Installing Discord "Viruses"...

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

UWU owo

👍︎︎ 1 👤︎︎ u/IgenColorat 📅︎︎ Apr 22 2021 🗫︎ replies

Captions

let's just stack it back hey kitten sorry the jokes were just the jokes were just too easy they write themselves sometimes but ladies and gentlemen discord is one of the most popular applications ever and ladies and gentlemen if we're going to be real about it discord is probably the way that most of us communicate with each other is how gamers talk to one another it's how programmers talk to one another heck it's probably how people from different retirement retirement homes are communicating with one another don't know what happened there but ladies and gentlemen i've been sitting on discord for a couple hours and today's video is all about you know sort of clearing up some misinformation and also showing you some discord malware that actually can pose some level of a significant security threat so let's go down the rabbit hole now to understand what we're looking at over here ladies and gentlemen i am using a virtual machine okay virtual machines actually it's a plural now since we are running malware do not run this without vms don't do this at home unless you know what you're doing right because the risk is you could actually have your data for real be stolen but for instance to show you what i'm doing if i show you my actual system the host is a arch linux system it's a linux based system and underneath that system right here i can show you that we are running a virtual machine too in fact i've got discord malware vm one and two all right and now if i look at these accounts you can see two discord clients opened up on the right which would be the jane virtual machine i just named them jim and jane uh this would i should probably should have been jack and jill anyways that's not the point you can see that jane has her account of sonic edgehog and sonic edgehog is an account that is communicating with cute chocobo you can probably tell that i've been playing a lot of final fantasy lately alright it is what it is sonic stays with me that thing will forever forever forever stick with me but anyways these are two fresh accounts something i want to also clarify is when it comes to applications like discord or really any sort of messaging client in this fashion i do use virtual machines i always have a vm spinned up like this just to run discord or really any app i think it accounts for a lot of security issues that could potentially exist like the ones we're about to see so really it's just the extra layer of security most computers can run a vm pretty well it doesn't have to be massive just give it like a couple gigs of memory and like two cores and just run your clients because usually it'll account for anything people can send you shady links but they really won't be able to escape the vm in 99 of the cases so it's just the extra layer of security off topic now i've got two fresh accounts so we're gonna do the number one sort of discord thing that's been floating around which is the crashing gifs jpegs and movie files now for those of you who don't know there have been plenty of posts around weird virus images these images quote-unquote crash your system but quite most importantly they freak windows defender out now windows defender is windows 10's built-in anti-virus so in my opinion it's probably the best anti-virus that you can use it does its job you don't need to add on to it it'll handle it as long as you practice good internet safety and just have windows defender regularly updated you should be pretty fine on the internet don't click weird links don't do anything shady it is what it is so i'm going to show you a couple of these images and what they actually do to windows now for argument's sake over here on both of our vms we're going to be disabling the idea of virtual machine protection so what i want to do is i want to make sure that real time protection is turned off at least for now when i turn it on it's going to freak out so i'm going to show you what we're doing over here we're going to go manage settings turn all of this real time stuff completely off the reason we're doing it is windows defender will actually flag this pick it up and use it against us so anyways let's go down over here so the image that we're using in this case would be my twitter profile picture okay pretty serious pretty ready picture so there are a couple ways that you can inject a certain code but i'm going to convert this image into something that is a malware something that should crash discord so now we've got two images next to each other identically they look the exact same okay but this image of the bottom now actually has a piece of malware put into it now to prove this to you we're going to go to our other virtual machine the receiver of this of this of this file right now and we're going to go to defender we're going to we're going to just quickly and very quickly we're going to virus threat protection and we're going to turn on the uh the the windows defender so it so it actually starts defending the computer now i'm gonna send the file over disk or to sonic or sorry to cute chocobo actually i forget the no sonic edge actually there you go i'm forgetting the accounts so anyways as the image is sent over here all right windows has went crazy it literally found a threat it just told you so this threat it lists as severe now if we see the details over here real quick it'll show you that the actual file is located in the discord cache directory now before anybody freaks out looking at severe don't get me wrong having any sort of script hidden within something can classify as quote unquote severe to understand how old this issue is however one of the articles that i found from microsoft themselves was published in 2008 last updated 2017 ladies and gentlemen remember this was published before some of you all watching this video were even born where they actually tell you that it's a script trojan that exploits a vulnerability in microsoft's data access components in fact they even tell you here that the minimum security update to mitigate this vector it was published april 2006 this is so old that they don't even call this something from microsoft defender they call it as part of microsoft security essentials which from what i remember was part of windows vista this is old indeed so again don't be totally freaked out but let's get to why what what the script necessarily is that's triggering windows in such a fashion so let's go check that out real quick so we're going to use a hex editor and we've used these hex editors before uh obviously when we were when we were modifying um gpu drivers uh gpu roms as you can see right over here this is debt stranding.exe i was modifying it so i could run it on ultra wides because for some reason developers don't want to do this i don't know why but here i opened up the image right here so this is on my desktop this is the hexadecimal data inside here so this is through a hex editor and if we scroll all the way to the bottom this is the code that's tripping windows up now is it truly malicious i'm going to guide you through it real quick so set object shell create object windows script shell object environment blah blah blah blah now eventually it will mention media discord app attachment blah blah blah so this is actually a different file but you know the argument still stands uh when you go down you can actually see that it's starting to mention something like overwrite with the actual wallpaper okay so here they've got the wallpaper okay audience so what have we really learned today about this these images now of course we've learned that most antivirus software computers listen they're stupid okay it's up to what the programmers define as actual variables for these antiviruses to get really tripped up on they have no intelligence of their own besides what we define so windows defender correctly identified that this was in fact some malware contained a script now this is what we call a false positive all right it's it's really not dangerous in the sense that this is going to steal your data if anything now from all the samples i've seen floating around i think it was really just going to change your wallpaper if anything to this so you know if this is the horror you wanted then i guess you would have gotten it from what i imagined but it's a 15 year old exploit that it's trying to trying to use so i don't know how realistic this was going to be it's a false positive from what i can gather if this was used in a social engineering context towards somebody that was younger or somebody that had no idea about any of this somebody could send this file to you and if you had that pop up on your computer you probably you they could probably lie to you and make you think that you got hacked when in reality you really didn't so quite honestly you know this can be used in a social engineering attempt to this day but in reality it's not harmless okay unless you let it become harmless and i guess at the end of the day it's all about not letting this actually affect you not it's about educating yourself right like at the end of the day that's what it is now discord also has some level of protection i think against this i believe if your files are larger than a certain size it won't actually um it might actually compress those files which would actually get rid of the code that we had injected into this anyways so having larger files may be somewhat of a detriment or protection for you in that instance it's also why you may not be able to necessarily do this with video files as easy right like even if this is compressed it's still too large to send over discord this actually straight up crashed at this point my god now there is some cool stuff that you can do with videos now to understand full mention over here none of the stuff you're seeing in this video was ever coded by me this is all script kitty stuff if we're gonna be real you can download these samples from the internet it takes five minutes to google there's plenty of git repositories around to help you create this kind of stuff and i'm not promoting it in any ways i'm just putting it out there to tell you how this stuff is so prevalent now this git repository right here will literally tell you that you can use a command line tool that will actually create so the pictures we just made was made using this tool so basically you you slot in the file right over here you pick a mode such as crashing for instance right which didn't work at all virus image which triggers the windows defender but when it comes to video there's actually a great reddit post right over here that you can check out yourself this post will actually tell you that there are certain videos on certain systems that will actually crash the discord client because of higher cpu usage and the reason for that is actually quite simple so this is ff play which uses ffmpeg here but this basically what will happen is a video gets created that keeps changing constantly so as you can see it changes the video size to 540 by 960 it changes the time base it changes the frame rate and in some cases it even changes the actual color uh you know output so it changes from yuv420 to 444 and so what will happen over here is because of all these changes uh discord uses hardware acceleration i think it uses it based on a chromium backend or something of the sort like it's a chromium based hardware accelerator and the problem is chromium is great for it the hardware accelerator has no issues it just can't handle all of these changes so what will happen is when you constantly change especially to this color type it'll just outright crash so really and if it doesn't crash it'll back end to the cpu then the gpu and if it doesn't have anything it'll just go to software acceleration now discord token grabbers are kind of scary okay so to understand what we're doing over here with discord token grabbing each account has their own token every time you sign into a web browser through the web client on any web browser i think you also generate your own you know authentication token when these things are stolen they can be used for very nefarious purposes now to understand how these get stolen we're going to walk you through a play-by-play so now cute chocobo on this side you know is going to be the one that is going to get their data stolen while sonic edgehog here is the one that's going to send a shady script over to over to kuchokobo so to understand how this works all right the actual hacker in this case creates a new server so i created haven now in haven you can see you have a text channel voice channel as a default now in this case when you go to the edit like the gear of any like text channel you can go to integrations and here you can see web hooks and channels followed web hooks is the important web hooks are a simple way to post messages from other apps and websites into discord using internet magic now of course i created a web hook here which is called siphon for siphoning account tokens and it's giving me a web hook url which is the important url that we need now to really understand how we're going to tackle this let's give a actual token grabber so here's one that's freely available online and let's send it over to our friend cute chocobo to launch so now you know oh wow i just got this file from cute chocobo well let's try and launch it dog let's get it running so we're gonna download it uh we're gonna we're gonna well i guess we'll use microsoft windows edge why not right and it's gonna download we're gonna launch it and whoa what's that what happened it's cute chocobo you have to imagine what just happened a command prompt popped up what what's going on well let's see what actually happened now if we go to the actual account that we were on that's our sort of like our hacker secret discord server where we're getting all these tokens sent to you can see that siphon just picked up a token for discord it got a token which starts with od and i'm not gonna i'm actually gonna censor a fair bit of this but these are tokens that are sent over now if i run the same script over on my side of the internet i get the same token sent over not the same one exactly but i got a different token as well now i also get a brave token that is sent and the only reason i'm getting the brave token from this computer is that i signed on to this sonic edgehog account through brave as well you can actually see this is a possibility because when i open a brave i should be god you can't dude i love it you can go to discord.com and open discord in your browser right you can see that i actually sign right in to my sonic edgehog account and if i go to the right here stop it you can see that if i open a brave on this browser on this virtual machine i can go to discord.com let's actually open another tab open discord on the browser and because it didn't have the token because it didn't have anything saved uh i can't do anything with it right i can't now i know there's going to be people who will throw discord under the bus or say wow i can't believe this existed now i'm going to cover a lot of stuff misconceptions right here to understand this is script kitty 101 this is like nothing i've done in this video is coded by me or anything in fact this script is so freely available it just is forked all over github and all over the internet in general the one that i used which was right at the top the actual python script right here you can see that this is where i put the web hook into and it literally looked into the local storage over here the local app data directory and basically downloaded the tokens i already had and sent them to the the discord server that was basically given the web hook too so none of this is totally out of you know reach for anybody to perform and the thing is you could almost perform this on any real software that exists out there too there's a lot of software that you could eventually send tokens around to out there to understand this is purely a human error in my opinion because in order to even do this you would have to be sent a shady link or a shady download or a shady script and in some cases you know have a bunch of dependencies here and there launch set script and then have your data stolen so it's kind of like getting a shady email or a shady link in general as long as you have practiced good internet safety you're gonna be fine i feel like the only people that are gonna fall for this are sort of the ones falling in the internet darwin awards category for clicking on every shady link that's out there it's the people that go on the weird hentai site and click on the weird plugin that you have to download just don't do it in general okay if you get sent a weird shady file even if it's from a friend even if it's from somebody that you trust don't execute it because ultimately this kind of stuff could happen even in a virtual machine that stores your discord account anyways you will still send your actual token because it's within the vm to begin with so again be careful going forward don't let your token go to somebody else and on the further note people have to understand what can really be done with this token and in reality you know there's there's a lot of nefarious things one can do but even the tokens i believe doesn't stay infinitely valid there's going to be moments where the token expires and discord will regenerate a token for your account and then that's how it works and honestly one of the best ways to counter this is to use two-factor authentication a lot of people i know do not have 2fa enabled on their discord account when they really should enable two-factor authentication because from what i understand the actual stringent read what is it the reissuing of this token is much more like stringent when you have two-factor authentication enabled it's another layer of security to your account and if you don't have it and you give your tokens away this willy-nilly then you can't really blame that your account was truly hacked i mean at the end of the day you kind of made the decision to give your data do not click shady links moral of the story you could this is all avoided and in fact it's quite similar to another case we looked at where discord malware stole my passwords and tokens where i literally used something called anarchy grabber there is a thousand percent chance the software used there was literally a fork of what we just did right here the only difference is from that video and this one is you saw it happen from the quote-unquote hacker's perspective of view so yeah let's let's get out of it i'm rambling on too hard you could literally see right here they'll tell you create a web hook enter the url off you can off you skate the code uh which there's plenty of online tools to do that for you so you know it's not hard and install it as a back door in another script send the script to your victim and make them run it bro they literally are calling them victims what the actual come on and you know what's even cringier what i just showed you was actually a python script that required you to have python installed so normally this wouldn't even be possible since people who have python installed would never execute the script as it is but when i ran the anarchy grabber software that i showed you it was most likely the same exact script just obfuscated and put it in a manner that anybody could execute and then bam same effect would be achieved so yeah if you took the extra step or two involved in this situation to hide your tracks and make it run then yeah you could it would literally be as easy as we showed it okay that's just it's it's wild now sort of the last thing we're going to look at over here is again tying to this whole culture of misunderstanding basic security practices on the internet and it's a lot of kids these days mostly children who don't have enough money to get discord nitro which is sort of what the cool kids have and so they're on google here typing in discord nitro free generator because i heard about it on some weird youtube video most likely in fact to be real with you there are plenty of youtube channels that are honestly giving this nonsense out for instance new discord nitro generator working 2021 and again very good idea for youtube not to disable likes and dislikes or keep them hidden because this is the kind of [ __ ] that you look at and it's oh that's shady that's weird but this gives you a straight download to a hack and i guess we'll try oh 404. when the russian uh you know website that we're using to store all of our pirated dmca dmca files is outright telling you it's bad it's bad oh discord nitro generator this one is actually working by using brute force attacks you are breaking discord tos uh this isn't a brute force by the way but good attempt now obviously this is going to lead us to a file that is without a doubt definitely malware so this is ice hack let's give that a download real quick see what it's filled with all right let's let's drop that in there oh password one two three i feel like a [ __ ] nsa agent don't i alright so now we've got ice hack right here ready to go it's got a bunch of scripts data bin default cfg all this nonsense in fact i i just i just want to i just want to open that up with like like notepad at the moment i don't have anything else of deagle aim five seven usps ak-40 what is this like a cs go script what are we doing here it's a cs go script i think i think okay let's go to the injector i guess system not support this file uh what you just scammed the kid into downloading some weird shady software and it doesn't even work at least give the kid his discord nitro oh look at that free nitro well [ __ ] me let's go to generate here real quick of course there are actually children who fall for this and to understand how bad it is they've got you instant delivery for your discord activation url ah you want me to do surveys that might be slightly less harmful than anything else oh how many codes do i want to generate start generating my codes five codes hell yeah gotta give it to the gotta give it to the friends i mean it could be five or it could be ten thousand wouldn't really matter i think this is actually just a straight up joke website so if you just grab one of these links for stop generating okay grab one of these links and just pass it over i want i wonder if this actually even takes me anywhere i swear to god wow what a shocker man it didn't work do you imagine there's a hundred and thirty seven hundred and thirty eight thousand view videos on this god damn here let's get the discord nitro here i just want to get my account stolen it's like a legit yes download the actual app continue my god what do you want me to do activate the add-on sure let's go for it it's literally making me download dumb add-ons yes install the add-on key find it literally sal it literally sounds like i'm getting my account stolen yes allow notifications discover interesting articles dry mouth causes there you go that's actually kind of interesting uh yeah sure install free antivirus who cares free antivirus 2020 of course of course it's my enemy oh yeah oh i'm i'm sure there was 182 000 downloads nitro generator sure let's fire this one out how many codes do you want to generate like six oh wow dude i got like actual codes they're not going to work 100 they're not going to work i can bet my testicles that they're not going to work all right let's go to nitro checker nitrile hunter checker oh microsoft defending me not baby don't worry don't worry discord look dude all this stuff is nonsense what do i use do i use yeah let's go in http proxy all right it's running threads i guess what 12 30 nah dude nah i go proxy less by the way all right there we go threads sure keep one thread look at that it's generating fake disc dude this is all malware that's just siphoning my user data or even my account tokens off anywhere else this is just terrible i feel so this is awful wow there you go there you go it's just it's just bad it's it's giving me a rating you might be like what it's undetected everywhere else guys it's one of these is bad enough now that's about as much as i can take before my sanity really wears thin now ladies and gentlemen discord has its security flaws and to give discord credit they're doing what they can to really make the best of a situation involving them being an incredibly popular tool and of course as we all know the more popular software becomes the more of a target it becomes for phishing scams and potential malware to exist now we've looked at situations in here that are very very harmless to situations that can potentially be very harmful but i think one theme that i've constantly seen through discord malware throughout the years myself personally and just looking at it in this capacity is that there's a lot of vectors of social engineering that can kick in you know there's a lot of ways you can use this malware to truly scare individuals that aren't technically proficient into believing whatever nonsense you want you know even if it's something harmless like a file for instance triggering windows defender to be severe one can abuse that socially to make somebody think it's a much bigger situation than it actually is so really this video is more of sort of a misinformation clear if anything and when it comes to your tokens and situations like that again the software that i showed was so script kitty-ish and even my implementations in this video were ones that involved both parties having software that if the parties were to install such as python they would immediately know the scripts that they were running again these can be obfuscated and ran in certain ways that people will not be the wiser we've seen it with anarchy grabber and multiple other you know malwares that have hit the uh what would you say the new circuit if you will so with discord i i think the ultimate message i can really say over here is just don't click on shady links just don't give your information out to people out there in the wild because with discord there's just a lot of people out there willing to take advantage of just ignorance in general and i think towards the last section of this video you could see that problem here on youtube tick talker whatever social media platform where there's gonna be children who want free nitro or even adults like me who try to get free nitro and they're willing to give their information away not knowing any better so ladies and gentlemen this is all i'm really going to say in this situation discord malware i guess turned out to be a little bit more cringey than i expected um the real malware out there discord is fighting against and of course where in some capacities it may be a bit behind the times hopefully they're catching up and dealing with this as time goes on that being said ladies and gentlemen i'm about to pass out so if you like what you saw please like comment and subscribe just like if you dislike it i am out [Music] [Music] foreign

Info

Channel: SomeOrdinaryGamers

Views: 814,971

Rating: 4.9714766 out of 5

Keywords:

Id: smNuREXq5wc

Channel Id: undefined

Length: 25min 29sec (1529 seconds)

Published: Wed Apr 14 2021