the shift key, and using caps lock means that I mess up special characters, and it is entirely optional, so I'll go with lower case, thank you.
* why ever were they so insistent on not having a trailing comma, and why can't modern compilers at least properly detect it and issue nicer compiler errors.
* then there's arguably my main issue with it: It's barely a complete standard, at least compared to how it's used. There's so many things that work radically different even just between the relatively widely used MariaDB(MySQL), Posrgrew and SQLite. Dates, numbers, chars, strings, all have different types between these.
* The SQL standard also doesn't allow for many basic amenities, and there's no standardized way of managing SQL databases (I mean creating a database, copying one, etc).
* ITS SO FREAKING VERBOSE.
And there's a bunch more reasons, but these days it's been a bit since I last touched SQL directly, and I'm tired, so that's the points I remember. Many of them can be excused with the age of SQL, which is why I begrudgingly live with them - other than with eg. Golang, their refusal to properly handle null/nil with an optional type is unacceptable - but I sure don't like SQL and I kind of hope that one of these days we'll get a proper alternative.
i have found before these fake videos i seen one fake video on executor (cheats) for roblox without even showing that how he injected them he just showed dowload process and gameplay with cheats no running actual cheat just gameplay of the cheat
I hoped to see the hacker move your mouse and upload a fake hack video
Tempted to do this for april fools.
wonderhoy!! great vid.
Don’t stop
ytube care but only cares about link,can care videos but sometime terminate whole channel without giving strike,sometime can terminate whole channel if they not an bot but about links
Video idea. Downloading 100 viruses from random websites and just random link.😂
I'm shocked how you pronounced Postgres
mm!!
Cuts off at 1:57 I think
What's cutting off? Bad UA-cam encode? It's loading for me normally.
@@EricParker the preceding sentence was saying something about not using your method then it gets cut off it’s more clearly visualized at the 1:52 mark
Eric Parker is a digital sage
bro I lost 31$ to one of these videos 😭
Plant
Malware is everywhere.
Its crazy to think about too, anything safe you have can turn into malware by hackers too.
Can you maybe expose roblox hacks?
I agree with yall, that sound like a good idea, but I am not the channel you are asking, so I'm just waiting for the reply with you.
@@endoxidev ok
Yes
@@EricParker yay!
@@EricParker Epic
I mean the victims are trying to get cheats. Not that this should be happening. But i lack a lot of sympathy for them :/ they should know better if they're going to do this
Python is just such a janky language
Or Dust or whatever this trash is
always the hacked accounts
Fr
Hi
sup
Not trying to be rude but u kinda sound like tristan tate
*sequel* not sql
or you can do @theprimeagen and squeal.
hello eric pls respond.
edit: favourite but no respond!!!! outrageous!!!! (jk)
hehe xd
L youtube design
1 second ago
No views
No comments
No likes
I'm first
erm what the sigma
Bro let me trim your rune armor. no scammerino
Bro, if you give me 10 gold I'll give you double back... Totally legit, bro, not a scam, bro.
(At least I heard some people did that, I never actually played RuneScape)
birb