What THIS Fake Minecraft Mod is Really DOING
Вставка
- Опубліковано 15 вер 2024
- Recently an imposter mod was promoted in the Create Aeronautics mod server.
Official Discord Server - / discord
Reverse Engineering Skool - www.skool.com/...
Follow me on X - / atericparker
Real Create Aeronautics: • Create Aeronautics Mul...
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate UA-cam stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024
malware devs cant be bothered to send an infected jar file these days
like if i was gonna get an mc mod and you gave me an exe file i would look at you like you think im stupid or something
true
id honestly open it in resource hacker in case the idiot tried to add "haha you got hacked" as a dialog or string
Deadass
@@cirkulxtriage is a better way to do dat
I was in the create aeronautic server when this happened
The part that surprised me the most is that, because create aeronautic is a minecraft mod, it's supposed to be a .jar file, but instead it was a .exe, and the name was also not coherent with the mod, so it really surprised me that people still ran it (yes people did). But, because it's a dev (Reaper) who sent this file, people thought that it was a trustworthy file, which is understandable
i'm not sure why they'd distribute it as an exe since you can hide malware in legitimate jar mods. but i guess that's too much work considering how lazy this malware seems
My guess is that people ran an .exe because so many (most closed-source) mods/clients come in an .exe installer and people were just used to trusting things like this.
@@min3craftpolska514yeah but there's like two mods that do it (optifine and essential). if you're playing 1.14+ you don't need optifine, use sodium. if you *really* need optifine, just download the forge mod version
lol I remember when I installed the Oculus mod for use with some mod pack and it was broken, I checked curseforge and it appeared to have been hacked (random release name, bad English from a normally fluent writer, etc), seems I was one of the first to notice lmao
@@KSPAtlas Oculus got hacked once?? Huh, how have I never heard of that
The malware: "hiiii I wanna check in for a bit, byeeee"
I’m in danger! *computer explodes*
Trolli is a Brand of Candy and this looks like just the sort of game such a company would create as an ad campaign. Looks like the hackers also stole the game. Weird to go to such lengths, and then not distribute anything resembling a minecraft mod (should be a jar)
The best they could have done is combine the malware with the actual jar
Imagine how many people they could've gotten if they distributed a real mod malware....
Had a play of it and i'm surprised by how good the graphics are for a simple platformer about gummy worms
@@Coppertine_ yeah if ur bored and have like 20 minutes of free time its alright for free. though the jumping and collision detection kinda suck, wished they could've tweaked/fixed that. and the level design is suprisingly good
Btw that hacker was an absolute idiot! Didnt even realise that it was a minecraft mod. The dude pinged everyone and said its an alpha of "the game" and that "we need testers"
Also most of those downloads aren't infected people but people that wanted to have a look at the malware.
Oh. I seen that before on a server for, i think, the long drive. It was probably a script kiddy attack. (Aka, a pre packaged attack) so it wasn't built for any one server specificly
bro couldnt even get a jar malware or call it a mod😭
1:43 trolli is a brand of candy, the game is indeed stolen from that brand.
"ReLUNCH API" XD It was so hungry it caused an exception.
I don't think many people fell for this, minecraft mods don't look like this. minecraft mods look like a jar file you put in the mods folder which minecraft runs. you can still make malware for a minecraft mod, but I don't think people expecting a jar file got tricked and ran an executable with a bunch of different files for electron.
I agree. But there's people who just like dosen't know, and because create aeronautic is a really anticipated mod, some people possibly just run the file without thinking
As in any minecraft related discord server, there's a ton of kids. That and having admin privileges on artists and other non savvy people is probably why it was targeted
800 downloads says otherwise though right?
@@rubikquitous8482 no, I'd guess most people downloaded it, saw the contents and deleted it
@@rubikquitous8482 It was over 1200 before it was removed
Eric's Parking Minecraft series when?
Cat ears at 100k
Least funny troon award
I aprooove :3
@@PaintedDelusion4 mins ago is crazy
DON'T DO IT
Real
a few over 1000 people downloaded the the "leak"- kinda insane
2:45 Trolli is a german Candy brand 👀
it's distributed in the US as well
@@AttacMage yes, but idk why they use the logo.
@@dvsur someone else said it was an actual game made by Trolli
@@AttacMage oh okey didn't know about that
I love how this "mod" isn't even trying to pretend to be the alpha release of the mod or a mod file at all
9.6k subs till Eric would have to put cat ears onto his head.
Aeronautics is the only mod I've ever seen hyped up for an entire year without any release, and with videos showing builds but no actual demonstration of the mod's features; so I assumed the mod itself was some kind of scam. Wild to see this turn of events.
I remember I downloaded this in a rush, but the .zip file was corrupted (?) and I could not unpackage it nor open it.
Guess I got lucky.
If you were gonna run it, that would be insane, also, hi.
Windows Defender is getting better at flagging these kinds of things at download. Your AV probably caught it and you didn't notice.
I would argue that the only good advice to give to someone who got any kind of malware is to make a fresh install of windows. Confirming it didn't touch anything else to to stay for longer is just not possible for vast majority of people and might gave them some false sense of security. So many things it can do... from changing other .exes to even editing your minecraft modpack .jar and good luck noticing that.
Unless you manually check every single exe and dll on your device then you can never be completely sure.
This is the most stupidest fake malware. In minecraft, mods arent installed using .exe's or executables asides from .jar files, and you dont have to open the .jar file to get the mod, you have to place it to %appdata%/minecraft/mods and get an modloader that the mod uses. The only people i see getting affected by this is minecrafts main demographic audience a.k.a kids
i was in this situation and it was crazy my slow internet saved my pc
i love how only 1 out of 5 comments is not about cat ears
We know where you live.
@@Master120 ummm okay
why the fuck is everybody yapping about cat ears and tails???????
"regedit for Minecraft" video pinned comment
100k catears
🐈😺
Because cat ears at 100k
A stupid unfunny joke that eric's community came up with because hahhahahaha furry or something
Any logical person would know that you didn't need an .exe file on your mod to work on your Minecraft. It needs an external modloader to load a .jar files like Forge and Fabric to make the mod works.
The mod itself you showcased on the video are meant to be an addon expansion mod called Create (hence *Create* Aeronautics), so it wouldn't be logical either way if it can load it standalone through an .exe file as the original mod itself need at least Create mod in the modloader.
hacker is freaking out after this guy shows the alt of task manager 💀
3:07 it just wants more lunch
Thanks for looking at my suggestion!
I'm wondering how these malware will handle Windows 11 machines where WMIC has been uninstalled
It sounds like a kinda similiar scam where you're DMed a "game" someone has been working on except it's stealer malware
Thank god I left that server before. I got warned for posting a cartoon stick spider
Did you hear about people getting timed out in the discord for pirati- watching WALL-E on the VC using Watch Together? Very silly.
Sounds very much like an aeronautics moderation moment.
@@andrupka8749 Yeah, they couldnt even stop the watch together, so people in it was just getting timed out
Who cares it’s just a movie
What's up with cat ears?
I don't know what's it about feels like I'm missing out 😁
Eric Parker will wear cat ears (I guess) at 100k subscribers.
oh my god create aeronautics mentioned
I saw the create aeronautics announcement on their server. Luckily, I didn't download it as I was skeptical 😂
if he gets hacked then i will assume that he forgot to use a vm
the cat ears
There are a lot of comments saying that mods are supposed to be a .jar file. Just wanted to remind, that there are mods that have installer such as essential, optifine, impact and other. So I don’t see nothing wrong with it (but it is still pretty stupid tho 😅)
All those are mods that I dont trust in the first place, there is really no reason for any of those other then Optifine to have an installer since that can also run standalone without Forge mod loader installed. Optifine is considered legacy/unsupported if you are using it with any other mods. Also Impact is a Hack client with a mod version, which I wouldnt trust either way.
Forge as well. Much like Optifine though the installer is part of the samw jar as the mod(loader). Many probably dont realise they even have installers unless they ran the jar alone accidentally.
essential is selling the data of children, optifine is deprecated at this point, and impact is a cheat client.
Those mods are scams though.
Hey Eric,
If possible, could you please make a video about basic checkpoints to ensure computer safety on windows 10/11 and Linux? A simple list of things that people can go through and verify whether their PCs or laptops have been infected or not.
Love your videos, would love to see you talk about network threats too!
I honestly actually fell for this, and I only realized something was up when it killed Firefox and discord, I immediately taskkilled it and changed all of my passwords afterwards. it didn't even seem like it sent them to anywhere considering I haven't been hacked nor received anything in my email
Why did I download this and not realize beforehand? Simply from being excited and slightly careless
The funny thing is that the uninstaller actually did its job. Couldn't really find these registry keys and the auto run thing anymore
Please tell me you reinstalled windows.
@@undefinedchannel9916 too much stuff im not bothered
Lil bro needs some ict lessons
@@undefinedchannel9916 no i didn't reinstall it
there was just too many files on the system i couldn't be bothered
@@NaraSherko what
I dont understanding what youre saying sometimes, i be watching and then you say "This may be the mainframe hyper code web firewall attempt at nuking the server" and then ill be like "yeah i agree that must be it too"
Can you explain why the hackers are doing some of the stuff on the computer like checking if it’s a hosted server or what is the electron app and how they are running a website on it
Electron is a web tool kit for embedded web applications like discord or telegram and it’s basically just chromium embedded framework but even worse performance
They check for money and cam detection
man i was loving playing this Trolli game
never expected to see that on your channel...
when i downloaded it the zip file just had an exe and some yml file inside.
i still have the zip file btw
Very nice analysis! Thank you
That’s why I do not trust discord downpoads
i will be anticipating the cat ears with great interest
Trolli is a sweets brand, popular in Germany. The game is definitely stolen.
Can we get cat tail at 500k
maid dress at 1m
cat tail plug
Yes officer, these comments right here.
only 10 k subs more , eric parker....
This is why we can't have nice things.
I dont even know why and how the people in the discord downloaded an exe file (note: 500+ USERS DOWNLOADED IT)
I would complain that this is the laziest shit of malware ever, but that's a good thing. I'm still gonna complain though (and then get hacked or whatever in two decades. mark my words).
No but like, this is so painfully obvious. Ah yes, a textbook case of a Minecraft mod distribution. Classic folder with its own DLLs and exe. I used to use Skydaz to install all my mods, where you would download an EXE file to install the mod... except, y'know, the exe's were standalone and didn't come with any supplementary files. Also, they worked really well. This is just such a lazy attempt at malware that it should be called malwhere? I can't see it! (First of all, horrible pun that doesn't really make sense unless you interpret it sarcastically, but also I hate Chromium-based shit with a passion because, to me (and I know this is a somewhat crazy opinion, don't @ me), it's so overkill and lazy for like 90% of cases. Also when people make software using Chromium and then charge money for changing the _theme_ and all the themes are essentially built-in HTML gradients... that's when you know you're working with the absolute _best_ developers. Sorry, had to rant about that for a second lol.)
TL;DR malware author dumb dumb. I'm loving all of the comments roasting and shaming on the malware author for being less sharp than a lobotomy patient.
This is so common and usual
Was wondering about the username, but the SSD confirmed it :)
Oh hey you did make a video on it!!!
cat ears for engagement
Cat ears are waiting
I seen ur new video but it got tooken down for violating yt community guidelines that's so dumb I'm sorry man but I did see the entire video before it got tooken down good video
WE ARE GETTING TO THE CAT EARS 🎉🎉🎉🎉
cat ears at 100k
Stealing the product Key? Why? All that does is earn you the ire of everyone else on the planet.
great editing super underrated video
Please do a minecraft lets play
Who can explain, why is everyone in the comments are talking about cat ears?
In a video (I don't remember which one), erik said that at 100k sub he will put on cat ears (I don't remember if it was a cat hear headphone)
REAL IWAKURA SSD📢📢📢
this fake minecraft mod gave me autism. eric to the rescue LFG
stopping the cat ears at 100k haters
dont forget…the cat ears
Isn’t trolli a candy brand?
Yes it is
Hey there, im a anarchy minecraft player. Ratted hacked clients, minecraft exploits and general malicious activity is often a part of the fun of playing on a anarchy server. I was wondering if you would be interested on making a video looking into some common minecraft hacked clients and exploits used in the servers history? if so id like to help!
felonies are part of the fun of minecraft apparently
@@HuskyMoment Read more carefully. Its sarcasm, and clearly I mentioned anarchy minecraft. Go learn about 2b2t!
10:10 What is the name of this software ?
i... am Steve.
Hey, the new video that you just uploaded got taken down, but I have a copy of it.
Would it be alright if I reupload it? And please tell me what the reason is, so the video also dosen't get taken down.
Cheers!
yo bro can u send me it pls
@@prohax1 on what?
cat ears, remember?
teach us how to find a rat 🔥
cat ears, fuck yeah!
What do you run files like this on?
Rip discord grabber
I have a Linux computer.
What’s the real mod download
Don't think it's out yet
It’s not out yet. Valkyrien Skies 2 and Clockwork (an expansion for VS2) do the exact same thing as aeronautics but even better.
If I see, one more comment. ONE MORE GODDAMN COMMENT ABOUT THE CAT EARS
car ears 😼
10k off cat ears
Interesting…
ok
cooked
meow
I failed my task, almost every comment is infected with a pure rot
You mean Purr rot (🥁 tshh (baa dum tshh)
678th like!!!!!!
Andrew tate accent, nice video