I Seriously Almost Just Got Hacked...

  Рет қаралды 388,057

ThioJoe

ThioJoe

Күн бұрын

Пікірлер: 1 000
@ThioJoe
@ThioJoe Жыл бұрын
Big 🅱️ruh moment
@gandu_ambassador
@gandu_ambassador Жыл бұрын
yo im seventh
@isaackingvideos
@isaackingvideos Жыл бұрын
Bruh I’m first not [Dam KZbin refresh]
@projectjabir4805
@projectjabir4805 Жыл бұрын
Just show case your pc instead of using it. Then you'll never get any viruses.😂
@WiluckGD
@WiluckGD Жыл бұрын
yeah massive bruh moment
@sizanbelike
@sizanbelike Жыл бұрын
Certified 🅱️rah moment
@Felttipfuzzywuzzyflyguy
@Felttipfuzzywuzzyflyguy Жыл бұрын
It's only paranoia until you're right. And it's never paranoia to begin with because this stuff happens all the time.
@Twinrehz
@Twinrehz Жыл бұрын
Just because you're not paranoid, that doesn't mean they're not out to get you!
@TD-er
@TD-er Жыл бұрын
Absolutely! @ThioJoe Can you also describe your rules for AppLocker in the description text? I have been scrolling over and over through the video, which is good for the 'view time' of course, but it would be more practical to also have some kind of overview.
@jirehla-ab1671
@jirehla-ab1671 Жыл бұрын
​@@Twinrehzhow abt using pirated software & activating office windows using batch files?
@encycl07pedia-
@encycl07pedia- Жыл бұрын
"this stuff happens all the time" I haven't run into a virus since around 2005. It's just user error to download and run files without verifying them. It's yet another reason you should code things yourself instead of importing libraries for everything.
@anon_y_mousse
@anon_y_mousse Жыл бұрын
@@jirehla-ab1671 Why do that when you can use LibreOffice for free.
@dungeonseeker3087
@dungeonseeker3087 Жыл бұрын
From the scammers point of view, it must be frustrating that one of the first batch of victims just happened to be someone who was able to identify the signs and get the thing listed in public databases.
@qkzalswns
@qkzalswns Жыл бұрын
Imagine working on a virus for hours and days even just for one of your first victims to be him. Reported it to his antivirus developer, even multiple AV devs, made a video about it and showed how to protect yourself from this RAT, but also many others. If I was behind this virus, I'd probably be in depression if I wasn't already xD
@tranhanna7524
@tranhanna7524 Жыл бұрын
@@qkzalswns He doesn't need to. He just need the virus to run on a few dozens computers, steal some CC info, some crypto wallet keys and wallah he has good ROI.
@observer_noble
@observer_noble Жыл бұрын
@@qkzalswns he was never our first victim lol we got loads
@Only_Sleep
@Only_Sleep Жыл бұрын
@@qkzalswns the person running it probably didn’t work on it at all. Since it has marketing, it’s probably being sold off to people. The scammer is definitely slamming their keyboard over having their money wasted though
@OmarTheAtheistAziz
@OmarTheAtheistAziz Жыл бұрын
Lol “batch” like their some food or something…or at least thats the picture i get
@Alex-Defatte
@Alex-Defatte Жыл бұрын
A error message about a invalid character on any download should be a HUGE red flag. I would never think to tell people this. Thank you for your service!
@GodofToast
@GodofToast Жыл бұрын
This is a reminder that no one is entirely safe from hacks and scams
@KobrokoHere
@KobrokoHere Жыл бұрын
K
@crisnmaryfam7344
@crisnmaryfam7344 Жыл бұрын
The moment you think you know everything, You know nothing.
@GodofToast
@GodofToast Жыл бұрын
@@crisnmaryfam7344 absolutely
@aiexzs
@aiexzs Жыл бұрын
@@KobrokoHere K
@micosstar
@micosstar Жыл бұрын
@@GodofToast absolutely
@WolfspiritMagic
@WolfspiritMagic Жыл бұрын
The problem is that even if there is no "init.ps1" file the package can be dangerous. And even worse when you compile it into your own software it can also be spreading with your application. Nowerdays also analyzers and stuff can be installed via nuget package and run alongside visual studio. You don't even need to start your app for the code to execute.
@raven4k998
@raven4k998 Жыл бұрын
you seen thiojoe is kind of sketchy as he got virus attacked🤣🤣🤣
@jimmlmao
@jimmlmao Жыл бұрын
the malicious code can also be injected in the designer if you are using winforms
@LiEnby
@LiEnby 11 ай бұрын
If it adds winform or wpf controls then displaying them in the designer will execute it .
@karappo_kun
@karappo_kun 3 ай бұрын
I think that's what they call supply chain attack.
@cewla3348
@cewla3348 3 ай бұрын
@@raven4k998 like how nobody is immune to propagnada, nobody is immune to viruses.
@tciddados
@tciddados Жыл бұрын
I like how Smart App Control was mentioned as "easier for most people" when it requires you to nuke your windows install. I feel like for most people they'd rather figure out how to do the AppLocker stuff.
@thebritishindian1
@thebritishindian1 Жыл бұрын
Plus reinstalling windows is a multi-day job when you have to reinstall all of the open source apps, utilities, chrome extensions etc… It’s something I only do when I upgrade the OS. Also, I found that when I install security suites, file Explorer starts hanging, so I use Windows Defender now. I’m not happy about that, but I am super careful and scan downloads with virustotal.
@hardVatsuki
@hardVatsuki Жыл бұрын
@@thebritishindian1 some of the apps have portable version, like browsers, it saves a tons of time when I reinstall the windows.
@TheShizzlemop
@TheShizzlemop Жыл бұрын
i think he means for most "light" or "casual" users, people who only browse the web, use social media, emails, gaming etc. much easier to just download a game and a few programs again from a list than to get all of your programs and dependencies and settings, directories etc back how you had them.
@erikhicks07
@erikhicks07 Жыл бұрын
Microsoft didn't enable this by default because they knew it would inevitably lock people out of a lot of apps, possibly even their own
@encycl07pedia-
@encycl07pedia- Жыл бұрын
lol. Why do people still use Windows by choice in 2023? If you want a secure Windows version, use Windows 8/8.1 RT or Windows Phone. They're not very useful in terms of additional applications, but at least you can't run 99.9999999% of malware on them. Or just don't be pit stew. I stopped using Windows back in 2017. The spyware telemetry doesn't feel like a big deal until you use a metered connection and Win10 uses half a GB of data in 15 minutes without your knowledge or consent.
@b4ttlemast0r
@b4ttlemast0r Жыл бұрын
The fact that they were able to fake having this many downloads is the scary bit, I would have thought it's legit too. That should definitely be fixed.
@fireteamomega2343
@fireteamomega2343 6 ай бұрын
Yeah sounds like they also found an SQL exploit
@Aakash-pc7kz
@Aakash-pc7kz 24 күн бұрын
Same. I thought it might have been a false flag after looking at that in the video too lol
@sharkieislive
@sharkieislive Жыл бұрын
such moments makes us feel proud that we are so much into tech and security XD
@KobrokoHere
@KobrokoHere Жыл бұрын
K
@apache937
@apache937 Жыл бұрын
if u werent then u wouldnt be installing packages with nuget anyways
@whohan779
@whohan779 Жыл бұрын
Well, Nuget is rather sketchy still compared to official Winget (all packages basically screened by Microsoft-related entities). Inbuilt Windows tools even do singature checks for trusted issuers (which you would only expect from most Linux distros or official stores). Though, of course Chocolatey & Nuget have many more packages available.
@GrigRP
@GrigRP Жыл бұрын
Good morning sir
@dansanger5340
@dansanger5340 Жыл бұрын
One insidious variation of these software supply chain attacks is when the bad guys buy out publishers (who are often just lone developers) of established and popular packages and then replace the legitimate package with a malware version. Developers who have used the package for years would have no idea what was going on because as far as they know they're just downloading the latest version of a trusted package.
@erikhicks07
@erikhicks07 Жыл бұрын
True. It's really an ethical responsibility of the original developer to give advanced notice of such.
@encycl07pedia-
@encycl07pedia- Жыл бұрын
1. If it ain't broke, don't fix it. 2. Stop using other people's code and write it yourself. A big reason why software now is full of buggy messes is because people just include every library on the planet. The npm left-pad debacle shows just how pointless many of these imports are.
@edwardmacnab354
@edwardmacnab354 4 ай бұрын
the internet is a joke
@MeOnStuff
@MeOnStuff Жыл бұрын
One thing that really stands out to me about the download numbers at 2:00 is that all four packages have almost exactly the same number of downloads, which for four disparate packages claiming to have downloads in the hundreds of thousands is very suspicious. They couldn't even be bothered to add some randomness to how many fake downloads they botted.
@qkzalswns
@qkzalswns Жыл бұрын
And it would be believable if the numbers were similar for only Discord and Xbox plugins as they are both for gaming. But I am not sure how OpenAI, Discord, Xbox and VRChat would be used almost exact same number of times like they can all fit in a single project made by everyone who used them. Even if the plugins were all logical to work together, 200k projects using ALL of them? And I am not sure that many people would use the Discors plugin with Xbox and OpenAI.
@encycl07pedia-
@encycl07pedia- Жыл бұрын
@@qkzalswns Discord isn't for gaming...
@thejoman9011
@thejoman9011 Жыл бұрын
glad you got out of being hacked, thanks for detailing it and making people aware of the fact that even the best of us can make mistakes
@daddio9344
@daddio9344 Жыл бұрын
I'm a coder and had a Security+ certification in a prior life - and I'm blown away by how many new things I learned from this video. I've been a big fan of your channel for a while, but - wow - this video is truly outstanding. I know I'll be using it as a how-to reference repeatedly and recommending it to as many people as I can.
@ThioJoe
@ThioJoe Жыл бұрын
Glad it was helpful, thanks! 🙏
@ionamygdalon2263
@ionamygdalon2263 Жыл бұрын
Very interesting piece of malware. Thank you for providing details for using App Locker. Keep up with the awesome uploads!
@KobrokoHere
@KobrokoHere Жыл бұрын
K
@bo0sted
@bo0sted Жыл бұрын
Its crazy how a program as big and reputable as Visual Studio has such a glaring security oversight. Even though I primarily use Linux (arch btw kekw) I'm still looking forward to seeing your App locker setup video! Ty for teaching me something new as always!
@AcIdBARRY
@AcIdBARRY Жыл бұрын
i wouldve liked to see windows defender tested against this virus
@CattopyTheWeb
@CattopyTheWeb Жыл бұрын
And Kaspersky
@starnumber12046
@starnumber12046 Жыл бұрын
Avast
@fluentmoheshwar
@fluentmoheshwar Жыл бұрын
+1
@Bartekwis
@Bartekwis Жыл бұрын
I want to see Kaspersky too
@laitinlok1
@laitinlok1 Жыл бұрын
If you check virustotal, microsoft blocked it
@MiltonGrimshaw
@MiltonGrimshaw Жыл бұрын
Thanks Joe that was a nice technical video, and in your usual way you spoke clearly for those less technical, whilst giving us techy people info too 10/10 :)
@kamisarma
@kamisarma Жыл бұрын
Doubt it would work. From what I saw on TPSC yt channel, it's not that good. Offline it barely detects anything.
@uzer_zero
@uzer_zero Жыл бұрын
Nice work! A (possibly MORE) valuable test - at least for a lot of folks - might be to see what Windows Defender does with this thing, and stuff like it.
@redyau_
@redyau_ Жыл бұрын
Yes! I was/am under the impression from videos in the pasz years that paying for security software often makes things _worse_ than what Windows already offers. Is that still true?
@qkzalswns
@qkzalswns Жыл бұрын
​@@redyau_So at home I used to have antivirus, even tried multiple of them. But every single time an AV would find something suspicious and pop up the notification, so would the defender. Last time I reinstalled Windows I haven't even bothered to get or pay for AV. Been using online Defender since and had no problems. And yes, it has stopped multiple malicious .exe files. I also have it set up so that most of my folders aren't accessible without a pop up asking for the permission. So basically no app can download anything into Documents, Music, Videos, Desktop, directly on the C disk, Windows folder or anywhere else except in Downloads. And it also asks for admin permission to run everything all the time except Web browser. Yes, it is kinda annoying to have admin access prompt show up everytime I open Photoshop but that way no .exe files can be run without permission.
@phoenixjamiexera
@phoenixjamiexera Жыл бұрын
By the way Thio, you're my #1 place to get news on tech and stuff. (Your old flat earther rant video was also hilarious lol)
@taakelur
@taakelur Жыл бұрын
I think myself fairly capable regarding security, but I learnt a lot here. Thanks, Thio!
@Gastell0
@Gastell0 Жыл бұрын
8:17 - MZ is well known magic number for all executables in Windows, so it tried to make an exe file You can make a context menu option to add something into AppLocker exceptions with a tiny bit of scripting
@aeghohloechu5022
@aeghohloechu5022 Жыл бұрын
You will still need to find the exact file, and that seems to be the most tedious part, considering you need to go through the event log
@mathiasdeweerdt1400
@mathiasdeweerdt1400 Жыл бұрын
I honestly dont understand how microsoft manages nuget so poorly. 1) Why allow cyrillic characters in the first place? 2) No quality control on the packages? ... This seems to be straight up negligent from microsoft.
@LiEnby
@LiEnby 11 ай бұрын
What if the library is just streight up in the cryillic language?
@eggi4443
@eggi4443 7 ай бұрын
what do you mean "why"? languages exist bruh
@royalcanadianbearforce9841
@royalcanadianbearforce9841 Жыл бұрын
As a Win 10 LTSC user for work - Would love to see the video for app locker if its supported! We've effectively blacklisted Win 11 until its matured a bit more.
@phuket2753
@phuket2753 Жыл бұрын
Thank you for the video. I also use Bitdefender on 4 PCs that I only access through Microsoft Desktop Remote (gaming and Stable Diffusion). Your video got me to wake up, do scans, and review the recommendations like "autoplay media", etc. I guess unless you are always active, you are a noob with security. So again, thank you, I really appreciate what you do.
@jeanshortswag
@jeanshortswag Жыл бұрын
As an IT worker, I'm very thankful for your videos. I gain a lot of education from the channel that I don't anywhere else. Looking forward to seeing the video on App Locker down the line. We do have this implemented at my company, but we're fairly new to it so I'd love to hear more about it's potential and how it can be better utilized.
@qkzalswns
@qkzalswns Жыл бұрын
These situations like his aren't something that happens to everyone so seeing it from him means that I've learned something g I probably otherwise never would.
@IzzyIkigai
@IzzyIkigai Жыл бұрын
The biggest problem with checking for signed executables is that EV code signing certs are only given to companies. If you're a small indie FOSS developer/group without an incorporated entity you're basically shit outta luck. And with smart app control, given how much data they force you to send to them, is, in my european opinion, not really a good alternative and will not work anyways in many cases. For my PC e.g. it just tells me I have to do a clean install(because... it's not turned on. which i'd venture a guess is the same for everyone who upgraded from an older windows version) which is like... Uh.. No?! I already did that once, and thanks to windows being so horrible when it comes to reinstalling it took me forever to properly set everything up again(having to re-download multiple 100+GB apps again on an 80Mb/s line is PAIN) and I'm still having issues thanks to MS p much ignoring some issues with more advanced security features(which they pushed so hard for on W11) not being able to turned on or not properly reporting that they are turned on..
@qkzalswns
@qkzalswns Жыл бұрын
Agreed! In our school, all computers are connected to the main school server from which admin is controlling our internet access as well as other stuff like our Google Suite (or however it is called, I believe it is Workspace) for our email and domain management. Something similar to what he has showed in the video is set up there too. Our website access is controlled but also what files can and cannot be run. As we have programming as a school subject, stuff like this happens to us to so we cannot run any .exe or .dll files without admin permission. Our teachers computer cannot overwrite the rule set by network admin. Teacher can only add new rules with some limitations. So when we make a program, it obviously isn't signed by Microsoft or any big company so in order to run it we need our network admjn to approve the program. We suggest adding the folder where any files would be runnable but the school did not agree. I just got an idea that we could as for such a thing on our teachers computer. That way he would have the control over which files will be stored in the folder. However, one class made a little program for calculating something school's finance department needed. As they were about to show their program to the principal and Head of IT in front of multiple Computer Science and Programming teachers, the program did not run because it was not signed by a known company and it was only allowed to run on IT Classroom computers. Once again, it was resolved later as it got approved for the whole network, but it was kinda embarrassing for the studens who made it. Also, it would be veeery appreciated if Microsoft enabled OneDrive to store our Windows settings like WiFi passwords, lightmode/darkmode and blue light settings, etc., like every phone does, so when I log into my Microsoft account on my new laptop I don't have to set everything up ONE BY ONE setting every single time I switch my laptop. Also the synchronisation of those settings between my laptop and PC would be very nice, thank you Microsoft.
@fmo94jos8v3
@fmo94jos8v3 Жыл бұрын
There is a reason they use plugins. So the initial file sent / downloaded / executed is small in size (say 50KB instead of 15MB) the idea is get the foot in the door, execute the stub file, and the stub file goes to get the full size files and executes them.
@kimxgamer
@kimxgamer Жыл бұрын
Wow thats crazy because it so happen that one of my school projects requires me to code on visual studio, thanks for the head up!
@yusinwu
@yusinwu Жыл бұрын
Congrats 3 million! Is there someway to disable this Visual Studio leagacy feature of automatically running the tools/init.ps1 script?
@I.____.....__...__
@I.____.....__...__ Жыл бұрын
You can ask Microsoft to fix their code, but they have a history of intentionally ignoring user feedback. 😒 (Just like all companies.)
@GYTCommnts
@GYTCommnts Жыл бұрын
Whoa! Thank you very much! I didn't pay serious attention to app locker. I will from now on. Seems like a hassle, but a life saver at the same time. The problem with MS "automated" options without exeptions is if you would like to run something that MS don't want you to. For example, an old version of Office could be blocked for "security reasons" for being "outdated", even if you only would use it locally. I've seen this behaviour in some antiviruses that block certain web sites because of "reasons" (that have nothing to do to security)...
@raresandrei7205
@raresandrei7205 Жыл бұрын
That's was unexpected. I always trusted visual studio with what It does in the background and also expected that packages get verified before posted.
@ericesev
@ericesev Жыл бұрын
Windows: the only mainstream OS to provide no isolation between applications. Once one runs, it has access to everything. Good video and great explanations on how to properly use/configure AppLocker.
@capability-snob
@capability-snob Жыл бұрын
Secure OS engineer here! You could say this about all of the major operating systems. MacOS does have the App Sandbox, which is a true capability sandbox, but it doesn't tell the user about how safe they are, and it has some interesting holes around file type groups that have been exploitable in Microsoft office. Linux really has nothing usable in that space - don't install apps you don't completely trust on Linux.
@ericesev
@ericesev Жыл бұрын
@@capability-snob Linux has AppArmor & SELinux, but both are basically unused so +1 for having nothing usable. I jumped ship to ChromeOS about 9 years ago after reading their security design docs. I'm a malware analysis engineer and CrOS keeps me safe enough. Just frustrating to see folks continue to be attacked by stuff like this and not seeing OS vendors work toward improving the situation. What do you use?
@SteltekOne
@SteltekOne Жыл бұрын
That first batch file is indeed weird. The fact that it starts with MZ indicates that it's really an EXE file, so it's strange that it wouldn't run after being renamed to EXE.
@zwz.zdenek
@zwz.zdenek Жыл бұрын
Many other Windows files start with MZ. Libraries, drivers, even some fonts. There could be a DLL intended for sideloading with a popular executable, such as explorer.exe.
@LiEnby
@LiEnby 11 ай бұрын
You can actually start a process with any file extension using the CreateProcess API function
@tylerferguson6271
@tylerferguson6271 Жыл бұрын
Thanks so much for this video! I'm a sysadmin and have AppLocker applied to my SMB. I'll be adding your deny rules to my policy, right now we've just been relying on the implicit deny and I've been allowing things by path (yes, I know, hash like you do is much better but I'm applying these policies to over 100 users/computers I can't manually add each new hash every time a Teams update or whatever drops, that's way too much work.) Also, if you didn't know AppLocker has previously only been available via Local Group Policy and Intune CSP unless you had Windows Enterprise. If you wanted to apply it to an organization using Windows Pro, you had to use Intune, the ADMX policies for Group Policy Management on DCs existed but they didn't do anything unless you had Windows 10/11 Enterprise licenses on your workstations. I've noticed recently that my AppLocker policy is being applied via GPO, I was using it just to write the policy and export to an XML file to copy/paste into the Intune AppLocker CSP configuration profile I created. However it seems to be working via GPO now, so apparently Microsoft changed the requirements and it will now work with Windows Pro licenses via Group Policy Management on an AD domain. If you're (I mean @ThioJoe or anyone nerdly enough to have read all that above) you might also be interested in an NDR, NG Firewall (why are Fortigates with SFP+ ports so expensive? I want to run one at home), and SIEM. Stay safe. The Internet is a crazy place these days. Kinda bummed I didn't get to enjoy the days when a sysadmin's primary concern was uptime.
@HeIsHarsh
@HeIsHarsh Жыл бұрын
How TF is this allowed on the visual studio plugin page?
@doge151.
@doge151. Жыл бұрын
honeslty its nice that you share your experience so others dont meet the same fate instead of just being satly about it and posting on social media like other people would do.
@byteafterlife
@byteafterlife 6 ай бұрын
7:45 "The big daddy malware" got me😂
@jongeduard
@jongeduard Жыл бұрын
Thanks for this awareness! Being a developer or other kind of technical user you have the advantage of understanding things faster then regular users, but this shows we still need to be aware and careful. Note that this same issue is not just important for the DotNet developers, but also for those who rely on other package managers like those of Node, Python, Ruby or even Rust.
@Korbin0815
@Korbin0815 Жыл бұрын
I'm used to SRP and didn't look at AppLocker when it came around since it seemed to be the same. Looking forward to your video about it.
@ThioJoe
@ThioJoe Жыл бұрын
I think SRP is being deprecated actually
@danyal_assi
@danyal_assi Жыл бұрын
@@ThioJoe o
@BabusGameRoom
@BabusGameRoom 10 ай бұрын
In some of your videos, like the tips and tricks ones, I know everything that's going on. (Still enjoy watching them, because occasionally there is something new for me!) In this video, I had no idea about almost any of this, beyond how to install NuGet packages...and that's the scary part!
@timothyt.82
@timothyt.82 Жыл бұрын
I use Ubuntu (a Linux based operating system), and I have two programs I make sure to install. ufw is an uncomplicated firewall for Linux distributions that does exactly what it says in the name. Linux doesn't usually come with a firewall depending on which distribution you use, so always make sure you have it installed with sudo ufw enable to both verify installation and enable your firewall if it isn't already. clamav is an antivirus built to work in Linux. Antivirus programs usually don't work in a Linux environment because of the architecture differences from their primary target audience: Windows users. You also don't technically need an av due to the lack of conventional malware for Linux Desktop users. However, it's better to be safe than sorry.
@schwingedeshaehers
@schwingedeshaehers Жыл бұрын
Also, it has a different approach to rights on a system
@Ghfvhvfg
@Ghfvhvfg Жыл бұрын
Linux was built for security from the start, if you are bored enough von can Look at almost everything running on your system Windows had a other history so they never had it from the start.
@D.von.N
@D.von.N 6 ай бұрын
I normally very dislike the too extreme facial expressions in the thumbnails (even more if produced by the AI), but this one, man, this one fits! It was genius.
@futuza
@futuza Жыл бұрын
I had not even thought of package installer/stores/extension managers like NuGet or VSCode extensions as being a good way to distribute malware payloads. Better research any package before you install, to make sure it's really something you can trust and actually coming from the source you think it is.
@386enhanced
@386enhanced Жыл бұрын
I heard it some months ago and since then, I compare the VS NuGet result to the original NuGet from the original GitHub repo
@respectmathias
@respectmathias Жыл бұрын
Honestly, now I'm worried too cause I do the exact same thing by looking at most downloades
@platoh
@platoh Жыл бұрын
The real package was the friends we found along the way.
@onehitpick9758
@onehitpick9758 Жыл бұрын
Visual Studio itself is quite alarming with all the extensions from all over the place which are readily added. There are dozens of options available for a given capability, and just finding which one is useful is a chore. Verifying validity and non-maliciousness is yet another major chore. A plain, uninfectable editor and a command-line debugger still work just fine.
@downundarob
@downundarob Жыл бұрын
Possibly of even more concern is that 8 hours later some of the more common AVs (Avast, AVG, Trend, Kaspersky, F-Secure) are still not flagging the a file and only doing somewhat better on the first file.
@tezcanaslan2877
@tezcanaslan2877 Жыл бұрын
I thought AVG was buried to early 2010s
@MayaPosch
@MayaPosch Жыл бұрын
The big issue with NuGet and kin is the same as with NPM and other code snippet repositories in that basically anyone can upload files to them. This is quite different from distro-specific repositories where you first need to gain the trust of maintainers to even get permission for uploading. This is why I feel a lot more comfortable getting development libraries from the Arch repos even on Windows (via MSYS2). While I also use MSVS and the package managers, those are subject to a lot more auditing and sanity checks, exactly because of the much higher risk factor.
@chaindead
@chaindead Жыл бұрын
Lesson? Never download anything ever.
@bgtubber
@bgtubber Жыл бұрын
Not even more RAM?
@KeinNiemand
@KeinNiemand Жыл бұрын
Then your stuck with no sofware outside of what comes with windows, or old stuff on phsical media
@Jdbye
@Jdbye Жыл бұрын
I actually had a similar experience myself, once, where my own carelessness would've gotten me infected with malware. The thing that saved me was Comodo Firewall, though I've since stopped using that firewall, the reason being it would prompt you for permission any time an application did anything that had potential to be malicious. Such as dropping an executable file into appdata, running an executable file, and much more, but the prompts were quite annoying on a day to day basis and that was the only time they ever actually did any good.
@xozeintk8093
@xozeintk8093 Жыл бұрын
How could someone can hack you🤦‍♂ You Are Thio!🔥🔥
@crisnmaryfam7344
@crisnmaryfam7344 Жыл бұрын
5:20 the actual valuable information " I dont wanna get into it" Just trust it because I do.
@Inspirator_AG112
@Inspirator_AG112 Жыл бұрын
The fact that ThioJoe, a *technology KZbinr,* narrowly dodged a scam...
@CattopyTheWeb
@CattopyTheWeb Жыл бұрын
Don't forget LinusTechTips also got hacked in the past
@Dumb_Killjoy
@Dumb_Killjoy Жыл бұрын
​@@CattopyTheWebTwice if I'm remembering correctly
@Inspirator_AG112
@Inspirator_AG112 Жыл бұрын
@@Dumb_Killjoy: I knew that one time, but twice?
@pikacringe
@pikacringe Жыл бұрын
Someordinarygamers too
@Dumb_Killjoy
@Dumb_Killjoy Жыл бұрын
@Inspirator_AG112 The LTT Twitter got hacked around 6 or 7 years ago. I think that's why Linus has his own personal Twitter, since the intrusion came from SIM jacking his phone number.
@justanothergamer256
@justanothergamer256 Жыл бұрын
I just sent this to all devs I know that use VS, n told them to watch at least the first 4 minutes, cuz this is definitely something I could have fallen for.
@twocows360
@twocows360 Жыл бұрын
to make things a bit easier on yourself, could you make a "whitelist folder" where you could just drop a file that failed to run already to bypass applocker? i mean in theory, malware could take advantage of that too, but that'd have to be a pretty targeted attack.
@aeghohloechu5022
@aeghohloechu5022 Жыл бұрын
The issue is when you have a trusted app that can download other executables like in this case. You would most likely mark it's download folder as trusted. If it downloads a malicious software, it will also be put in the same folder. Now you have an untrusted file in a trusted folder.
@qkzalswns
@qkzalswns Жыл бұрын
​@@aeghohloechu5022this is why in our school in IT Classroom we aren't allowed to run any .exe files. Our teacher has one folder that can run any .exe file so we send our files via network to him and he runs the program in the folder. If it was made as an exam then that's it. But if we made it for use in school like one class that made a program for our school's finance department, then our Web admin has to approve it.
@undefinedchannel9916
@undefinedchannel9916 Жыл бұрын
@@qkzalswns this definitely won’t work for larger schools.
@LiEnby
@LiEnby 11 ай бұрын
​@@qkzalswnsalot of the time you can take advantage of the rundll32 program to execute arbitary code on locked down devices btw. As applocker doesn't effect DLLs
@Ribbldeck
@Ribbldeck Жыл бұрын
Congrats on 3 Million!!!
@Izdl_
@Izdl_ Жыл бұрын
Congrats on 3 mil!!!
@crobinso2010
@crobinso2010 Жыл бұрын
NuGet sounds like something to just stay away from!
@I.____.....__...__
@I.____.....__...__ Жыл бұрын
That's like saying the Windows Store, App Store, Google Play Store are things to stay away from because sometimes malware makes it onto them. (Then again…)
@Nedrozak
@Nedrozak Жыл бұрын
Thank you for this informative video. I consider myself a poweruser but have never even heard of AppLocker. I enabled it as soon as I finished the video. Looking forward to your video about AppLocker!
@ivirius.parody
@ivirius.parody Жыл бұрын
THIO'S FACE IN THE THUMBNAIL THO _💀💀💀_
@talkashie
@talkashie Жыл бұрын
Scary stuff. Thanks for including the VirusTotal links! They are very interesting to look at.
@jc̈
@jc̈ Жыл бұрын
5:34 I think this was a bit misleading.. I wouldn't call it extremely rare. There are plenty of blackmarket shops selling signing services and EV certificates for less than $100. It's uncommon to see in day-to-day malware but in highly-specialized and targeted attacks it's pretty common.
@schwingedeshaehers
@schwingedeshaehers Жыл бұрын
If it is less than 100$ why don't use it for normal malware?
@jc̈
@jc̈ Жыл бұрын
@@schwingedeshaehers Regular malware is distributed frequently, higher distribution is more likely to get noticed/analyzed. Certificates are more likely to get revoked.
@Exachad
@Exachad Жыл бұрын
You definitely can't get EV for under $100
@schwingedeshaehers
@schwingedeshaehers Жыл бұрын
@@jc̈ but even then. You only have to look when your Certificate is revoked, and then remove it/make a new one.
@anti-cheat
@anti-cheat Жыл бұрын
@@Exachad Check HF, you can’t get the certificate but you can submit an executable to get signed for ~75 USD.
@sean.grogan
@sean.grogan Жыл бұрын
The last time I fell for a scam, I got a spoofed email from a collegue asking for my help. Unfortunately for the scammer, my collegue's office was right next to mine so I just walked over to see what help he needed. That was my reminder I am not immune from falling for a scam
@charginginprogresss
@charginginprogresss Жыл бұрын
Smart App Control is not on "a fresh install of windows" What is needed is you to allow them to gather optional diagnostic data when you select those options in the OOBE. If you select "only mandatory diagnostic data" the option is already grayed out on a fresh install by default. And yeah there's also the thing about "if you disable it you cannot re enable it"
@NomadOutdoorAdventures
@NomadOutdoorAdventures Жыл бұрын
I’ve been using bit defender for many years already a couple of years ago I got hacked by scammers, taking over my KZbin channel and bit defender did not protect me at the time. It finally detected it the behaviours being inappropriate and blocked it, but not before it was too late. They had already stolen my cookies so they could log into my channel.
@the_red_gamer
@the_red_gamer Жыл бұрын
Imagine if now he is actually an ai clone of him pretending that he almost got hacked
@mozneda
@mozneda Жыл бұрын
was wondering the same
@C1rnobyl
@C1rnobyl 8 ай бұрын
At least Visual Studio didn't add the execution bypass policy to the Powershell command line!
@dfgaJK
@dfgaJK Жыл бұрын
Would windows defender have been sufficient? Would it have stopped it?
@-zerocool-
@-zerocool- Жыл бұрын
Ive just swapped from Kaspersky to Bitdefender on Windows and Android devices, Ive always hated the UI ever since the beginning, but the latest UI is great and I am loving Bitdefender.
@NinjaRunningWild
@NinjaRunningWild Жыл бұрын
I’m surprised that Microsoft doesn’t vet these extensions. Maybe I shouldn’t be… Why don’t you open the created file in HXD & the batch file in Programmer’s Notepad?
@hostgrady
@hostgrady Жыл бұрын
Most of these programming package managers don't sadly because it's all community uploads unlike say Winget or Linux package managers where a few trusted community members/company employees vet the packages and then upload them. pip and node suffer from these issues all the time and when a project gets hacked it can be really bad if some people have their settings to use the latest version of a package instead of a specific version.
@NinjaRunningWild
@NinjaRunningWild Жыл бұрын
@@hostgradyYeah, but that’s no excuse for MS to not be green-flagging valid extensions & red-flagging invalid ones. They shouldn’t be allowing them to just be posted without oversight.
@hostgrady
@hostgrady Жыл бұрын
@@NinjaRunningWild yeah they also run npm which is what nodejs uses, they're really terrible with it
@ericesev
@ericesev Жыл бұрын
You're brave! In terms of risk, I'd consider my development environment at the top. For me, it's a completely separate system with no password manager and no access to commit to code repos. I use Code Server as the IDE for my development environment. That way it is seamless to access from my primary laptop/desktop. The SSH key needed for pushing committs to Github is on a Yubikey, on my primary machine. When I need to push code I ssh to the development environment and use ssh-agent forwarding. The private key never leaves my Yubikey and can only be activated with a physical press.
@JaenEngineering
@JaenEngineering Жыл бұрын
IIRC, wasnt the first "virus" actually a screensaver? Pretty sure it was made as a prank, that would turn off someone screen after a set period of inactivity giving the impression of a fault. Later on it was found that it could help prevent burn in on old CRT so rebranded as a screensaver.
@CheddarVG
@CheddarVG Жыл бұрын
Something tells me screensavers wouldn't exist without that virus
@Cooe.
@Cooe. Жыл бұрын
No. Viruses long predate screensavers. The first virus was more thought experiment than anything else and the payload was merely text iirc.
@johnbowles4754
@johnbowles4754 Жыл бұрын
I'm glad to know that I'm not the only paranoid person in the world 😊 Keep up the great work 👍
@mbdg6810
@mbdg6810 Жыл бұрын
What a unique way to almost get hacked
@qkzalswns
@qkzalswns Жыл бұрын
Was thinking the same.
@Marfig
@Marfig Жыл бұрын
Interestingly enough, I was just thinking about this very thing a few days ago as I was going through my Android phone Play Store looking for an OpenAI app. I noticed a very large number of purported AI apps in the store. Many try to imitate (through the logo or name) an official OpenAI app. It looked odd to me, and after a very quick research, I realized that OpenAI doesn't yet have an official Android app. They only offer one for iOS. I ended up not downloading anything to my phone. And my thought was was AI functionality can very easily turn into a vector for scams and even malware. And here you are with one example of the latter!
@BigBossultrastealth
@BigBossultrastealth Жыл бұрын
this is an insanely good ad
@ace90210ace
@ace90210ace Жыл бұрын
erm, having played with chatgpt ideas in visual studio this worried me abit because i could easily have fallen for this. thankfully i knew there was no official openai nuget so was fairly confident i would remember if i saw one and used it. but i just had to go back and double check about 6 projects ai related to be sure none of them used any packages that were suspicious (thankfully they all fine) will be checking this in future for sure and as a developer i plan to add that explicit exclusion and use applocker right away
@JustPyroYT
@JustPyroYT Жыл бұрын
Congrats on 3 Million Subscribers! 🎉
@dave_n8pu
@dave_n8pu Жыл бұрын
I agree Joe, it's to bad you can't enable Smart App Control after Win 11 Pro has been running a while, I checked mine, it was what yours showed. This was the first time I ever heard of that app.
@7Saints78
@7Saints78 Жыл бұрын
This is why Hackers shouldn't target Tech KZbinrs Not only are they unsuccessful, their entire strategy is made publicly known.
@cameron7374
@cameron7374 Жыл бұрын
It being publicly known doesn't mean all of the millions (if not billions) of potential victims automatically know about it.
@liquidalloy
@liquidalloy Жыл бұрын
You're on a whole different level Joe haha. Genius man
@Homurro
@Homurro Жыл бұрын
Does packages in store never get reviewed before posted?
@ThioJoe
@ThioJoe Жыл бұрын
I think they get a basic scan but nothing to stop them from fetching a remote virus
@GandhiTheDerg
@GandhiTheDerg Жыл бұрын
@@ThioJoe As always. You'd think the page hosts would start scanning scripts, especially autorun scripts, for commands that download files and automatically sandbox and test what is downloaded from them. Play store has the exact same issue, because they do not test for Files downloaded by the game, only the files they host themselves appearently
@lpoki8897
@lpoki8897 Жыл бұрын
This is so vindicating. I've had to say no so many times to users wondering "Why can't I just install Spotify myself?", it only takes one bad download and I have so much more work. I have been thinking about scenarios exactly like this with the Cyrillic letters.
@KleMih
@KleMih Жыл бұрын
Question really is if windows defender would detect it... But obviously since bitdefender is sponsor, you wont test for it...
@Twisted_Code
@Twisted_Code 9 ай бұрын
Oh, fun title, I know what I'm doing with the next 18 minutes of my life! Always fun to see a friendly reminder that yes, this can happen to anyone, and I need to keep on guard. It's why I'm currently in the process of trying (if I can find a drive to put all my **it on) to backup my entire system, and why a month or two ago I spent the better part of a week updating my passwords just in case they got leaked by the computer repair center I sent my laptop off to.
@Datboii2344
@Datboii2344 Жыл бұрын
You know for someone who is a tech master you seem to get into trouble alot
@NinjaRunningWild
@NinjaRunningWild Жыл бұрын
The more you do, the more potential trouble you run into.
@ThioJoe
@ThioJoe Жыл бұрын
That’s my secret, I’m not a tech master
@danyal_assi
@danyal_assi Жыл бұрын
What secret?
@terawattyear
@terawattyear Жыл бұрын
Excellent, useful video. I really appreciate your work in building these vids and bringing them to us.
@jesusvillagomez5499
@jesusvillagomez5499 Жыл бұрын
how common does this happen?
@ThioJoe
@ThioJoe Жыл бұрын
No clue
@VaiCaDep0893
@VaiCaDep0893 Жыл бұрын
@@ThioJoe Do you know an app that I can use to protect myself on Android?
@elnkr2603
@elnkr2603 Жыл бұрын
​@@VaiCaDep0893 it's called "don't install/run suspicious apps". If you only get your stuff from the Play Store and other trustworthy sources like F-Droid you shouldn't have any problems.
@VaiCaDep0893
@VaiCaDep0893 Жыл бұрын
@@elnkr2603 I know, but at least suggest me an app
@AkinaJVS
@AkinaJVS Жыл бұрын
​@@elnkr2603even Play Store has some sketchy shit published to, i worked at phone technical assist for 6 months and out of countless adware ridden android phones, not one had "unknown install sources" allowed, all of it was downloaded from the play store and then when already installed had many techniques to hide the app from the menu and giving themselves permissions
@zardecil9419
@zardecil9419 Жыл бұрын
Most people think they'll never be phished, hacked, etc... until they are. Don't get cocky.
@sauliusjance6300
@sauliusjance6300 Жыл бұрын
I'm looking forward to that app locker tutorial
@Jdbye
@Jdbye Жыл бұрын
Recently, I obtained the official LibVLCSharp through the NuGet Package Manager. It could've been malware, considering VLC's popularity, and I didn't thoroughly check the page. Fortunately, it turned out not to be. I had assumed that there might be malware on NuGet, but I presumed they had a vetting process to prevent it. Now, knowing that malware is more prevalent on NuGet, I'll be more cautious. Thanks for sharing this important information!
@scratchback2001
@scratchback2001 Жыл бұрын
Hey Theo. I'm a half Greek half English gay guy and I live in Melbourne Victoria Australia. I love your videos. I am curious as to your heritage as Theo is a Greek name. The malware being released is scary. If I had my way, I'd give scammers a suspended sentence of 10 years but give them a good paying job as they are very talented people BUT if they're caught doing anything illegal, they get thrown into jail for the ten years. That alternative of jail would scare me into doing the right thing! I loved some of the graphics Microsoft used but it reminded me of SKYNET. Scary huh? Cheers from OZ, Andrew.
@swaggamesph3342
@swaggamesph3342 Жыл бұрын
Thank you for you service!🖖
@rookiegamer1234
@rookiegamer1234 Жыл бұрын
Wow I always thought when something looks official and without any grammatical mistakes it's safe. I guess I have to find new ways of detecting viruses myself. I'm glad you're safe and thank you for providing us with this info, it helps a lot.
@thenickstrikebetter
@thenickstrikebetter Жыл бұрын
To be fair it said "a official" when it should be "an official"
@rookiegamer1234
@rookiegamer1234 Жыл бұрын
I don't mind when someone makes gramatical mistake. I sometimes download from places where there are gramatical places as well. What I do first tho is check rating on website and check if website itself is secure, i have plenty of websites that have proven themselves to me. But even in google play store or official places can someitmes contain a virus as almost everyone can upload whatever they want.@@thenickstrikebetter
@IMAGE_NT_HEADERS
@IMAGE_NT_HEADERS Жыл бұрын
Another thing you gotta look out for is VS projects downloaded from the internet running custom build steps. I know VS warns about it, but most ppl are so accustomed to just clicking through the dialog
@irvingchies1626
@irvingchies1626 Жыл бұрын
I've said it many times before and gonna say it again, "needs physical access" is not a thing, as soon as you have it in your system it can run, and you can download it inadvertently from ANYWHERE
@ChildofChrist1983
@ChildofChrist1983 Жыл бұрын
BitDefender is definitely the best antivirus around. Been using it for a good few years now and it's no contest compared to ones I've used in the past. BitDefender combined with my NordVPN have been a GODSEND of a team. So glad you managed to get everything back on track, all things considered. God bless you, ThioJoe
@ReconScammers
@ReconScammers Жыл бұрын
NordVPN ain't protecting you from much TBH, VPN's aren't a security tool just an FYI.
@ChildofChrist1983
@ChildofChrist1983 Жыл бұрын
@@ReconScammers I never said it was foolproof, but it's still smart to have one these days. That's just my two cents though.
@Jysq
@Jysq Жыл бұрын
oh my you're making me super paranoid now
@kotara124
@kotara124 Жыл бұрын
The SeroXen rat also has rookits, making it very hard to remove the malware.
@StefanMarjanov
@StefanMarjanov Жыл бұрын
Thank you as always! Please make a video on how to setup App Locker.
7 Unexpected Ways to Speed Up Your Computer
15:23
ThioJoe
Рет қаралды 392 М.
I Made Another World-Changing App For You All
14:10
ThioJoe
Рет қаралды 87 М.
бабл ти гель для душа // Eva mash
01:00
EVA mash
Рет қаралды 7 МЛН
the balloon deflated while it was flying #tiktok
00:19
Анастасия Тарасова
Рет қаралды 35 МЛН
How Strong is Tin Foil? 💪
00:25
Brianna
Рет қаралды 64 МЛН
Mia Boyka х Карен Акопян | ЧТО БЫЛО ДАЛЬШЕ?
1:21:14
Что было дальше?
Рет қаралды 10 МЛН
FORBIDDEN Windows Filenames
16:43
ThioJoe
Рет қаралды 289 М.
How YouTubers Are Getting Hacked
16:41
ThioJoe
Рет қаралды 295 М.
Somebody emailed me a trojan virus
14:06
Bog
Рет қаралды 1 МЛН
7 Cybersecurity Tips NOBODY Tells You (but are EASY to do)
13:49
All Things Secured
Рет қаралды 770 М.
What Kinds of Files Can Be Viruses?
14:08
ThioJoe
Рет қаралды 282 М.
Why I Switched From Windows to Linux
22:59
TheLinuxWay
Рет қаралды 8 М.
The Slow Death of Windows
17:22
TechAltar
Рет қаралды 1,1 МЛН
When you Accidentally Compromise every CPU on Earth
15:59
Daniel Boctor
Рет қаралды 872 М.
10 Computer Security Myths to Stop Believing
15:57
ThioJoe
Рет қаралды 656 М.
Where People Go When They Want to Hack You
34:40
CyberNews
Рет қаралды 2,1 МЛН
бабл ти гель для душа // Eva mash
01:00
EVA mash
Рет қаралды 7 МЛН