I guess it makes sense that crypto scammers didn't think to hide from people inspecting elements on their site, they know cryptobros can't right click.

Wow, a scam that pretends to be a different scam. It's scamception!

"Oh you're getting a virus alert from our software? Try disabling the anitvirus, that should get rid of the alert."

Reminds me of that GameStop NFT creator who made tons of sloth NFTs. They opened some malicious file to "collab" with someone, and ended up losing his seed phrase. This resulted in all the existing NFTs that had been sold to become worthless because the scammer had control of the wallet and could theoretically create more NFTs (although he just stole his money). Then the Sloth had to re-mint every single NFT with a new wallet and send the NEW, REAL nft to the old holders

My favorite goof-up in their chain of stupid steps here was the 760M file magically coming out of a 26M zip along with several other directories "worth" of files. That implies the data was trivially compressed (IE, like you said mostly 0 bits) or self-springing, because there's no way in the nine hells an actual proper program, not even a launcher, scrunched that effectively.

I'm not in cyber security but seeing the breakdown of the virus, what it does on a virtual machine, and everything else was very educational. Much better than repeating "don't download weird things" again and again. You did a good job.

Mate, I like to think I'm pretty up to date with all the scams going on, but this was mostly new to me, I firmly believe that EVERYONE should watch this video, super informative, I hope it can somehow go viral, I'll do my part.

My guess is that the art and gameplay clips look legitimate because it is. They probably stole it from another crypto project or a failed kickstarter.

Fun fact, Magical World is a D&D slang term for a campaign or setting that revolves around the DM's sexual fetish(es)

I looked it up and saw that there are people named Nancy😱

Dude seriously tried to Bioshock you? “would a you Kindly to be turning off your abitivrus software please now kindly.”

Immediately after this video I got an ad from (legit) bank warning about opening links that pretend to be postal service, your bank, IRS etc. and to stay safe online

you should of cobbled together a game launcher for the game and sent them a screen shot of that

You are a gift to humanity; thank you.

Awesome work Jauwn. And, just for the record, I believe March 28rd will be the day of the MOASS. Buckle up.

Running a virtual is crazy useful to protect your pc I wish I understood more about this kind of stuff

i watched this and expected your subscriber count to be like 500k wtf, this video was awesome + you’re definitely gonna grow very quickly :))

No reference to old Gamefaqs with the ASCII art smh.

It says something about the quality of crypto games when you get better website design and more effort from direct scam attacks then the actual 'triple-A' games.

Great analysis! I am particularly interested in your knowledge of the intricacies of this. Are you just a power user, or did you go to school for InfoSec? I did myself, so it feels to me like you did too, or you just do a lot of good self research. I'm curious to the case. I'd like to see more content of dissecting scam attempts, they are fun to watch the scammers fail spectacularly

My childhood remembers ascii artwork at the start of walkthrough guides back in the day for games.

It must be good that i'll like never interact with this blockchain stuff then

explaining it like i was 5 was Very good and i rly liked this vid. Educational , simple 2 follow and quite Funny tbh

Hey, they wanted to see a short recording of you launching the "game", right? Why not take a quick recording of you launching the .exe, asking "huh, it didn't open up. Did I do something wrong?" And then wait for them to notice they didn't even get any real info.

8:22 It's better to use authentication apps as SMS messages isn't secure at all

Thanks for the reminder to set up 2FA. I have it on a lot of my stuff but I had forgotten to set up non-email version on one of my more important passwords.

I think the most depressing thing to me is that (assuming not everything on the site is stolen) they have what could be an interesting looking game. Like drop the NFT thing and make it some kind of Card Battler or Darkest Dungeon style game out of it and they'd probably actually make money off it.

Oppa Gangnam style. Elite haxxzor defending skills on display. Good vid!

If someone says "disable your antivirus and play the game" it's a scam, why would you NEED to turn off antivirus to play a video game?

...The antivirus thing reminds me, I've been using the default microsoft one this whole time. You seem like a tech savvy guy, got any recommendations for anti virus programs?

Pirate bay? Read files with ASCII text that includes a cracked registration code? Ah memories.

Fantastic video Jauwn!

This is what got Pegasus and IOHA this month.

Bruh I got a crypto ad💀

I have been watching all of these to a point where I am getting crypto cup ads😂

"Hello dear" sounds familiar innit

You have very unique ways to be reached 🤣

Lol you deserve more subs

These are my favourite of your videos.

That ai detector site does give 80%/90% human on my ai generated images, so I would take that with a grain of salt.

Wait, antiviruses have a file size limit??? 🤯 So then what should I use to scan my computer that doesn't have this restriction?

They write in a style like alot of chinese on alibaba... also - they have all similar names, like nancy.B Andy, and often extravagant like some shakira ;d

March 28rd

Dang, i guess being forced to run things in WINE is good(im a linux user)

You forgot 4. If you see bad grammar and spelling, run.

5:23 and GameFAQs

netherlands mentioned 🇳🇱🇳🇱

Guy says windows defender didn't detect it.... my guy windows defender is just a RAM sink, it doesn't catch anything. infact it only catches the things that are safe but windows don't like you to use.

I almost fell for this scam😅

🫡 see ya Nancy

except for my grandma

It would be fun to hex edit the EXE to see if it's filled with zeroes. edit: I should have watched the video one second longer

Dude... honestly. I will have a GDC talk about web3 tech soon.. I am in blockchain gaming. And you would be the first person I would love to get a honest opinion on my game, EACTLY because you destroy those projects.Because you don't do it out of malice, but because they are usually complete dogshit. I would like to know your opinion and how you think we could make it better. So the last point not to ask to review a game is not valid!! :) I would not pay for promotion.. I would for consulting 100%.

I have an Aunt Nancy, and it's good to finally know she isn't real. Thanks, Jauwn

Amazing quality breakdown, as a cyber security person I love to see advanced topics broken down into human basic English for those less tech literate. I wish I had the production skills you have to be able to help build this bridge of awareness and avoidance for vulnerable people. Keep up the spectacular work

Hey! You forgot about the other places that style of ASCII art appears. Old all-text game walkthroughs and mod readmes.

8:15 It's also worth noting that a stealer malware can also steal your cookies, which allows them to bypass your 2FA because they don't need to actually sign in.

Not only was this entertaining, this was also educational.

Great video! 👍 Just wanted to point out @ 10:32 that reporting these scams is _very important,_ even if no-one responds to your specific complaint. You might not notice any immediate action being taken, but that doesn’t mean the report doesn’t achieve anything. Scammers rely on people's reluctance to report, knowing it's not feasible for cybersecurity teams & law enforcement to investigate small numbers of incidents… so reporting “near-misses” or attempts like this one always provides valuable info while helping the issue reach critical mass to prompt action by authorities. “Near-miss” data is also incredibly valuable for big-picture analytics & being proactive with security, _especially_ when there’s a significant social engineering element to it. If I get a scam text or email for a company I’m a customer of, I always report it to them because I know how useful that info is from the other side of the equation. Cybersecurity whack-a-mole is much easier to play if you can work out which hole they’re likely to pop out of next!

Great work, Jauwn. Their website and art actually look quite decent which is surprising. Still, the scam falls apart if you look closer. Or if you're not in the habit of downloading and running shady NFT games from the web. I guess that's an occupational hazard for you now. 🧐

I bet they stole the assets of an old failed crowdfunding game to make theirs look legit.

i think this is the video where I realized this guy knew way more than I thought he did about tech stuff

"there are no real people with the name nancy" -got me laughing

One thing you didn't mention but is a HUGE red flag is a password-protected archive next to a password in a text file. The only reason I've ever seen that done is so that your antivirus cannot snipe the file dead as you're downloading it, as it has no way to decrypt the archive and access the contents. You ever see a password-protected archive like this, it should go directly to trash, no matter what it claims to be.

J, excellent video showcasing how easy it is to create a fully fleshed out profile online that appears legitimate at the surface level, and we could all use the refresher regardless of how experienced we are! P.S. I know gosh darn well you didn't just pronounce 1337 as thirteen thirty-seven.

After that ASCII art I thought there would be an installer playing a royalty free song.

I came across a facebook bot today, i posted something with the word "hacked" in a public post and almost immediately i had someone with no posts and an obviously fake account comment with a link to someone who is her "computer wiz" and then the fishy link. I instantly blocked the user, took the post private and deleted the comment.

All things considered the level of polish they put in to their fake website and social media should have been a red flag, it looks way too good to be a crypto game.

Dang, now Jauwn is getting into investigative videos? I can only like a video once my dude! Also, I would so enjoy a video just going over the cringe email offers you get ngl

its not entirely pointless math its a enlarge prompt, its entire purpose is basically to fill the code with pointless data, it basically is a bunch of math that is designed to increase its own file space, with the malware attached to it basically what happens is the code runs and gains the same error over and over wile secretly running the malware in the background. at least as far as i know

The most suspicious part of this was seeing the ASCII art without hearing some banger of a chiptune song blaring.

It could just be stolen art, do a reverse image search

I've taken a reverse engineering course as part of cybersecurity coursework, and worked with debuggers like IdaPro. Windows defender probably couldn't scan it for at least a couple reasons. One, it is novel, and lots of scanning is signature based, and perhaps the file definition table wasn't up to date, especially if you are using an unpatched windows VM. Two, and probably the biggest one, is that lots of malware is packed, that is compressed, in such a way as to obscure its intentions, and make it harder to analyze. The unpacking program will decompress the actual instructions before running those. It's possible the program was packed, though having at least one scanner successfully figure out what it was tells me that it wasn't THAT novel, as most malware worth their salt will use a custom packer (variants of UPX packer are common) and require manual analysis of some kind to reverse engineer. The inflated filesize is a separate issue which I think you covered well.

This is the most clean and simple exposition of a real scam , i see now how little one has to know to "hack" people... All you could do with just money and almost none computer knowledge. Thanks for this video

8:18 Please remember that token stealing will bypass MFA.. that's the truly scary part. Also, SMS 2FA is among the weakest type, as your phone number is a fairly easy target for social engineering.

I know this will sound stupid but I actually ran the exe on my PC. Took me 20 mins to realize what happened and I wiped my drives clean, reinstalled windows and did a ton of scans. This was about 7 days ago and I had text docs with some semi-important info. Nothing has happened so far though. And I safe now or can this thing survive even a clean reinstall?

Thanks to this video, I could tell a friend-of-a-friend was hacked when they asked me to test an indie game "she" and "some friends" were "working on." They had an actual KZbin of fake game footage and a fake website, too.

I like the explanations and programs featured to give a deeper look at things. Would a list of the sites used be put in the description or via text on screen for reference?

I thought that this is just a crypto scam uncover channel, I was pleasantly surprised when you start pentesting, packet capturing, and reverse engineering the scam

"Crypto Scam" Next time someone asks you for an example of a tautology.

Probably worth noting that SMS 2FA is usually considered one of the least secure 2FA types

well NFTS are always a scam the way i see it

I am wondering if the scammer got the assets of some abandoned project to make their website looks legit?

the “no real people are named Nancy” made me actually have to stop and think, because i actually know no one, family, friend or celebrity, named Nancy. my mind just kept going to Nancy Wheeler. i know that people named Nancy exist, but I don’t know any

"Dear" and "Kindly" are instant flags that whatever being pitched is a scam

i got free 64 gigs of RAM. this is propaganda !!!!

obsessed with the way you systematically deconstructed their whole deal, informative ~and~ satisfying

I guess that's the art to it. Don't download suspicious files... Unless a generally trustworthy youtuber happens to recommend it after they sound slightly strange in a video.

Hey that ASCII text isn't JUST from nefarious files, it's also from every gamefaqs walkthrough circa 2010

My mom’s name is Nancy and our last name starts with B. Suspicious.

Looking at this again, I think I know why your virus did a bunch of useless calcs; It detected it was in a VM sandbox. A lot of droppers now can detect if they're in a VM and do a bunch of misdirecting junk rather than unpacking their payload in a bid to make it harder for security researchers to work out how they function, and it seems like you hit that here.

i've taken down a couple of websites like these, the scammers are always from countries where the police don't even care even when you send them their address and full name of the scammer, they just open another website and continue stealing money

1:16 These are SUSPICIOUSLY similar numbers. You'd expect them to have closer to 16,000 Twitter followers if they have that many people on their Discord. It's a much less high-commitment action, so you'll automatically get more traction on that platform. Them being the same implies bots purchased in equal amounts for each Social Media Platform they're engaging on.

Damn rosted all Nancy's.

My favorite day of the month the 28rd

Best. Thumbnail. Ever. Thumbnailed.

"Our new game engine, a program ran on a local device, uses Blockchain Technology, a means of intercommunication between a set of devices!" What Does That Even Mean

Guess this is how LTT got hacked lol

The AI Detector will also say that clearly AI generated Artwork, has less than 10% AI in it. It's not reliable Proof.

Yeah this whole thing just screams "scam"