Honestly, fell for one of those "Discord Game Testing" scams. Tried running the so-called "game," got hit with an error. Took me two days to realize it, checked all my accounts-no login, no spammy ads or malware. Lucky break, but still had to force logout and change all passwords. Lesson learned: steer clear of these scams, folks. A momentary lapse can lead to a world of trouble.

Discord game sponsorships are different, they wanted you to run an actual exe which predictably gives you malware

So I shouldn't advertise my game on discord?

@@fireninja8250 perhaps you still can, just don't ask them to run an exe file right away, or at least tell them to do the testings in a virtual machine.

what is insane that people will trust some random emails, not catch up on the weird email addresses, then download zip files, unzip them, and run additional programs requiring passwords - THAT is amazing, I mean - this isn't rm -rf and enter, there are red flags all through out that whole email convo, and still people fall for that crap

But if you open this file in a sandbox, won't that still protect your system? Isn't that the purpose of a sandbox?

@@wannabedal-adx458 I'm not talking about the sandboxes that a user might use (like sandboxie), I'm talking about the automated malware analysts sandboxes that run the sample in a clean VM each time and record everything the sample is doing (like cape sandbox).

Except if its expected to trigger antiviruses, like pirated software would

@@liforra Unless you antivirus triggers at hacktools, or keygens, it's probably for a good reason.

@@liforra pirated software does not mean you should interact with it. Pirated content is infected more often than not

@@fraznofire2508 honestly that is incorrect, i do actuallx pirate software and honestly, as long as youre a bit careful its really not that bad, but dont open isos those are suspicious because thexre usually not used as archive

As a experienced hacker, I must say that never ever open any file without checking with a reliable AV(not including Windows Defender).Even if it looks a like a legit Microsoft Windows file, still check it.We learnt that lesson with NoEscape.exe, which looks like Windows Defender itself.

Show file extensions should be on by default.

And don't enter a "password" to "unlock" a file.

@@raylopez99 password protect files are actually quite common. You just REALLY need to know where it's coming from, and best case scenario is you can open and edit it in a secure virtual environment.

​@@youdontneedmyrealname Yeah I've played around with type 2 virtual environments but I've never had a legitimate password protected file sent to me for business, and I've worked in Silicon Valley on multi-billion dollar deals back in the days (90s and 00s). Maybe it's different now, I dunno I'm retired.

@@raylopez99 I work with medical records in my industry so encryption is a requirement for HIPAA compliance.

There's legit reasons for this, like if you're changing browsers and use its "import browser data" functionality. Although I do agree that there should be more in place to prevent these, it is a very fine line with high stakes, that must be tread carefully.

Indeed. I wonder why windows didn't say anything at all about running the unknown .exe?

@@theoldtruth1196 because it's not using administrator rights thus not requiring an Okay by the user and also not a certificate to show it's from a reputable source.

​@@niccis1982They're talking about SmartScreen, not UAC.

don't the passwords are stored incrypted by some form? i understand cookies being not, but hmm?

That’s why I installed Kaspersky on the pc from my grandmother

So do kids

older? I know people from almost every age group that have a high chance of falling for this and a lot of other seemingly easy to spot scams and malware. Not everyone is chronically online.

@@nezu_cc true, only being chronically online can you spot malware hehe

@@nezu_cc obviously dr obvious but older folks fall for way more often than anybody else

Can't hack the oracle

GEOS 2.0

@n0tjak I would argue that you haven't really understood the video. It is very likely that they also have a payload for Linux, which would be pretty easy to generate since the user is effectively executing it, Linux trusts the user (mostly) and there are less defense mechanisms on Linux against this type of attack (since it was increadibly rare in the past)

LOOL

FBI monkeys moment.

Some e-mail clients, particularly those made for mobile OSes (like iOS and Android) hide the sender e-mail address in order to provide what their UI/UX designers would see as a clean UI. However, many people who aren't tech-savvy, like my parents, wouldn't notice that it's possible to tap a not-so-obvious down arrow or the round profile picture to reveal the full e-mail address.

basically this

Finally, someone with critical thinking

Thank you! He also spotted the email header was not genuine and at 1:30 you can see so many grammar mistakes in the email - "All right, let's get to jobs" - JOBS? / "read WITH the Magix contract" - WITH? (common when it's scammers, not the case when its from a legit company like Magix). Those should have been enough signs to stop in his tracks without pursuing this anything further.

And where is the VirusTotal scan of the exe file? That way we can see how the other antiviruses works against this threat.

Intune Windows Defender will block it with ASR Attack Surface Reduction.

You would be surprised...

@@3polygons you're probably right and I shouldn't be surprised, knowing the average pc user.... but still

Often video games have this, but still a video game should be much larger

@@yspegel Have you ever worked in IT tech support? You would be surprised at the amount of people using computers who understand next to nothing about computers nor have any computer security training or knowledge. I work in school IT as an IT tech. We run several phishing campaigns per year and its astonishing how many people, even "higher ups" who fall for them. We've had several people flat out enter their email and password into one of our phishing campaigns because according to the email, they're supposed to "validate their account information".

edge has windows hello? you mean to say microsoft edge wallet? windows hello is a windows feature not a microsoft edge feature

@@anywaytechreview they mean that edge asks you to login using windows hello to reveal passwords

Good question

I'm guessing the school you attended used Windows but didn't use Active Directory with policies set to not allow users to run their own software. Also, it could've been possible that you attended that school at a time when they were still using Windows XP, because I know that one of the school PCs did get infected with malware that spread via USB flash drives and ran using an Autorun exploit that I think was patched out in Windows Vista or 7, and I only noticed the malware due to bad coding that saw it open another Windows Explorer (File Explorer) window with the folder pane open. I also did get my Facebook account hacked once (back before they added 2FA support), particularly with it sending and accepting friend requests with people I don't know in real life, but it turned out that some bullies looked at me typing my password, and I only found out that it was done by bullies when a classmate tipped me off in person. I then changed my password and remotely logged them out. I can only imagine where those bullies are now.

Did u have 2FA on the Google account?

I'm actually curious to see if it gets detected by the modern antiviruses (Kaspersky, Malwarebytes, BitDefender etc).

Boosting this, would like to know as well

Did you even watch the whole thing, it's literally written there by him.

@@FrostlifeV That's not what he said at 2:08

​@@FrostlifeVOP is right

Yes, I thought I was losing it, video should be corrected. He makes it seem like a PDF will execute if you put the password in and steal your cookies. I literally had to freeze it a few times to make sure it was an EXE and not a PDF when it's listed in the zip folder as an application and Leo said it was a PDF. I was like what exploit is this in PDF I have to look out for now? Also wish he stressed how every time you use windows to make sure file extensions are not hidden. It happens, still love the Channel.

​@@jaydoubleyou780 exactly this. the filename is shown by norton and has exe extension. if It's a PDF exploiting software than it can be mitigated .. Anybody knowledgeable about computers should know never to run stray executable from random person. micrsoft makes it too easy for malicious to prey on the unsuspecting because they hide the file extension by default and again by not flagging an executable that grabs browser data as unexpected and possible harmful behavior. MS hates nirsoft tools but a random executable has free reign to do basically the same thing so it seems.

@XenoD2 Indeed, it does !

when you tell the sender what kind of Operating System you have, like you might say Windows 11, you move to another Operating system, like Linux but in dual boot mode. And then open the Emails from there.

@@niezzayt3809use some locked down system like ios to open mails

It can also with other files and with BROWSER EXTENSIONS.

Use a whitelist, anything not on it is quarantined in a folder that only reads text/headers. Relying an security software to protect you is like relying on a gun safety to protect you from an armed robber. And it slows the fsck out of your computer, wasting resources and power.

@@cpufrost using "Whitelist" is still equal to "relying on" certain algorithm-which you might see it as software. Whenever dealing with Emails, it's not only about security. It's about Social Engineering. How you manipulate your recipient is more important than the contents of the Email itself. By pretending to lowering your guard can reveal the other party's true intentions. Therefore, if a malware was designed to attack certain OS, it is way simpler to just open it in another OS where the malware is completely useless.

Kaspersky and most likely Bitdefender

​@@draculemihawk10i think you are talking about the premium plan of kaspersky, but what about the free plan?

Well it's obviously not a pdf, it's an executable application, so don't open it

those do not scan password protected files either do they?@@draculemihawk10

make sure to check every file you download to make sure its actually what you think it is. dont run unknown filetypes, and REALLY dont run unknown exe files

Paid versions often try to justify their cost by adding on features that aren't often all that useful. Try some of the free versions of antivirus solutions. In testing they are just as good as the paid versions often, just with less stuff added. It also means that you'll have at least some idea of how resource intensive an antivirus product is, or if you find it irritating, for example if there are a lot of false positives.

I believe it's because the malware exploits Windows Defender only scanning the file before running and initially running. The fake password prompt tricks the user into triggering the malware infection on command after Windows Defender had finished scanning.

@@kbhasi Ah, that makes sense yeah.

in a very not-creepy way, i'm interested to hear more about it

@@pizza-pi It's really nothing special, it was just for an assignment. It mostly just grabbed the encryption key and saved passwords file from Chrome, then sent them to a remote computer.

Assuming you mean the official Gmail app, then that, the official Outlook app, and Apple 'Mail' (iOS) hide the e-mail address and only show the sender name. The user is expected to tap on the round profile picture to the left or a not-so-obvious down arrow to reveal the full address.

A lot of old people are using Kaspersky thankfully

He's role playing as a dumb windows user. microsofts fault for setting up this type of attack.

I second this. I always found Defender to be mediocre and it would be interesting to see if better behavioral scans from other AVs could stop this from executing.

Kaspersky and bitdefender, sure webroot, not likely, it suck

Same. Then noticed "cyber threat intelligence platform built for organizations". Use an email alias, works

I had to completely delete and reinstall Windows, but please, can you explain what happened to me?

An actual pdf would be password protected and the reader would ask for it. In this case it's probably password protected to run the actual payload, and not to "unprotect" the document.

I'm not an expert in cybersecurity by any means, but I have a theory that the actual payload to "hack" your device is encrypted, and so it's unintelligible so the antivirus can't tell what it does (because to it, it seems like a bunch of garbage data). And when you enter the password, it tries to decrypt the payload using that password, and after verification, the decrypted payload is executed.

@@VoAviation Would a PDF viewer voluntarily execute an encrypted "so called PDF" file?

@@chiroyce A PDF viewer would do nothing (or throw an error) because this is an EXE file disguised as a PDF. It does not actually have any PDF inside that the reader can read.

As far as I'm aware that's all correct. It's just an exe with a pdf icon (not actually a pdf that any pdf reader can recognise). And all that exe does is open another exe that is encrypted/password-protected which is how it can avoid detections.