Don't Respond To "Wanna Be Friends?"...

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Hey! i posted this in the thread created as well. i hope people see this video!

👍︎︎ 3 👤︎︎ u/Sneezyweezy889 📅︎︎ May 16 2020 🗫︎ replies

Damn, glad people like muta are covering this.

👍︎︎ 2 👤︎︎ u/therealthirstman 📅︎︎ May 17 2020 🗫︎ replies

Captions

hello guys and gals me muta har and today's video is all about a potential hacker running around YouTube one that could steal your account just by simply interacting and I made this video a while back talking about things like zimmer tracks where we had a channel that basically was like one of the biggest botnets I've seen hands down and while it was weird and shady for sure this one takes it a level up because now you're seeing accounts that are just compromised right now thousands upon thousands maybe even a hundred thousand accounts that are running compromised because of this alleged situation now about a couple days ago an individual named by Evans one-one-one uploaded a video called wanna be friends the most dangerous comment on YouTube before we continue I highly recommend you go sub to his channel we worked really hard on this video and you know yeah it's pretty decent Channel and I definitely want you guys to like go to his channel and like give him some [ __ ] support and love with that said he uploaded this video and he basically talked about let me just paraphrase he talked about a channel called Logan or tribbey or whatever it was at this point who basically made a comment that said want to be friends by interacting with this comment or subscribing to this comment your account could potentially put be put in jeopardy and this account was just some fresh brand new gaming channel that was pulling in a hundred thousand viewers immediately as soon as they uploaded their first generic one-minute video which is a little improbable in fact I'm gonna take some parts out of this video and just play them back for you interact what they basically tell you what I find to be a little bit shady done what's alarming about this is for scale of his growth here's a thought experiment for you imagine a new channel started making videos and their first video was just titled welcome to my channel it's one minute long and the thumbnail just says please subscribe how many views do you think it would get a small handful right try 96 thousand in 24 hours this would literally never happen under ordinary circumstances no now this is a very true statement because this channels get larger some of their older videos or even their first video of it's a generic 1 minute long isn't gonna be noticed for instance how many guys know about my nostalgic gaming Chrono Trigger part 4 only 747 people might have actually known about it if you're to believe every single view is act so yes he was absolutely right that if you upload a video like that which is your some generic like hey welcome to my channel it's not going to show up in search rankings or anything so why is it pulling in a hundred thousand viewers I should mention at this point that try be renamed his channel back to Logan whereas before Logan would just lead to try his channel so it seems as though he keeps changing the name of this channel probably to avoid detection he says that we're gonna talk about a little bit later because I found that out myself to fake comments are real accounts so this plague can go unnoticed by YouTube and his channel can thrive with nobody knowing how so what do you mentioned over here were the accounts that were making these comments on his videos like high high high high high Wow great video awesome you know these obviously bought accounts these bought comments were done by accounts that were owned by real people accounts that were uploading literally like three days ago so yeah there's obviously a level of compromised accounts now this is where I have a theory but we're gonna have to go through a fair bit of stuff on our own just so we can get all the way through so I'm gonna get away from Evans video I highly recommend you go watch it once again but I'm gonna go through and follow his advice so to speak now before we continue you can see over here that Evans actually posted a three update they bypassed an 18 digit randomized password and somehow got through two-step verification so evidently he's getting hacked and I don't know which two-factor he used whether it was SMS which I don't recommend he might I hope he's using the app based which is way better than the SMS based verification but as you can see he's getting hacked so yeah there's clearly risk going on he's not biessing about that his account is getting beaten but I hope you get your account back I hope YouTube steps in for sure now here's the channel in question so trippy is still active but of course everything's been blocked off no videos no channels no discussions no about stop screaming outside my house what is wrong with these people dude it's like 5:00 a.m. but as you can see videos playlists nothing is actually functioning at all over here everything is everything is like just quiet but if you go to like Logan and just search this channel up you'll if you go to the filter and just the channel section you can see that let me just open it up again I think I screwed that up you can logan right here exists eight videos logan doesn't own this channel it is owned by his stepdad we have a paid commentator personality for this channel let me just let me just fix that up that's basically some BS phrase that people use because if you ever been banned once by google and youtube you cannot have another account per terms of services so what they do is they make another account and they say yeah i don't own this channel we just have somebody else owning it and running it a la la la blah that's what it is so it's some BS way for them to get around TOS this is the shady part click on this channel and you get sent to back see so it's like the names keep changing its wild now you can see that this channel has some actual uploads it's completely fortnight based i can't even confirm if this is the same channel it just feels like it completely shifted on me three weeks ago two weeks one week ago clicking on this you can see like their profile pictures literally like 90 percent rotated of what we saw with like logan and then you can see how to actually get the neon and then you can see comments turned off they've got a strong amount of dislike so it's it's obviously kind of like shade city official channel of vacci we like fortnight we like fortnight so i don't know what's real and what isn't with the situation but what i do know is that uh there there is something odd coming around on this platform so this is this is definitely a shady channel in my book like you can see like if you go home the profile pictures one thing and you go to about the profile pictures and other things so like what's going on like there's obviously some glitch in youtube so one that i found that's not even logan trivia or anything but does the exact same thing is a totally fresh new account here's one by youtuber guild official 11.5 k subscribers and yeah okay let's just go around over here okay let's just let's let's go and see if we can find this real quick you'll find this cat channel named prince omer 20 point oh nine okay remember good video man efore mmm so here you've got like another account that's doing let's be buddies let's be friends and they usually use some generic string as like whatever after it to make it sound like they want to be your friend now go to Prince Lamar's channel and I'm gonna have to censor it real quick because you've got like a bunch of stuff like Johnny kaha say I ahead data ishm a so at one point this account was owned by somebody who you know was from India and whatever or Pakistan or something of the sort go over here and you can see two months ago pokemons go hack Spotify Premium how to get Netflix valorn Advaita Keys so it's almost like that time when we looked at um when we looked at [ __ ] what was it the cash app scans the the the weird like scams online or people tell you how to get free cash at money how to get free this and that so yeah here you've got one hundred and twenty one thousand views on this valor Nvidia right so you okay will click on it to what's going on but okay if you go to the valorn beta key instantly you can actually see that there's a couple channels who are just straight bots like thank you this video helped me get a Valerie key no I didn't finally I found what I was looking for namely valor and beta key thank you very much wow it's amazing video tutorial get free valor and beta access key your tutorial was very interesting and useful I'm sure it was I'm sure it was in fact here's the best part and go to some of these accounts completely just generic sauce accounts it almost feels like it's bought nothing that I can look into like know about section no nothing that is until you go to like one of these accounts for instance right let's go to this one let's go to this top one Rizal Mustafa which is thank you this video helped me get a valorn beta key click on that and then you get sent to like this page where obviously it's active account date 2012 location Indonesia and then you've got like these mathematic proof videos like where are we sitting at like what is going on obviously this was content uploaded April 22 2020 it's got like reactions to it it's kind of insane where we're sitting at then there's another channel called Joseph 4261 who commented on the valorn video and here he if you look around you can see like he's actually got like videos and I believe this is a real legitimate full on account and here you can type things like rip haters lol so yeah fresh account whatever go to this video the site please Spanish elegan por FA's this is the weirdest part music the channel that Evans talked about that commented on all of his videos before they are uploaded right here here before 30 subs also keep entertaining your fans let's build each other up so what they're doing is they're calculating up they're looking at hey this is how the bot works right and my theory it calculates your subscriber says hey 26 rounded up to the nearest tenth hundred thousand whatever closest spot and just give that and here Joseph replies okay so it's obviously a kid that doesn't know any better now with all of this said all this investigation into it clearly there are accounts that are compromised that are uploading and somehow they're commenting around on pages that just doesn't make any sense why are people making BOTS accounts when they have totally normal somehow healthy active accounts we've seen some examples and this is where I think it comes down to my my theory the OAuth token system is being manipulated there is a vulnerability somewhere with OAuth tokens and if you don't know what it is basically OAuth tokens we've talked about it before but it was like when we when we looked at applications which allowed you to sign in with Google or Facebook you know for instance let me just give you an example if you're using Spotify right Spotify has the option for you to create an account let Spotify or use your connect with Facebook option basically what it does is it goes to Facebook it uses your Facebook profile gets a token from them and basically create your account using your Facebook profile this is so you can use one account for multiple different services right now the reason I'm bringing that up is when you delve into it from YouTube's perspective there are some tools like to buddy and there are some tools like vid IQ now before we continue this is not to say the tools here are the ones that are causing all of this let me give you an example of what these tools do so if you add them to your extensions right or your browsers or whatever let me just show you if I go to vid IQ and I sign up with my Google account right I'm gonna connect it with a youtube channel that I don't use not mine obviously I'm gonna connect it with like another channel that I have you'll see that it doesn't have any data to display charts or whatever but that is of course until I end up giving it some form of connectivity so here if you authenticate YouTube right and you Rihanna Cate yourself give it your channel access real quick follow this stuff you can actually see right here this will allow the vid IQ using the OAuth token using the token that you're permitting it right now to view monetary and monetary YouTube analytics reports and then manage your YouTube account so if you hit allow it'll get the permissions to do that so let's go back to to buddy okay and let's see what - buddy can do here on my channel once I have two buddies extension installed it'll say a sign-in is required so click on this and sign in with YouTube now here you want to guide it to the channel that you're using so I'm gonna I'm gonna give it that control here you can see it can see edit and permanently delete your YouTube videos ratings comments and captions so the token permits this application that token that it's giving it's not application related it's its own token that token that's being generated the token this is using is a token that has these abilities for this specific channel so by giving this token to buddy or anything that has this token if this token god forbid this is exploited it can delete YouTube videos ratings comments and may be able to make comments and you can see right here this hat wants permission to do anything you can do with your YouTube account and Google will always remind you make sure you trust too buddy make sure you trust any application I use to buddy myself actually so I do trust this application but I've deleted it because of a potential risk of this Logan situation right now for a couple weeks until all of the schools off but yeah give it an allowance on your channel and it'll redirect and now you can use this under your YouTube channel right so basically anything that wants to sign in using your YouTube like a auto can wants to modify your channel it's something that may be an issue again I'm not putting anything under the bus who knows whose code is exploited who knows whose token is being used for malicious reasons this is just one attack vector that I'm pinning everything down on in my personal hypothesis now the theory is guys is the hacker in question as if you interact with Logan's channel by saying yes or you subscribe to this channel you're putting yourself in a hack I personally don't see how interacting with a channel is causing other people's channels to get you know thrown into this mix right because honestly I don't see the attack there I don't see code running just because you launch or you run a comment against a channel I don't think that is the issue what I think is the issue is listen if this is the case if somebody had access into Google and YouTube servers you would think that Evans uploading that video that is going you know viral right now that is you know hitting the hitting the hitting the recommended would be removed but it isn't so what I'm thinking is somebody has a malicious or like a vulnerable token that has the ability to makes a comments or or modify portions of people's YouTube channels and while they're uploading videos or doing what they want living their life somebody is using that token to basically write a comment for that YouTube channel without them even knowing what's going on so these people are actually just running their channels just fine and dandy they might have a compromised account they don't know it because their tokens are being used without they're considered they're basically vulnerable without knowing that they're actually vulnerable right now because at one point they may have signed out for a software that has created a token for their YouTube account that's where I'm kind of sitting in this situation right and that's where I'm coming from again I hope that I'm wrong but if I'm right then it actually you know gives YouTube and all these all these like software companies something to look into and really nip this right there and then now if one goes into their Google account settings and their security settings they can go to where it says third-party apps and access with your accounts you can do this in my account Google com and here you can see third-party apps with account access so both these apps have account access to my YouTube page now at any moment I can remove these applications right now so BAM remove and they don't have any allowance to my page anymore now this is where I recommend that you sort of sit down and audit your account so to speak so like make sure you look through which account like that you're using for instance I played call of duty mobile once with a friend don't really play it anymore remove account access don't care elder scrolls blades you know I like a little Todd Howard on my phone every once in a while i'ma keep it wish calm I actually had a video idea there but remove the access don't care anymore but yeah you're gonna have you're gonna you're gonna have to audit this yourself in case something here is offending again I can't pinpoint anything because I'm not able to look server-side or anything of the sort and I don't think anybody is going to do that until like Google or YouTube themselves actively look at it themselves but for what you can do right now on your own audit your third-party account access settings because I think this is the smoking gun now over here you can see that I'm signing out of certain devices and it Google actually does give a fairly good like error message here it'll tell you done but some apps might still have access you've given third-party apps access to your Google account if a third-party app is installed on this device the app might still be used to access your account you can revoke access to apps that might be installed in these devices again Google does a pretty good job of telling you this and it's up to you to really follow it and that's why I recommend you follow it going forward so ladies and gentlemen with all that said though if you liked what you saw please like comment subscribe just like it can dislike it in the day of data and security virus investigations I always like to make a big highlight for me because whatever I can do to help you protect yourself is great for me ladies and gentlemen I feel I feel satisfied at the end of the day so if you like what you saw please like comment and subscribe just like you can just like it watch out for this channel do not interact with it even though again I don't see how the interaction is getting people but again better safe than sorry and also make sure your third-party account stuff is safe ladies and gentlemen if you liked what you saw again let me know this is me muda heart and [Music] [Music]

Info

Channel: SomeOrdinaryGamers

Views: 1,902,244

Rating: 4.9566565 out of 5

Keywords: don't, respond, to, wanna, be, friends, logan, triby, evanz111, sog, some ordinary gamers, computers, malware

Id: OMI9Ol4qzfM

Channel Id: undefined

Length: 17min 5sec (1025 seconds)

Published: Sat May 16 2020