I Seriously Almost Just Got Hacked...

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ • 1 тис.

  • @ThioJoe
    @ThioJoe  Рік тому +1262

    Big 🅱️ruh moment

    • @gandu_ambassador
      @gandu_ambassador Рік тому +5

      yo im seventh

    • @isaackingvideos
      @isaackingvideos Рік тому +11

      Bruh I’m first not [Dam UA-cam refresh]

    • @projectjabir4805
      @projectjabir4805 Рік тому +8

      Just show case your pc instead of using it. Then you'll never get any viruses.😂

    • @WiluckGD
      @WiluckGD Рік тому +2

      yeah massive bruh moment

    • @sizanbelike
      @sizanbelike Рік тому +8

      Certified 🅱️rah moment

  • @Felttipfuzzywuzzyflyguy
    @Felttipfuzzywuzzyflyguy Рік тому +1081

    It's only paranoia until you're right. And it's never paranoia to begin with because this stuff happens all the time.

    • @Twinrehz
      @Twinrehz Рік тому +20

      Just because you're not paranoid, that doesn't mean they're not out to get you!

    • @TD-er
      @TD-er Рік тому +3

      Absolutely!
      @ThioJoe Can you also describe your rules for AppLocker in the description text?
      I have been scrolling over and over through the video, which is good for the 'view time' of course, but it would be more practical to also have some kind of overview.

    • @jirehla-ab1671
      @jirehla-ab1671 Рік тому

      ​@@Twinrehzhow abt using pirated software & activating office windows using batch files?

    • @encycl07pedia-
      @encycl07pedia- Рік тому

      "this stuff happens all the time"
      I haven't run into a virus since around 2005. It's just user error to download and run files without verifying them. It's yet another reason you should code things yourself instead of importing libraries for everything.

    • @anon_y_mousse
      @anon_y_mousse Рік тому +2

      @@jirehla-ab1671 Why do that when you can use LibreOffice for free.

  • @dungeonseeker3087
    @dungeonseeker3087 Рік тому +473

    From the scammers point of view, it must be frustrating that one of the first batch of victims just happened to be someone who was able to identify the signs and get the thing listed in public databases.

    • @qkzalswns
      @qkzalswns Рік тому +88

      Imagine working on a virus for hours and days even just for one of your first victims to be him. Reported it to his antivirus developer, even multiple AV devs, made a video about it and showed how to protect yourself from this RAT, but also many others. If I was behind this virus, I'd probably be in depression if I wasn't already xD

    • @tranhanna7524
      @tranhanna7524 Рік тому

      @@qkzalswns He doesn't need to. He just need the virus to run on a few dozens computers, steal some CC info, some crypto wallet keys and wallah he has good ROI.

    • @observer_noble
      @observer_noble Рік тому +6

      @@qkzalswns he was never our first victim lol we got loads

    • @Only_Sleep
      @Only_Sleep Рік тому +27

      @@qkzalswns the person running it probably didn’t work on it at all. Since it has marketing, it’s probably being sold off to people.
      The scammer is definitely slamming their keyboard over having their money wasted though

    • @OmarTheAtheistAziz
      @OmarTheAtheistAziz Рік тому +2

      Lol “batch” like their some food or something…or at least thats the picture i get

  • @GodofToast
    @GodofToast Рік тому +515

    This is a reminder that no one is entirely safe from hacks and scams

  • @daddio9344
    @daddio9344 Рік тому +28

    I'm a coder and had a Security+ certification in a prior life - and I'm blown away by how many new things I learned from this video. I've been a big fan of your channel for a while, but - wow - this video is truly outstanding. I know I'll be using it as a how-to reference repeatedly and recommending it to as many people as I can.

    • @ThioJoe
      @ThioJoe  Рік тому +8

      Glad it was helpful, thanks! 🙏

  • @Alex-Defatte
    @Alex-Defatte Рік тому +82

    A error message about a invalid character on any download should be a HUGE red flag. I would never think to tell people this.
    Thank you for your service!

  • @WolfspiritMagic
    @WolfspiritMagic Рік тому +265

    The problem is that even if there is no "init.ps1" file the package can be dangerous. And even worse when you compile it into your own software it can also be spreading with your application. Nowerdays also analyzers and stuff can be installed via nuget package and run alongside visual studio. You don't even need to start your app for the code to execute.

    • @raven4k998
      @raven4k998 Рік тому +4

      you seen thiojoe is kind of sketchy as he got virus attacked🤣🤣🤣

    • @jimmlmao
      @jimmlmao Рік тому +8

      the malicious code can also be injected in the designer if you are using winforms

    • @LiEnby
      @LiEnby Рік тому

      If it adds winform or wpf controls then displaying them in the designer will execute it .

    • @karappo_kun
      @karappo_kun 4 місяці тому

      I think that's what they call supply chain attack.

    • @cewla3348
      @cewla3348 4 місяці тому

      @@raven4k998 like how nobody is immune to propagnada, nobody is immune to viruses.

  • @MeOnStuff
    @MeOnStuff Рік тому +23

    One thing that really stands out to me about the download numbers at 2:00 is that all four packages have almost exactly the same number of downloads, which for four disparate packages claiming to have downloads in the hundreds of thousands is very suspicious. They couldn't even be bothered to add some randomness to how many fake downloads they botted.

    • @qkzalswns
      @qkzalswns Рік тому +5

      And it would be believable if the numbers were similar for only Discord and Xbox plugins as they are both for gaming. But I am not sure how OpenAI, Discord, Xbox and VRChat would be used almost exact same number of times like they can all fit in a single project made by everyone who used them. Even if the plugins were all logical to work together, 200k projects using ALL of them? And I am not sure that many people would use the Discors plugin with Xbox and OpenAI.

    • @encycl07pedia-
      @encycl07pedia- Рік тому +1

      @@qkzalswns Discord isn't for gaming...

  • @tciddados
    @tciddados Рік тому +139

    I like how Smart App Control was mentioned as "easier for most people" when it requires you to nuke your windows install. I feel like for most people they'd rather figure out how to do the AppLocker stuff.

    • @thebritishindian1
      @thebritishindian1 Рік тому +24

      Plus reinstalling windows is a multi-day job when you have to reinstall all of the open source apps, utilities, chrome extensions etc… It’s something I only do when I upgrade the OS. Also, I found that when I install security suites, file Explorer starts hanging, so I use Windows Defender now. I’m not happy about that, but I am super careful and scan downloads with virustotal.

    • @hardVatsuki
      @hardVatsuki Рік тому +1

      @@thebritishindian1 some of the apps have portable version, like browsers, it saves a tons of time when I reinstall the windows.

    • @TheShizzlemop
      @TheShizzlemop Рік тому +5

      i think he means for most "light" or "casual" users, people who only browse the web, use social media, emails, gaming etc. much easier to just download a game and a few programs again from a list than to get all of your programs and dependencies and settings, directories etc back how you had them.

    • @erikhicks07
      @erikhicks07 Рік тому +6

      Microsoft didn't enable this by default because they knew it would inevitably lock people out of a lot of apps, possibly even their own

    • @encycl07pedia-
      @encycl07pedia- Рік тому

      lol. Why do people still use Windows by choice in 2023? If you want a secure Windows version, use Windows 8/8.1 RT or Windows Phone. They're not very useful in terms of additional applications, but at least you can't run 99.9999999% of malware on them. Or just don't be pit stew.
      I stopped using Windows back in 2017. The spyware telemetry doesn't feel like a big deal until you use a metered connection and Win10 uses half a GB of data in 15 minutes without your knowledge or consent.

  • @sharkieislive
    @sharkieislive Рік тому +342

    such moments makes us feel proud that we are so much into tech and security XD

    • @KobrokoHere
      @KobrokoHere Рік тому

      K

    • @apache937
      @apache937 Рік тому +14

      if u werent then u wouldnt be installing packages with nuget anyways

    • @whohan779
      @whohan779 Рік тому +3

      Well, Nuget is rather sketchy still compared to official Winget (all packages basically screened by Microsoft-related entities). Inbuilt Windows tools even do singature checks for trusted issuers (which you would only expect from most Linux distros or official stores). Though, of course Chocolatey & Nuget have many more packages available.

    • @GrigRP
      @GrigRP Рік тому

      Good morning sir

  • @b4ttlemast0r
    @b4ttlemast0r Рік тому +45

    The fact that they were able to fake having this many downloads is the scary bit, I would have thought it's legit too. That should definitely be fixed.

    • @fireteamomega2343
      @fireteamomega2343 7 місяців тому +1

      Yeah sounds like they also found an SQL exploit

    • @Aakash-pc7kz
      @Aakash-pc7kz 2 місяці тому

      Same. I thought it might have been a false flag after looking at that in the video too lol

  • @thejoman9011
    @thejoman9011 Рік тому +51

    glad you got out of being hacked, thanks for detailing it and making people aware of the fact that even the best of us can make mistakes

  • @dansanger5340
    @dansanger5340 Рік тому +66

    One insidious variation of these software supply chain attacks is when the bad guys buy out publishers (who are often just lone developers) of established and popular packages and then replace the legitimate package with a malware version. Developers who have used the package for years would have no idea what was going on because as far as they know they're just downloading the latest version of a trusted package.

    • @erikhicks07
      @erikhicks07 Рік тому +9

      True. It's really an ethical responsibility of the original developer to give advanced notice of such.

    • @encycl07pedia-
      @encycl07pedia- Рік тому +4

      1. If it ain't broke, don't fix it.
      2. Stop using other people's code and write it yourself. A big reason why software now is full of buggy messes is because people just include every library on the planet. The npm left-pad debacle shows just how pointless many of these imports are.

    • @edwardmacnab354
      @edwardmacnab354 6 місяців тому

      the internet is a joke

  • @ionamygdalon2263
    @ionamygdalon2263 Рік тому +74

    Very interesting piece of malware. Thank you for providing details for using App Locker. Keep up with the awesome uploads!

  • @Gastell0
    @Gastell0 Рік тому +21

    8:17 - MZ is well known magic number for all executables in Windows, so it tried to make an exe file
    You can make a context menu option to add something into AppLocker exceptions with a tiny bit of scripting

    • @aeghohloechu5022
      @aeghohloechu5022 Рік тому

      You will still need to find the exact file, and that seems to be the most tedious part, considering you need to go through the event log

  • @MiltonGrimshaw
    @MiltonGrimshaw Рік тому +13

    Thanks Joe that was a nice technical video, and in your usual way you spoke clearly for those less technical, whilst giving us techy people info too 10/10 :)

    • @kamisarma
      @kamisarma Рік тому

      Doubt it would work. From what I saw on TPSC yt channel, it's not that good. Offline it barely detects anything.

  • @bo0sted
    @bo0sted Рік тому +10

    Its crazy how a program as big and reputable as Visual Studio has such a glaring security oversight. Even though I primarily use Linux (arch btw kekw) I'm still looking forward to seeing your App locker setup video! Ty for teaching me something new as always!

  • @uzer_zero
    @uzer_zero Рік тому +11

    Nice work!
    A (possibly MORE) valuable test - at least for a lot of folks - might be to see what Windows Defender does with this thing, and stuff like it.

    • @redyau_
      @redyau_ Рік тому

      Yes! I was/am under the impression from videos in the pasz years that paying for security software often makes things _worse_ than what Windows already offers. Is that still true?

    • @qkzalswns
      @qkzalswns Рік тому

      ​@@redyau_So at home I used to have antivirus, even tried multiple of them. But every single time an AV would find something suspicious and pop up the notification, so would the defender. Last time I reinstalled Windows I haven't even bothered to get or pay for AV. Been using online Defender since and had no problems. And yes, it has stopped multiple malicious .exe files. I also have it set up so that most of my folders aren't accessible without a pop up asking for the permission. So basically no app can download anything into Documents, Music, Videos, Desktop, directly on the C disk, Windows folder or anywhere else except in Downloads. And it also asks for admin permission to run everything all the time except Web browser. Yes, it is kinda annoying to have admin access prompt show up everytime I open Photoshop but that way no .exe files can be run without permission.

  • @taakelur
    @taakelur Рік тому +29

    I think myself fairly capable regarding security, but I learnt a lot here. Thanks, Thio!

  • @phuket2753
    @phuket2753 Рік тому +2

    Thank you for the video. I also use Bitdefender on 4 PCs that I only access through Microsoft Desktop Remote (gaming and Stable Diffusion). Your video got me to wake up, do scans, and review the recommendations like "autoplay media", etc. I guess unless you are always active, you are a noob with security.
    So again, thank you, I really appreciate what you do.

  • @AcIdBARRY
    @AcIdBARRY Рік тому +196

    i wouldve liked to see windows defender tested against this virus

  • @phoenixjamiexera
    @phoenixjamiexera Рік тому +12

    By the way Thio, you're my #1 place to get news on tech and stuff. (Your old flat earther rant video was also hilarious lol)

  • @fmo94jos8v3
    @fmo94jos8v3 Рік тому +8

    There is a reason they use plugins. So the initial file sent / downloaded / executed is small in size (say 50KB instead of 15MB) the idea is get the foot in the door, execute the stub file, and the stub file goes to get the full size files and executes them.

  • @GYTCommnts
    @GYTCommnts Рік тому +2

    Whoa! Thank you very much! I didn't pay serious attention to app locker. I will from now on. Seems like a hassle, but a life saver at the same time. The problem with MS "automated" options without exeptions is if you would like to run something that MS don't want you to. For example, an old version of Office could be blocked for "security reasons" for being "outdated", even if you only would use it locally. I've seen this behaviour in some antiviruses that block certain web sites because of "reasons" (that have nothing to do to security)...

  • @jeanshortswag
    @jeanshortswag Рік тому +2

    As an IT worker, I'm very thankful for your videos. I gain a lot of education from the channel that I don't anywhere else. Looking forward to seeing the video on App Locker down the line. We do have this implemented at my company, but we're fairly new to it so I'd love to hear more about it's potential and how it can be better utilized.

    • @qkzalswns
      @qkzalswns Рік тому

      These situations like his aren't something that happens to everyone so seeing it from him means that I've learned something g I probably otherwise never would.

  • @royalcanadianbearforce9841
    @royalcanadianbearforce9841 Рік тому +12

    As a Win 10 LTSC user for work - Would love to see the video for app locker if its supported! We've effectively blacklisted Win 11 until its matured a bit more.

  • @mathiasdeweerdt1400
    @mathiasdeweerdt1400 Рік тому +12

    I honestly dont understand how microsoft manages nuget so poorly.
    1) Why allow cyrillic characters in the first place?
    2) No quality control on the packages?
    ...
    This seems to be straight up negligent from microsoft.

    • @LiEnby
      @LiEnby Рік тому +1

      What if the library is just streight up in the cryillic language?

    • @eggi4443
      @eggi4443 8 місяців тому +3

      what do you mean "why"? languages exist bruh

  • @byteafterlife
    @byteafterlife 7 місяців тому +4

    7:45 "The big daddy malware" got me😂

  • @IzzyIkigai
    @IzzyIkigai Рік тому +16

    The biggest problem with checking for signed executables is that EV code signing certs are only given to companies. If you're a small indie FOSS developer/group without an incorporated entity you're basically shit outta luck. And with smart app control, given how much data they force you to send to them, is, in my european opinion, not really a good alternative and will not work anyways in many cases. For my PC e.g. it just tells me I have to do a clean install(because... it's not turned on. which i'd venture a guess is the same for everyone who upgraded from an older windows version) which is like... Uh.. No?! I already did that once, and thanks to windows being so horrible when it comes to reinstalling it took me forever to properly set everything up again(having to re-download multiple 100+GB apps again on an 80Mb/s line is PAIN) and I'm still having issues thanks to MS p much ignoring some issues with more advanced security features(which they pushed so hard for on W11) not being able to turned on or not properly reporting that they are turned on..

    • @qkzalswns
      @qkzalswns Рік тому

      Agreed! In our school, all computers are connected to the main school server from which admin is controlling our internet access as well as other stuff like our Google Suite (or however it is called, I believe it is Workspace) for our email and domain management. Something similar to what he has showed in the video is set up there too. Our website access is controlled but also what files can and cannot be run. As we have programming as a school subject, stuff like this happens to us to so we cannot run any .exe or .dll files without admin permission. Our teachers computer cannot overwrite the rule set by network admin. Teacher can only add new rules with some limitations. So when we make a program, it obviously isn't signed by Microsoft or any big company so in order to run it we need our network admjn to approve the program. We suggest adding the folder where any files would be runnable but the school did not agree. I just got an idea that we could as for such a thing on our teachers computer. That way he would have the control over which files will be stored in the folder. However, one class made a little program for calculating something school's finance department needed. As they were about to show their program to the principal and Head of IT in front of multiple Computer Science and Programming teachers, the program did not run because it was not signed by a known company and it was only allowed to run on IT Classroom computers. Once again, it was resolved later as it got approved for the whole network, but it was kinda embarrassing for the studens who made it.
      Also, it would be veeery appreciated if Microsoft enabled OneDrive to store our Windows settings like WiFi passwords, lightmode/darkmode and blue light settings, etc., like every phone does, so when I log into my Microsoft account on my new laptop I don't have to set everything up ONE BY ONE setting every single time I switch my laptop. Also the synchronisation of those settings between my laptop and PC would be very nice, thank you Microsoft.

  • @jongeduard
    @jongeduard Рік тому +1

    Thanks for this awareness! Being a developer or other kind of technical user you have the advantage of understanding things faster then regular users, but this shows we still need to be aware and careful.
    Note that this same issue is not just important for the DotNet developers, but also for those who rely on other package managers like those of Node, Python, Ruby or even Rust.

  • @HeIsHarsh
    @HeIsHarsh Рік тому +11

    How TF is this allowed on the visual studio plugin page?

  • @kimxgamer
    @kimxgamer Рік тому +2

    Wow thats crazy because it so happen that one of my school projects requires me to code on visual studio, thanks for the head up!

  • @Korbin0815
    @Korbin0815 Рік тому +4

    I'm used to SRP and didn't look at AppLocker when it came around since it seemed to be the same. Looking forward to your video about it.

    • @ThioJoe
      @ThioJoe  Рік тому +2

      I think SRP is being deprecated actually

    • @danyal_assi
      @danyal_assi Рік тому

      @@ThioJoe o

  • @doge151.
    @doge151. Рік тому

    honeslty its nice that you share your experience so others dont meet the same fate instead of just being satly about it and posting on social media like other people would do.

  • @raresandrei7205
    @raresandrei7205 Рік тому +4

    That's was unexpected. I always trusted visual studio with what It does in the background and also expected that packages get verified before posted.

  • @crisnmaryfam7344
    @crisnmaryfam7344 Рік тому +1

    5:20 the actual valuable information " I dont wanna get into it" Just trust it because I do.

  • @SteltekOne
    @SteltekOne Рік тому +10

    That first batch file is indeed weird. The fact that it starts with MZ indicates that it's really an EXE file, so it's strange that it wouldn't run after being renamed to EXE.

    • @zwz.zdenek
      @zwz.zdenek Рік тому +2

      Many other Windows files start with MZ. Libraries, drivers, even some fonts. There could be a DLL intended for sideloading with a popular executable, such as explorer.exe.

    • @LiEnby
      @LiEnby Рік тому

      You can actually start a process with any file extension using the CreateProcess API function

  • @ericesev
    @ericesev Рік тому +4

    Windows: the only mainstream OS to provide no isolation between applications. Once one runs, it has access to everything.
    Good video and great explanations on how to properly use/configure AppLocker.

    • @capability-snob
      @capability-snob Рік тому

      Secure OS engineer here! You could say this about all of the major operating systems. MacOS does have the App Sandbox, which is a true capability sandbox, but it doesn't tell the user about how safe they are, and it has some interesting holes around file type groups that have been exploitable in Microsoft office. Linux really has nothing usable in that space - don't install apps you don't completely trust on Linux.

    • @ericesev
      @ericesev Рік тому

      @@capability-snob Linux has AppArmor & SELinux, but both are basically unused so +1 for having nothing usable.
      I jumped ship to ChromeOS about 9 years ago after reading their security design docs. I'm a malware analysis engineer and CrOS keeps me safe enough. Just frustrating to see folks continue to be attacked by stuff like this and not seeing OS vendors work toward improving the situation.
      What do you use?

  • @yusinwu
    @yusinwu Рік тому +9

    Congrats 3 million!
    Is there someway to disable this Visual Studio leagacy feature of automatically running the tools/init.ps1 script?

    • @I.____.....__...__
      @I.____.....__...__ Рік тому +3

      You can ask Microsoft to fix their code, but they have a history of intentionally ignoring user feedback. 😒 (Just like all companies.)

  • @BabusGameRoom
    @BabusGameRoom Рік тому

    In some of your videos, like the tips and tricks ones, I know everything that's going on. (Still enjoy watching them, because occasionally there is something new for me!)
    In this video, I had no idea about almost any of this, beyond how to install NuGet packages...and that's the scary part!

  • @jc̈
    @jc̈ Рік тому +5

    5:34 I think this was a bit misleading.. I wouldn't call it extremely rare. There are plenty of blackmarket shops selling signing services and EV certificates for less than $100. It's uncommon to see in day-to-day malware but in highly-specialized and targeted attacks it's pretty common.

    • @schwingedeshaehers
      @schwingedeshaehers Рік тому

      If it is less than 100$ why don't use it for normal malware?

    • @jc̈
      @jc̈ Рік тому +1

      @@schwingedeshaehers Regular malware is distributed frequently, higher distribution is more likely to get noticed/analyzed. Certificates are more likely to get revoked.

    • @Exachad
      @Exachad Рік тому +1

      You definitely can't get EV for under $100

    • @schwingedeshaehers
      @schwingedeshaehers Рік тому

      @@jc̈ but even then. You only have to look when your Certificate is revoked, and then remove it/make a new one.

    • @anti-cheat
      @anti-cheat Рік тому

      @@Exachad Check HF, you can’t get the certificate but you can submit an executable to get signed for ~75 USD.

  • @Izdl_
    @Izdl_ Рік тому +2

    Congrats on 3 mil!!!

  • @futuza
    @futuza Рік тому +3

    I had not even thought of package installer/stores/extension managers like NuGet or VSCode extensions as being a good way to distribute malware payloads. Better research any package before you install, to make sure it's really something you can trust and actually coming from the source you think it is.

    • @386enhanced
      @386enhanced Рік тому

      I heard it some months ago and since then, I compare the VS NuGet result to the original NuGet from the original GitHub repo

  • @D.von.N
    @D.von.N 7 місяців тому

    I normally very dislike the too extreme facial expressions in the thumbnails (even more if produced by the AI), but this one, man, this one fits! It was genius.

  • @Ribbldeck
    @Ribbldeck Рік тому +2

    Congrats on 3 Million!!!

  • @sean.grogan
    @sean.grogan Рік тому +1

    The last time I fell for a scam, I got a spoofed email from a collegue asking for my help.
    Unfortunately for the scammer, my collegue's office was right next to mine so I just walked over to see what help he needed.
    That was my reminder I am not immune from falling for a scam

  • @twocows360
    @twocows360 Рік тому +6

    to make things a bit easier on yourself, could you make a "whitelist folder" where you could just drop a file that failed to run already to bypass applocker? i mean in theory, malware could take advantage of that too, but that'd have to be a pretty targeted attack.

    • @aeghohloechu5022
      @aeghohloechu5022 Рік тому +11

      The issue is when you have a trusted app that can download other executables like in this case.
      You would most likely mark it's download folder as trusted.
      If it downloads a malicious software, it will also be put in the same folder.
      Now you have an untrusted file in a trusted folder.

    • @qkzalswns
      @qkzalswns Рік тому

      ​@@aeghohloechu5022this is why in our school in IT Classroom we aren't allowed to run any .exe files. Our teacher has one folder that can run any .exe file so we send our files via network to him and he runs the program in the folder. If it was made as an exam then that's it. But if we made it for use in school like one class that made a program for our school's finance department, then our Web admin has to approve it.

    • @undefinedchannel9916
      @undefinedchannel9916 Рік тому

      @@qkzalswns this definitely won’t work for larger schools.

    • @LiEnby
      @LiEnby Рік тому

      ​@@qkzalswnsalot of the time you can take advantage of the rundll32 program to execute arbitary code on locked down devices btw.
      As applocker doesn't effect DLLs

  • @talkashie
    @talkashie Рік тому

    Scary stuff. Thanks for including the VirusTotal links! They are very interesting to look at.

  • @JaenEngineering
    @JaenEngineering Рік тому +16

    IIRC, wasnt the first "virus" actually a screensaver? Pretty sure it was made as a prank, that would turn off someone screen after a set period of inactivity giving the impression of a fault. Later on it was found that it could help prevent burn in on old CRT so rebranded as a screensaver.

    • @CheddarVG
      @CheddarVG Рік тому +1

      Something tells me screensavers wouldn't exist without that virus

    • @Cooe.
      @Cooe. Рік тому

      No. Viruses long predate screensavers. The first virus was more thought experiment than anything else and the payload was merely text iirc.

  • @Jdbye
    @Jdbye Рік тому +1

    I actually had a similar experience myself, once, where my own carelessness would've gotten me infected with malware. The thing that saved me was Comodo Firewall, though I've since stopped using that firewall, the reason being it would prompt you for permission any time an application did anything that had potential to be malicious. Such as dropping an executable file into appdata, running an executable file, and much more, but the prompts were quite annoying on a day to day basis and that was the only time they ever actually did any good.

  • @xozeintk8093
    @xozeintk8093 Рік тому +6

    How could someone can hack you🤦‍♂
    You Are Thio!🔥🔥

  • @downundarob
    @downundarob Рік тому +7

    Possibly of even more concern is that 8 hours later some of the more common AVs (Avast, AVG, Trend, Kaspersky, F-Secure) are still not flagging the a file and only doing somewhat better on the first file.

  • @NomadOutdoorAdventures
    @NomadOutdoorAdventures Рік тому +1

    I’ve been using bit defender for many years already a couple of years ago I got hacked by scammers, taking over my UA-cam channel and bit defender did not protect me at the time. It finally detected it the behaviours being inappropriate and blocked it, but not before it was too late. They had already stolen my cookies so they could log into my channel.

  • @respectmathias
    @respectmathias Рік тому +7

    Honestly, now I'm worried too cause I do the exact same thing by looking at most downloades

  • @tylerferguson6271
    @tylerferguson6271 Рік тому

    Thanks so much for this video! I'm a sysadmin and have AppLocker applied to my SMB. I'll be adding your deny rules to my policy, right now we've just been relying on the implicit deny and I've been allowing things by path (yes, I know, hash like you do is much better but I'm applying these policies to over 100 users/computers I can't manually add each new hash every time a Teams update or whatever drops, that's way too much work.) Also, if you didn't know AppLocker has previously only been available via Local Group Policy and Intune CSP unless you had Windows Enterprise. If you wanted to apply it to an organization using Windows Pro, you had to use Intune, the ADMX policies for Group Policy Management on DCs existed but they didn't do anything unless you had Windows 10/11 Enterprise licenses on your workstations. I've noticed recently that my AppLocker policy is being applied via GPO, I was using it just to write the policy and export to an XML file to copy/paste into the Intune AppLocker CSP configuration profile I created. However it seems to be working via GPO now, so apparently Microsoft changed the requirements and it will now work with Windows Pro licenses via Group Policy Management on an AD domain.
    If you're (I mean @ThioJoe or anyone nerdly enough to have read all that above) you might also be interested in an NDR, NG Firewall (why are Fortigates with SFP+ ports so expensive? I want to run one at home), and SIEM. Stay safe. The Internet is a crazy place these days. Kinda bummed I didn't get to enjoy the days when a sysadmin's primary concern was uptime.

  • @timothyt.82
    @timothyt.82 Рік тому +4

    I use Ubuntu (a Linux based operating system), and I have two programs I make sure to install.
    ufw is an uncomplicated firewall for Linux distributions that does exactly what it says in the name. Linux doesn't usually come with a firewall depending on which distribution you use, so always make sure you have it installed with sudo ufw enable to both verify installation and enable your firewall if it isn't already.
    clamav is an antivirus built to work in Linux. Antivirus programs usually don't work in a Linux environment because of the architecture differences from their primary target audience: Windows users. You also don't technically need an av due to the lack of conventional malware for Linux Desktop users. However, it's better to be safe than sorry.

    • @schwingedeshaehers
      @schwingedeshaehers Рік тому +1

      Also, it has a different approach to rights on a system

    • @Ghfvhvfg
      @Ghfvhvfg Рік тому

      Linux was built for security from the start, if you are bored enough von can Look at almost everything running on your system Windows had a other history so they never had it from the start.

  • @MayaPosch
    @MayaPosch Рік тому +2

    The big issue with NuGet and kin is the same as with NPM and other code snippet repositories in that basically anyone can upload files to them. This is quite different from distro-specific repositories where you first need to gain the trust of maintainers to even get permission for uploading. This is why I feel a lot more comfortable getting development libraries from the Arch repos even on Windows (via MSYS2). While I also use MSVS and the package managers, those are subject to a lot more auditing and sanity checks, exactly because of the much higher risk factor.

  • @NinjaRunningWild
    @NinjaRunningWild Рік тому +5

    I’m surprised that Microsoft doesn’t vet these extensions. Maybe I shouldn’t be… Why don’t you open the created file in HXD & the batch file in Programmer’s Notepad?

    • @hostgrady
      @hostgrady Рік тому +2

      Most of these programming package managers don't sadly because it's all community uploads unlike say Winget or Linux package managers where a few trusted community members/company employees vet the packages and then upload them.
      pip and node suffer from these issues all the time and when a project gets hacked it can be really bad if some people have their settings to use the latest version of a package instead of a specific version.

    • @NinjaRunningWild
      @NinjaRunningWild Рік тому

      @@hostgradyYeah, but that’s no excuse for MS to not be green-flagging valid extensions & red-flagging invalid ones. They shouldn’t be allowing them to just be posted without oversight.

    • @hostgrady
      @hostgrady Рік тому

      @@NinjaRunningWild yeah they also run npm which is what nodejs uses, they're really terrible with it

  • @onehitpick9758
    @onehitpick9758 Рік тому +1

    Visual Studio itself is quite alarming with all the extensions from all over the place which are readily added. There are dozens of options available for a given capability, and just finding which one is useful is a chore. Verifying validity and non-maliciousness is yet another major chore. A plain, uninfectable editor and a command-line debugger still work just fine.

  • @Inspirator_AG112
    @Inspirator_AG112 Рік тому +18

    The fact that ThioJoe, a *technology UA-camr,* narrowly dodged a scam...

    • @CattopyTheWeb
      @CattopyTheWeb Рік тому +4

      Don't forget LinusTechTips also got hacked in the past

    • @Dumb_Killjoy
      @Dumb_Killjoy Рік тому +1

      ​@@CattopyTheWebTwice if I'm remembering correctly

    • @Inspirator_AG112
      @Inspirator_AG112 Рік тому +2

      @@Dumb_Killjoy:
      I knew that one time, but twice?

    • @pikacringe
      @pikacringe Рік тому +3

      Someordinarygamers too

    • @Dumb_Killjoy
      @Dumb_Killjoy Рік тому +1

      @Inspirator_AG112 The LTT Twitter got hacked around 6 or 7 years ago. I think that's why Linus has his own personal Twitter, since the intrusion came from SIM jacking his phone number.

  • @justanothergamer256
    @justanothergamer256 Рік тому +2

    I just sent this to all devs I know that use VS, n told them to watch at least the first 4 minutes, cuz this is definitely something I could have fallen for.

  • @charginginprogresss
    @charginginprogresss Рік тому +3

    Smart App Control is not on "a fresh install of windows"
    What is needed is you to allow them to gather optional diagnostic data when you select those options in the OOBE.
    If you select "only mandatory diagnostic data" the option is already grayed out on a fresh install by default.
    And yeah there's also the thing about "if you disable it you cannot re enable it"

  • @swaggamesph3342
    @swaggamesph3342 Рік тому +1

    Thank you for you service!🖖

  • @platoh
    @platoh Рік тому +13

    The real package was the friends we found along the way.

  • @Nedrozak
    @Nedrozak Рік тому

    Thank you for this informative video. I consider myself a poweruser but have never even heard of AppLocker. I enabled it as soon as I finished the video.
    Looking forward to your video about AppLocker!

  • @dfgaJK
    @dfgaJK Рік тому +3

    Would windows defender have been sufficient? Would it have stopped it?

  • @terawattyear
    @terawattyear Рік тому +1

    Excellent, useful video. I really appreciate your work in building these vids and bringing them to us.

  • @ivirius.parody
    @ivirius.parody Рік тому +3

    THIO'S FACE IN THE THUMBNAIL THO _💀💀💀_

  • @dave_n8pu
    @dave_n8pu Рік тому +1

    I agree Joe, it's to bad you can't enable Smart App Control after Win 11 Pro has been running a while, I checked mine, it was what yours showed. This was the first time I ever heard of that app.

  • @JustPyroYT
    @JustPyroYT Рік тому +6

    Congrats on 3 Million Subscribers! 🎉

  • @ericesev
    @ericesev Рік тому

    You're brave! In terms of risk, I'd consider my development environment at the top. For me, it's a completely separate system with no password manager and no access to commit to code repos. I use Code Server as the IDE for my development environment. That way it is seamless to access from my primary laptop/desktop.
    The SSH key needed for pushing committs to Github is on a Yubikey, on my primary machine. When I need to push code I ssh to the development environment and use ssh-agent forwarding. The private key never leaves my Yubikey and can only be activated with a physical press.

  • @chaindead
    @chaindead Рік тому +7

    Lesson? Never download anything ever.

    • @bgtubber
      @bgtubber Рік тому +3

      Not even more RAM?

    • @KeinNiemand
      @KeinNiemand Рік тому

      Then your stuck with no sofware outside of what comes with windows, or old stuff on phsical media

  • @IMAGE_NT_HEADERS
    @IMAGE_NT_HEADERS Рік тому +1

    Another thing you gotta look out for is VS projects downloaded from the internet running custom build steps. I know VS warns about it, but most ppl are so accustomed to just clicking through the dialog

  • @the_red_gamer
    @the_red_gamer Рік тому +5

    Imagine if now he is actually an ai clone of him pretending that he almost got hacked

    • @mozneda
      @mozneda Рік тому

      was wondering the same

  • @phuket2753
    @phuket2753 Рік тому

    Thanks!

  • @crobinso2010
    @crobinso2010 Рік тому +5

    NuGet sounds like something to just stay away from!

    • @I.____.....__...__
      @I.____.....__...__ Рік тому +1

      That's like saying the Windows Store, App Store, Google Play Store are things to stay away from because sometimes malware makes it onto them. (Then again…)

  • @retro_vhs
    @retro_vhs Рік тому

    These are the kind of videos I live for! Very informational.

  • @mbdg6810
    @mbdg6810 Рік тому +2

    What a unique way to almost get hacked

    • @qkzalswns
      @qkzalswns Рік тому

      Was thinking the same.

  • @johnbowles4754
    @johnbowles4754 Рік тому

    I'm glad to know that I'm not the only paranoid person in the world 😊
    Keep up the great work 👍

  • @Homurro
    @Homurro Рік тому +3

    Does packages in store never get reviewed before posted?

    • @ThioJoe
      @ThioJoe  Рік тому +5

      I think they get a basic scan but nothing to stop them from fetching a remote virus

    • @GandhiTheDerg
      @GandhiTheDerg Рік тому +1

      @@ThioJoe As always.
      You'd think the page hosts would start scanning scripts, especially autorun scripts, for commands that download files and automatically sandbox and test what is downloaded from them.
      Play store has the exact same issue, because they do not test for Files downloaded by the game, only the files they host themselves appearently

  • @liquidalloy
    @liquidalloy Рік тому

    You're on a whole different level Joe haha. Genius man

  • @BigBossultrastealth
    @BigBossultrastealth Рік тому +1

    this is an insanely good ad

  • @HeliosBeats
    @HeliosBeats Рік тому

    2:04 It's also suspicious how all those packages just happened to be download exactly at around 284k times, as if a script was ran for a similar amount of times to repeatedly and artificially raise the download count. Another potential give away was the grammar mistakes in the package description such as "A official" instead of "An official/the official"

  • @7Saints78
    @7Saints78 Рік тому +5

    This is why Hackers shouldn't target Tech UA-camrs
    Not only are they unsuccessful, their entire strategy is made publicly known.

    • @cameron7374
      @cameron7374 Рік тому +1

      It being publicly known doesn't mean all of the millions (if not billions) of potential victims automatically know about it.

  • @lpoki8897
    @lpoki8897 Рік тому

    This is so vindicating.
    I've had to say no so many times to users wondering "Why can't I just install Spotify myself?", it only takes one bad download and I have so much more work.
    I have been thinking about scenarios exactly like this with the Cyrillic letters.

  • @jesusvillagomez5499
    @jesusvillagomez5499 Рік тому +3

    how common does this happen?

    • @ThioJoe
      @ThioJoe  Рік тому +3

      No clue

    • @VaiCaDep0893
      @VaiCaDep0893 Рік тому

      @@ThioJoe Do you know an app that I can use to protect myself on Android?

    • @elnkr2603
      @elnkr2603 Рік тому +1

      ​@@VaiCaDep0893 it's called "don't install/run suspicious apps". If you only get your stuff from the Play Store and other trustworthy sources like F-Droid you shouldn't have any problems.

    • @VaiCaDep0893
      @VaiCaDep0893 Рік тому

      @@elnkr2603 I know, but at least suggest me an app

    • @AkinaJVS
      @AkinaJVS Рік тому +2

      ​@@elnkr2603even Play Store has some sketchy shit published to, i worked at phone technical assist for 6 months and out of countless adware ridden android phones, not one had "unknown install sources" allowed, all of it was downloaded from the play store and then when already installed had many techniques to hide the app from the menu and giving themselves permissions

  • @MegasXLR
    @MegasXLR Рік тому +1

    When malware has official pages advertising it's a top notch stealer LMAO

  • @KleMih
    @KleMih Рік тому +6

    Question really is if windows defender would detect it...
    But obviously since bitdefender is sponsor, you wont test for it...

  • @Marfig
    @Marfig Рік тому +1

    Interestingly enough, I was just thinking about this very thing a few days ago as I was going through my Android phone Play Store looking for an OpenAI app. I noticed a very large number of purported AI apps in the store. Many try to imitate (through the logo or name) an official OpenAI app. It looked odd to me, and after a very quick research, I realized that OpenAI doesn't yet have an official Android app. They only offer one for iOS. I ended up not downloading anything to my phone. And my thought was was AI functionality can very easily turn into a vector for scams and even malware. And here you are with one example of the latter!

  • @Datboii2344
    @Datboii2344 Рік тому +14

    You know for someone who is a tech master you seem to get into trouble alot

    • @NinjaRunningWild
      @NinjaRunningWild Рік тому +6

      The more you do, the more potential trouble you run into.

    • @ThioJoe
      @ThioJoe  Рік тому +2

      That’s my secret, I’m not a tech master

    • @danyal_assi
      @danyal_assi Рік тому

      What secret?

  • @rookiegamer1234
    @rookiegamer1234 Рік тому

    Wow I always thought when something looks official and without any grammatical mistakes it's safe. I guess I have to find new ways of detecting viruses myself. I'm glad you're safe and thank you for providing us with this info, it helps a lot.

    • @thenickstrikebetter
      @thenickstrikebetter Рік тому +2

      To be fair it said "a official" when it should be "an official"

    • @rookiegamer1234
      @rookiegamer1234 Рік тому

      I don't mind when someone makes gramatical mistake. I sometimes download from places where there are gramatical places as well. What I do first tho is check rating on website and check if website itself is secure, i have plenty of websites that have proven themselves to me. But even in google play store or official places can someitmes contain a virus as almost everyone can upload whatever they want.@@thenickstrikebetter

  • @erikhicks07
    @erikhicks07 Рік тому +1

    This reminds me of 'protestware' where well-known legit repository apps suddenly go rogue with code to do malicious damage to users in target countries etc. (Russia for example)

  • @misakamikoto8785
    @misakamikoto8785 Рік тому +2

    Can't get hacked if you never connect to the Internet. Is it possible to have a 2nd computer that NEVER connects to the Internet to run VS to do your thing? Not a programmer obviously idk if VS need constant Internet connection to work.

    • @Mario583a
      @Mario583a Рік тому

      I recall some or most malware can enumerate connectivity to get their items.

    • @labsupri6681
      @labsupri6681 Рік тому

      @@Mario583a What you said made no sense. It is true some sophisticated malware has attempted other methods of extracting files from air gapped system, but these have mostly been extremely targeted attacks and mostly unsuccessful.
      There's no way to create connectivity where there is none, any properly gapped system (just rip out networking and bluetooth components) is going to be completely infeasible to attack.

  • @-zerocool-
    @-zerocool- Рік тому

    Ive just swapped from Kaspersky to Bitdefender on Windows and Android devices, Ive always hated the UI ever since the beginning, but the latest UI is great and I am loving Bitdefender.

  • @irvingchies1626
    @irvingchies1626 Рік тому +1

    I've said it many times before and gonna say it again, "needs physical access" is not a thing, as soon as you have it in your system it can run, and you can download it inadvertently from ANYWHERE

  • @monk3synuts
    @monk3synuts Рік тому

    You're a good actor, and a better salesman!

  • @ace90210ace
    @ace90210ace Рік тому +1

    erm, having played with chatgpt ideas in visual studio this worried me abit because i could easily have fallen for this. thankfully i knew there was no official openai nuget so was fairly confident i would remember if i saw one and used it.
    but i just had to go back and double check about 6 projects ai related to be sure none of them used any packages that were suspicious (thankfully they all fine)
    will be checking this in future for sure and as a developer i plan to add that explicit exclusion and use applocker right away

  • @StefanMarjanov
    @StefanMarjanov Рік тому

    Thank you as always! Please make a video on how to setup App Locker.

  • @Twisted_Code
    @Twisted_Code 10 місяців тому

    Oh, fun title, I know what I'm doing with the next 18 minutes of my life! Always fun to see a friendly reminder that yes, this can happen to anyone, and I need to keep on guard. It's why I'm currently in the process of trying (if I can find a drive to put all my **it on) to backup my entire system, and why a month or two ago I spent the better part of a week updating my passwords just in case they got leaked by the computer repair center I sent my laptop off to.

  • @aristocratpepe
    @aristocratpepe Рік тому

    You made me rethink my security config on my PC!