IF YOU GOT SCAMMED BY THIS, PLEASE READ ME :) 1. Before changing your password, delete the scam bookmark. 2. Then once you do that, change your password.

I'm honestly surprised that people are managing to do this. Most people that try to verify in a server can't even follow instructions to verify by clicking an emoji or copy paste a certain command

Discord has become such a mess with those scam issues man..

Lmao the "wrong tab" was some outta nowhere humor I wasn't expecting

Its hilarious when you realize how far people go just to get your information

anyone remember that time where bots would DM people invite links to 'weird' servers? I found it really creepy when it happened to me.

That "Wrong tab" part killed me bro 🤣

Also of note: _Reauthorise YAGPDB if you have it..._ it doesn't actually make use of the *Join Servers for you* permission, and it's been removed from its default scope for a while now... 😅

HAHA love your "wrong tab". Thanks for the laugh. Also thanks for making people aware of scams.

I deobfed and reverse-engineered the script, and here's what I found: - The JSFuck portion of the code evaluates to "fortniteamongustycoonlol" (from a base-64 decode.) - The RE protection is more clever than one might think; the globals array is mutated until a specific alignment is reached. - The script registers its own module into Discord to access other modules. - The script can detect said module if the code has already been run. - jesus fuck it was annoying to reverse-engineer

can you teach us how to talk to girls though, its gonna be your biggest video yet

I gotta send this to my friends, thanks for letting this be known!

Thank you! Shared it already with my members :D

They really used JSFuck to obfuscate the code xD

thank you for covering this, its been happening to me, i turn on my phone and im in a rando server ive never heard of, but i didnt do the bookmark thing, but thanks to you, i fixed it

This guy is the best on 2022 who make legit make sense and good discord video keep the good work, best wishes.

So basically. A basic feature on most browser rats them out? That's kinda cool. Imagine being a hacker/scammer and you got ratted out by a simple function like hovering over a bookmark.

still knew about this method and did a warning on our discord about it but thx a lot for that video :) u explained it rly good

4:35 yes it is possible actually, honestly it's very likely to happen considering fact you won't even realize what thing added you to some weird server BUT that's very much all they can do by authorizing you to their app (again, only by authorizing you, of course they can do everything when they have your token)

I didn't go through with it, but I searched for the suspiciously dangerous "verification" method from the supposed MEE6 bot and found it described here on your video. Thanks. When Discord server admins have their Discord token stolen it's "hell to pay" in their community as admins get kicked from their own server!

This man giving more discord scams fact every day just to keep is safe

I think they WOULD want your account. Seems like you have so very valuable information on how to get a girlfriend. Those scammers will need it to actually get a girlfriend.

“What to do if you fell for this Sam” lol😂

Another thing you should do if you get hacked is to check your Devices settings menu and delete everything.

That "How to get a girlfriend" tab got me hard 😭

I thought dyno is a very safe bot so i press into the link and do everything it ask. Thanks for posting this video to let me know that its a scam. I've always wondering why there is new server when I turn on my laptop.

I remember watching you 2 years ago, then i didn't see you for like 1 year, das crazy

Discord seriously need to up their security and scrap account tokens altogether

I remember this from "how to get your discord token in mobile" is basically the same bookmark scam

bro, im actually impressed by people making these scams, like they are using such crazy but simple methods to scam you really legitimately.

2:03 holy shit I didn't expect that! XDD you're a genius :'))

i love how i had the tf2 scaredy-cat taunt under this lmao it looks like it was reacting to this

“How to get a girlfriend” made me laugh so hard

“how to get a girlfriend” “wrong- wrong tab”

I remember this exact same scam was being used on another site, crazy how it's spreading

I tried to get here early but can you talk about the inviter bot that dms you some nitro gift thing, it’s happened to a bunch of my friends and stuff and we don’t really get what’s happening with it. Ty no toes to show :)

those x blocks are characters like "f" or any unicode character, but its a link that a computer use to get a character from it's memory instead of displaying. Mostly used for unicode characters that aren't on a keyboard.

Even though it is for bad use, this method of gaining your Discord Token is actually impressive - can't believe this could exist.

The kiss in the end hit different

i would have never for the life of me thought you can run js code just in your bookmark, lmao! imo every web browser need to either run a check on the js script before putting it into the bookmark, or just straight up disable the feature. these scams man, they're getting quite wack

not the "How to get a girlfriend" tab lol

Thank you for the warning😎

yea using bookmarklets to inject JS into the console is a pretty smart tactic for people who are not tech-inclined...

As soon as it said to bookmark the code I knew what was going to happen

This is exactly why I like Notepad++. And I really appreciate that my Computer teacher made us download it.

This scam exploits the fact that if you put "javascript: (code here)" into a URL bar in a browser, it executes the code on the current website. You can try it here on KZbin, actually! Try copying: "javascript: alert('Hello, World')" into your browser bar (without the double quotes). It'll create an alert popup. Now, where am I going with this? A bookmark is basically just a hyperlink embedded in a bar in your browser. If you click on the bookmark, it'll bring you to whatever page you bookmarked, just like a link. The catch is, that also means if you put JavaScript in a bookmark, it does the equivalent of putting the JavaScript in your URL bar (There are intentional versions of this, called bookmarklets. They can be useful, though they aren't malicious, they're basically just advanced JavaScript macros). Additionally, the JavaScript in the URL bar can access all of your local client data, due to JavaScript giving any other script running on the page access to the scope. So, how do you protect against this? There are two main options: 1. Don't add/open any bookmarks you didn't create yourself, or you haven't checked over to make sure it's safe. As I've said, not all JavaScript bookmarks are bad, but they often can be, so be cautious and check bookmarks you didn't create. 2. Don't use a Chromium browser. I'm not sure I know of any Chromium-based browsers that aren't vulnerable to this, as they all support running JavaScript in the URL bar for some reason (You shouldn't use Google Chrome anyways (has Google trackers embedded in the browser, terrible performance) or Opera (purchased by a chinese consortium and contains injected spyware), Edge is fine for now). I highly recommend using Firefox as your primary browser, no matter what, as it's more performant that Chromium, blocks these sorts of attacks, prevents trackers from following you on the web, and doesn't track you itself. You'll be much safer on the web using it. Edit: Oh yeah, forgot to mention, these attacks can also be injected in hyperlinks or buttons. This is why sites typically don't let you manually create them, and if they do, they filter them. You can set a button's "onclick=" to JavaScript, just like how you would in a browser bar, and you can set a hyperlink's source to JavaScript, and it will do the same. If sites let you create hyperlinks manually, you could quite literally steal people's usernames and passwords with nothing more than a hyperlink.

the "How to get a Girlfriend" killed me 💀 also i just noticed the notepad++ tab 💀

you know the scariest thing is that my discord crashed right as i was watching this video

I kinda already quit discord and don't use it that much anymore but I really like your content

how much you wanna bet NTTS cleared all the sussy bookmarks for this video

“The first step to getting a girlfriend is stop trying” ☠️☠️☠️☠️☠️☠️☠️

Running JS through bookmarks is such a novel idea holy fuck

Being a verified bot developer i know for fact that bots cant send messages or make you join servers! Dont click on sussy links (make sure the dashboard links do belong to the bot , the domain of the url should be accessible by some command) Thats it.

Bro got me sending every link i see to my FBI agent for him to see if its good or not

They are using as Mee6 now too... running a different code not sure what is does, but it runs as a "javascript:fetch(atob... "

How do you get those beautiful folders?

Damn, these scams are getting so obvious i can't even make a legit Wick verification system because people are leaving because they think it's a scam on first sight, now Dyno too?

the fact that people actually believe a BOOKMARK is a legit way to verify.

I like ur first tab in the browser😂

They grab ur discord account for a certain server your in, they dont give a shit for ur account once you post a singular msg in a server ur in.

Of course a technology as old as bookmarklets can only now be used in malware...

We're all talking about that, but what's more dangerous is trying to find a girlfriend on google.

oooh, this is a new type of scam, they always find ways to get people into scams. How creative are these people

I somehow learned something new I didn't know you could book Javascript Code

I love how nobody in the comments section mentioned the fact that he searched up "how to get a girlfriend"

i saw something similar to this but when you click on a button below the message a qr code pops up and it wants you to scan it. knew it was fishy from the beginning. no idea how it got a hold of a pre-existing server and messed it up like that though

time for some trolling (spamming the api)

Is it just me laughing at the fact that he has a tab opened in the browser called “how to get a girlfriend”?

That tab bro💀💀💀

I showed the joke to my bro, and then I remembered he has a gf now...

The "how to get a girlfriend" tab lol

One of the sections has a mistype in it. It says ‘sam’ instead of ‘scam’

I have one thing to say. Wth was that ending? I think that was kinds subs not gunna lie.

These executable bookmarks are called bookmarklets. It can also have some helpful uses and can bypass your school admin 0-0

all the serious things aside "how to get a girlfriend"

scam website: to enable your bookmark bar press (CTRL+SHIFT+B) me enters this website on phone: how?

This guy is actually losing his mind lmao

I always get dms from bots that are offering me job offers. It’s so weird and annoying

Oh, bookmarklet stuff. I thought this died back in 2017.

hey you were right about the authorization part the only thing is they can also add some weird things which basically access your ip and sell that stuff because that all can be accessed through the console too and other stuff. surely not written by an java coder.

So what you're saying is that if we see one of those in the wild we just copy the link from the script and spam their API with a bunch of random bullcrap? Gotcha!

Why did I laugh at the "how to get a girlfriend" tab

why does chrome have the feature to run javascript from a bookmark? seems dangerous to tech-illterate people, does it have any actual use cases?

If people are dumb enough to let this happen to them in 2022, they deserve having their account compromised.

Someone commisioned me to make this for them. The code was fairly simple to make, and it was really easy to understand and learn.

kde background on windows is just cursed ngl

Discord needs to fix these scam issues one way or another. If they don't do it soon I don't see it going well for Discord in the future. or alternatively, people can just use their brains :P

“wrong tab” 💀

It's incredibly stupid that JavaScript bookmarks are still a thing. They're pretty much completely obsoleted by extensions and pose a huge security risk.

This is starting to get out of hand

the scammer also has access to your location

The thing is: one of my friends can code and made an exploit for this bookmark thing, it can do many more harmful things than just getting your token

ty bro u life saver

Ok ig I’m lucky that I never seen this scam. But thanks for the heads up.

I had no clue that bookmarks Js was a thing. I don't see any legitimate usage for this function

I'm willing to bet the people disliking this video are the same people that are stealing account tokens 💀

2:27 ayo "how to get a girlfriend" in his tabs?

is anyone gonna talk about his "wrong tab"

I love how this guy has easter eggs! the notepad said a tutorial for talking to girls the search bar has how to get a girlfriend lovely!

thank you for this