Taking a look at a new trend of ‘open source’ projects hiding malware in plain site, in this case in the build files.
Official Discord Server – https://discord.gg/ericparker
Follow me on X – https://www.twitter.com/atericparker
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest “NORD” Malware – Nordsecured: https://www.youtube.com/watch?v=F1Qou6X4lsA
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: https://www.youtube.com/watch?v=macOk6haAv0
→ The wilkreate YouTube stealer virus that started this whole trend: https://www.youtube.com/watch?v=DLWuG3P1Gew
(C) Eric Parker 2024
source
date: 2024-07-29 15:22:58
duration: 00:13:12
author: UCqP87_tOqZczGdExeEz0prg
The transcript is a video about a suspected malware, specifically an “EFT silent Aimbot triggerbot ESP glow spoofer” that was disguised as an open-source cheat for a game. The creator of the cheat code shared it with the host, Eric, a Web 3 DeFi tech editor. Eric, who doesn’t play the game, couldn’t understand the code himself, but he analyzed it to reveal its malicious intent.
The cheat code was hidden in a fictional game cheat program on GitHub, designed to evade detection by antivirus software and security experts. Eric discovered that the malware was contained in the build files, specifically the pre-build events, which created a malicious VBS script. This script was designed to load a separate payload, which was then executed when the build process was run.
Eric used his knowledge of various programming languages to decompile and analyze the VBS script, which turned out to be a malicious Powershell script. The script was designed to download and execute a fake Windows search payload from a malicious domain.
The malware uses various anti-analysis techniques, including anti-debugging, to evade detection by antivirus software. It also disables security features, such as Windows Defender, and uses a UAC bypass to elevate its privileges. Eric notes that using a third-party antivirus and enabling tamper protection can help prevent the malware from executing.
In summary, the malware is a sophisticated, open-source cheat program that uses multiple techniques to evade detection and compromise a user’s system. The analysis highlights the importance of being cautious when downloading open-source code and not relying solely on the open-source nature of the program to ensure its safety.
