Do NOT use ShaderBlox! (ROBLOX trojan) | Dynamic and Static Malware Analysis
Вставка
- Опубліковано 21 жов 2024
- In this video, I analyze malware called "ShaderBlox" which claims to give users the ability to make their ROBLOX look better. However, this is actually a horribly-crafted infostealer which steals credit cards, usernames and passwords, browser cookies, files, discord accounts, steam accounts, and even social media accounts!
I use VSCode and its built-in debugger for dynamic analysis. Then, I manually analyze the JavaScript payload.
The music is created by Lofium and available Royalty-free on Pixabay.
Tags:
ShaderBox,
ROBLOX Shaders,
ROBLOX Malware,
Malware exposed,
Malware analysis,
Infostealer,
ROBLOX stealer,
ROBLOX hacked,
JavaScript,
Reverse engineering.
16:00 The mixed use of naming conventions and bad function names is hilarious.
AFAIK in JS (specifically in a NodeJS environment), the process.env variables have to be uppercase.
The code definitely isn’t self-documenting, but maybe that’s a feature? 😭
@@realreverseengineer They are so advanced, they even obfuscate their code while writing it :D
Thank you for this video! Very good!
Glad you liked it!
Thanks for the video, i used it to learn about cracking electron apps ig
thanks for saving my life! after i watched this video its kinda interesting shader (virus) but i try on VMware if it virus or not (on virtual machine i had antivirus ready which is kaspersky before use it) and i try it. after that they delete my system32 and just nothing i didn't logged my account and i assume this as harmful roblox shaders and also kaspersky just processed terminated, object deleted and rollback completed, it didn't removed the system32 because of kaspersky being fire antivirus🔥🔥🔥🔥🔥🔥(which is op antivirus from russia). but luckily i was just using vmware before trying it. wow
he's also spam alt to make kids fall for it
beware of this...
Pls how to remove it completly pls reply i instaled it
remove ethernet and wifi
id recommend just fully reinstalling windows and changing all ur passwords
Retard
@@kyron7850 thanks i installed ghost specter window 11 now I am safe
@@kyron7850 if you install first turn off wifi then task manager find the unity process then delete it restart the and find it and delete it then reset the pc fully
I accidently installed it how do i remove it without resetting my pc
Reset your PC.
You can also disable it in task manager and manually delete the files in %localappdata%/Programs/shaderblox and reinstall Discord but this is *NOT* recommended.
They already have your crypto wallets (you probably don't have this), your passwords, your cookies (which means they can log into ALL of your accounts), and some of your files. Change EVERYTHING! Use a password manager!
anywhere I could contact you?
@@pancak3 Sure! Add me on Discord: magical_kitten_12105
its fake
Well yes that’s kind of the point of my video