FAKE Sponsors are trying to get YouTubers HACKED!
Рет қаралды 192,454
Күн бұрынKZfaqrs get a lot of bogus sponsorships, it's the industry norm. And now malicious sponsorships are becoming the norm as well. In this video I'll show you an email hacking attempt that tries to get me downloading a fake MP4 file that contains RedLine stealer!
Are my passwords safe? Will I become a crypto shill? Who knows!
HELPFUL LINKS
-----------------------------------------------------------------------------
VirusTotal
www.virustotal.com/gui/home/u...
Triage
tria.ge/submit/file
SOCIALS
-----------------------------------------------------------------------------
Discord Server
/ discord
TIMESTAMPS
-----------------------------------------------------------------------------
00:00 - The sussy email
00:35 - The banger website
01:06 - Did Rishi get hacked?
02:20 - Clicking on wack links
02:45 - Telegra.ph explanation
03:13 - Don't run malware (even on a VM)
03:30 - VirusTotal's blunder
03:48 - Tria.ge saving my rear end
04:55 - What does it do?
05:28 - Becoming crypto scammer
05:52 - How do people fall for this?
06:42 - Easy Peasy Finance is not Malicious
MUSIC
-----------------------------------------------------------------------------
Shrimpnose - The Flash before my Eyes chll.to/ed7456a3
Aviino - Perfect Storm chll.to/9f321b24
@Massie_ Жыл бұрын
C&BT Company sounds like the evil twin of Manscaped
@iosstore6905 Жыл бұрын
Deez
@AreticYT Жыл бұрын
@@iosstore6905 hahahaha so funny im gasping for air
@PoliceArmored Жыл бұрын
@@iosstore6905 litty jokes 😂😂 im committing tax frauds
@iosstore6905 Жыл бұрын
@@PoliceArmored WAIT NO
@xxthelinkxx3296 Жыл бұрын
Yay CBT, yaaay
@snoowzin Жыл бұрын
Someone just tried to scam an anti-scam channel. Such a great idea
@nqrhuh Жыл бұрын
theyre kinda stupid
@FolTakX Жыл бұрын
lmao
@taxrate Жыл бұрын
well it worked once with jim browning
@t12is_10 Жыл бұрын
hm yes, perfect idea.
@ahmaddeveloper1329 Жыл бұрын
Jim Browning got hacked ;-;
@bettercalldelta Жыл бұрын
4:24 Which is exactly why hiding the file extension from the user should never be done. It opens up a lot of possibility for malware to trick the unsuspecting user.
@lunakittyyy Жыл бұрын
This has been happening for years and years now, all the way back in the 90's. It's ridiculous it's still the default settings in modern Windows
@mrtbts Жыл бұрын
yea that’s why u should turn on show file extension
@k-kayla Жыл бұрын
@@mrtbts Should be the default setting tbh
@bettercalldelta Жыл бұрын
@@mrtbts my point is it's frustrating that I have to enable it every time. it has to be default.
@NamelessJu Жыл бұрын
I know exactly why it's still the default: because some people would constantly keep making their files "useless" by accidentally removing the file extension while renaming
@robwiz9 Жыл бұрын
Virustotal wasn't able to detect any viruses because the archive is password protected, therefore its contents are encrypted and can't be properly analyzed.
@mikealuspol5819 Жыл бұрын
3:48 To see if it is malware or not, you need to unzip the files and upload them to virustotal because the archive that had the virus was encrypted with a passcode so no av can detect it unless you unzip it.
@ALD7MI2011 Жыл бұрын
is it safe to unzip it?
@Dxrkon Жыл бұрын
Was about to comment on this....very important thing that wasn't mentioned.
@rishabh-captchafailed Жыл бұрын
😉I can make a file even if you unzip it , it won't be red
@notrazer Жыл бұрын
@@rishabh-captchafailed nobody asked
@rishabh-captchafailed Жыл бұрын
@@notrazer your mom bro..
@RunYouWont Жыл бұрын
6:25, they hide it by putting it into archive and setting password to it, that's why that zip file has password
@b33bo93 Жыл бұрын
yeah because zip files with passwords are encrypted
@hi-kt3qr Жыл бұрын
I mean u can use uncompress and recompress yourself
@AfsanSameerRayan Жыл бұрын
@@hi-kt3qr great idea
@FoxBlocksHere Жыл бұрын
Thanks for spreading awareness that malware can escape virtual machines. It's suggested WAY too often that it's safe to test malware in any old virtual machine program, when that couldn't be any more false.
@stuxcs Жыл бұрын
Its really safe to test in virtual machines if you have them setup correctly, malware that can escape vm's are super rare and usually require specific exploits which are patched as soon as discovered, so unless you are testing some ultra rare sample with a crazy new exploit that noone else has found before you, then you are 100% fine.
@shazyc2791 Жыл бұрын
Yup I thought VMs are foolproof...
@supermaster2012 Жыл бұрын
It's a myth, you won't file a single zero-day CVS about Hyper-V. Ironically, the same cannot be said about OpenVZ and KVM.
@hrznn Жыл бұрын
This emailing method is really unsafe. I know a website, where you can create tests and set up an mail address to receive the test results. They implemented it in vanilla js on the client side, just hiding a form inside the html, and when you complete the test, it submits it. It was autofilled with the teacher's email, exposing that too. But I can also submit it, with any email addresses, content (including HTML and CSS), title, everything. I could've sent a teacher anything, a really legit looking fake login to get her password, which probably grants access to her personal email......
@hrznn Жыл бұрын
* the same site had all the correct answers stored in a 'data' variable lmao, so writing a script to autofill them took 1 line of js code, and a few more to just auto send the 100% result email instantly
@LucyWoIf Жыл бұрын
I love that they basicly said "Hello me, you are being contacted by me"
@simeon4652 Жыл бұрын
Virustotal didn't detect it, because the file is encrypted, and its content is inaccessible to the AVs. This is also used to hide from file hosts(mega nz would have caught the file probably)
@ITronLegends Жыл бұрын
Mega is used for viruses and stuff. It's also known for it. Nor the mega company cares.
@exoticlollll Жыл бұрын
"Hello Easy Peasy Finance, this is Easy Peasy Finance" Also why would they scam you lol? Do they not know that you're literally trying to stop scams?
@woffyreal Жыл бұрын
they send these out in bulk to any emails they can scrape from youtube.
@talkingnart1563 Жыл бұрын
I did some artwork for a KZfaqr and they linked my email. I got like one official person who actually thought that the email linked was their email and not mine, anyways I got a bunch of cute spam emails One was from the "Discord ambassador" who wanted me to shill Discord to people using a sketchy link There were a lot of RAID Shadow legends emails being sent my way and just a ton more that make me laugh. The KZfaqr ultimately removed my email seeing all of that but, I still get emails to this day from people thinking that I am this KZfaqr 😂
@monnamonsta Жыл бұрын
I lost it at RAID Shadow Legends mails
@talkingnart1563 Жыл бұрын
@@monnamonsta Which is fantastic cause this dude was known for criticizing RAID:SL ads so, the fact that I was getting emails for it just, made it twice as great 😂
@monnamonsta Жыл бұрын
@@talkingnart1563 Indeed
@SnowMexicann Жыл бұрын
What youtuber?
@talkingnart1563 Жыл бұрын
@@SnowMexicann cartoon reviewer guy named Diamondbolt.
@fxri Жыл бұрын
i’m so glad i have 60 subs and will immediately be suspicious of any sponsorships
@1vrb0 Жыл бұрын
This is actually getting pretty common amongst other creators, its good to have this kind of community awareness for ignorant people, especially falling and losing your account because of it is super annoying.
@enwo_ Жыл бұрын
ILY No Text To Speech, you help so many souls out! MY MAN PLAYS GENSHIN RESPECT +100000000
@BlueSusAmigosYT Жыл бұрын
Respect -10000000*
@monnamonsta Жыл бұрын
@@BlueSusAmigosYT Sometimes I wonder if ratio on KZfaq is a thing
@devonbennett6559 Жыл бұрын
@@monnamonsta yes it is
@devonbennett6559 Жыл бұрын
@@BlueSusAmigosYT burn
@jackzzlol Жыл бұрын
This video was amazing you deserve like 1mil subs dude 👏
@sfisher923 Жыл бұрын
Learned about Scr files being ran as Exe files from an old old channel called RogueAmp which ironically use this to help remove Rogue AVs by bypassing the ending of certain processes but only in the exe format
@Detrax655 Жыл бұрын
the endings in these videos are gold
@Cxntrxl Жыл бұрын
6:22 ‘all this valuable brain power going to waste :(‘ Yeah, it’s a scummy thing to do, but it’s also extremely profitable. Doesn’t excuse the ethical side and I’m not smart enough to program malware but it’s not to say they’re wasting their brain, rather they’re utilising it for dirty profit.
@Suegiclah Жыл бұрын
Man just outed this group, God bless all the youtubers who got caught up in this and/or got their account hijacked
@nlnqla Жыл бұрын
Ngl I kinda miss the widget customisation videos but also like these!
@ProgressBar_95 Жыл бұрын
Wow, someone tried to hack NTTS ._.
@trp Жыл бұрын
Love how all your videos end like a love letter
@foozywolf Жыл бұрын
it's like a reward
@VelikiFeniks Жыл бұрын
Very interesting video! I like it! You are very careful with that what you are doing! Great job!
@Kevaca Жыл бұрын
Me who does not check my email except when I have a reason: interesting
@MrFuzji Жыл бұрын
Man quick question, will you make how to make crashing discord video? i rlly want to troll my friends and i got the perfect video and i wanted to know this for a long time.
@thewizardbrand Жыл бұрын
Thank you for showing us the website, this is genius indeed
@NitraPunkie Жыл бұрын
Theres another one getting zombie community channels stolen “nft champions” sponsor ships not sure if its the devs or not
@strap685 Жыл бұрын
Don't worry guys, VMware fixed the hyperjacking and VM escape exploit.
@SgtSalamander Жыл бұрын
They do it with businesses too. I run a small game company and I've had people try stuff on me too
@TechWorldOrder Жыл бұрын
I saw a John Hammond talk about this, he had a really good evaluation video on it.
@BlueSheep777 Жыл бұрын
VT sometimes can't tell if something is a virus because it's a zip file! Zips are compressed -> less data to search. But you're right don't check only on virustotal
@NITRO_PRO Жыл бұрын
When I looked at the thumbnail, the first thing I noticed is they put a instead of an. An email that was legit would know that you should put a before consonants and an before vowels. So they must be thinking a isn’t a vowel. But it is.
@SnailDOS Жыл бұрын
The chances of a VM hijacking to a host machine is virtually 2/100. All modern hypervisors are secured to the bone, the chances of this is impossible. "Only if you are on linux" is also not true? What will Linux do to prevent a virtual machine from hacking you? The only thing that could happen is the trojan digs around in your network, and for that you should create a separate VLAN for the VM.
@BlueSusAmigosYT Жыл бұрын
"Only if you are on linux" is so if the virus escapes it can't run itself
@SnailDOS Жыл бұрын
@@BlueSusAmigosYT That isn't how it works. Linux is not better then Windows with their security.
@monnamonsta Жыл бұрын
Citation for first line please
@SnailDOS Жыл бұрын
@@monnamonsta What am I needing to Citate? If there was a major exploit, chances are the hacker would just report the exploit and get more money out of it then hacking some individual that has a 10-20% change of running the file in a VM?? I don't think Citation is required for that, honestly.
@tuamatrem8304 Жыл бұрын
@@SnailDOS i think what they mean is that since most viruses are made to infect windows computers, they may have a harder time executing in a less familiar environment such as linux
@chipsmeow7652 Жыл бұрын
the fact i confronted a indian guy tryna give a 13 year old a virus its crazy, but my anti virus blocked and deleted the shit out of it.
@Diazplays574 Жыл бұрын
Scammers: *takes notes quickly*
@LittleBlueGamer Жыл бұрын
This is the reason why I’m not gonna get my vids sponsored when I become a big KZfaqr. I’m trying to protect myself from [FAKE SPONSORS] I'm also scared of the scam sponsors, i do trust a few companies, but ill never trust that fake one.
@martinmatin6275 Жыл бұрын
Sadly, you will not become a big youtuber
@LittleBlueGamer Жыл бұрын
@@martinmatin6275 mayb i will someday but i will portend you never replied that
@James-ru7vv Жыл бұрын
6:20 Virustotal didnt check it due to it being in a encrypted zip that is why it requires a password to open it
@nsa3967 Жыл бұрын
Virustotal didn't pick it up because the zip file is encrypted making it literally impossible to read the contents (excluding file names) without the password. The other website probably found out from the extensions, or you uploaded the decrypted zip.
@_PKMN_Lyra_but_with_raid_ Жыл бұрын
I got a waterbottle ad before the video even started and the narrator said “well its a waterbottle” like I did not know that already (ik its not related to the video but hey the more you know)
@tobyzilla2.074 Жыл бұрын
And this is why you have to be careful when your on the internet because of stuff like this
@KinCryos Жыл бұрын
I'm guessing that MEGA took the file down, seeing how the telegraph was updated with two more fileshare links. I reported those uploads, and the telegraph itself
@zenekthefirst Жыл бұрын
3:56 I understand that, also play genshin impact for over a year and wouldn't even think of losing it, unless if for something really important.
@OrigionalCigarette Жыл бұрын
I suggest using Link checkers when it comes to this kind of stuff. Assuming you didn't, it goes without saying, don't trust websites you never heard of.
@MCHarperYT Жыл бұрын
Just a same thing like scamming, but there are stealing your KZfaq account
@kyokazuto Жыл бұрын
Virustotal should add the option to pass the password along with the encrypted zip file so it can decrypt it.
@memelurd7341 Жыл бұрын
we need Muta to cover this
@iFurore Жыл бұрын
esoteric inc with 700 thousand subscribers was hacked a year ago ;( and youtube refused to return his channel and he gave every proof possible
@jaydeep75 Жыл бұрын
the reason why the virus total came back basically clean is because you uploaded the .zip not the .src upload the .src and you will get alot more detections
@martinmatin6275 Жыл бұрын
Hey its scr
@DerEchte101 Жыл бұрын
3:46 it didn't detect it since you uploaded the password protected .zip archive and not the raw file/s in the archive then it probably looked different
@iwillshankyousohard Жыл бұрын
Its honestly quite weird because a youtuber called “SonaDrawsStuff” had gotten hacked by a sponsor ship by clicking on *download links* weird…
@iwillshankyousohard Жыл бұрын
This was a while ago
@7m6i Жыл бұрын
The thumbnail tho 😂😂 c&bt advertising
@KaizokuGariMugiwara Жыл бұрын
I want to know the theme of his browser and discord i mean its kinda different some how if you notice the curvy areas and color corrections and all it looks so cozzy
@winlogon. 9 ай бұрын
6:40 I will make a VM in a VM in a VM on Arch Linux on a burner computer so that I can check if it is really secure.
@SSuser-go7jm Жыл бұрын
A cc I watch with around 10k subs got scammed by somebody pretending to be Team Cherry (creators of Hollow Knight). Pretty clear he didn’t know who they were.
@spikepowir Жыл бұрын
It is happening to other youtubers and will probably happen to YOU the person reading this,Be safe out there people.
@mawi5704 Жыл бұрын
Just happened to me. I‘m not a KZfaqr, but I run a small Community Website. Just Receiver an Email following the same principle.
@citruslmao Жыл бұрын
so you see, i might have ran a exe that was in a zip with a password which is *possibly* dangerous
@txts-to-be Жыл бұрын
i think windows must disable unicode special characters in filenames and enable show extensions by default.
@vlOd_yt Жыл бұрын
Yo ntts, the reason only one dectioned showed up on virus total, is because you scanned the archive and not the payload it self (the .scr) now most AVs do not scan archives especially password protected ones just so you know!
@matteobesho Жыл бұрын
Happened to orange peanut some days ago, fortunately he got his channel back
@LenusJaguar7845 Жыл бұрын
My dad sends me an link of a happy new year gif. Me: NTTS said no
@ykjinxz Жыл бұрын
The reason its coming up as nothing in virustotal is because the archive is password encrypted and anti-virus software cannot scan anything in the archive. If you wanted a more accurate scan you would have to add the files in the archive to a new zip with no passwords and rescan
@legobobbrix Жыл бұрын
I have the Redline stealer client on my PC vm and it has a lot of scary options and ways to steal info
@yes.elevens3688 Жыл бұрын
Some Russian dude tried to sponsor my friend who has a small channel and it was a gambling thing was so HELLA sketchy
@bluestonecreeper720 Жыл бұрын
"**size 0kb**" nothing wrong here either, nope nope nopity, nope nope
@kalutek9963 Жыл бұрын
This is giving me anxiety about my pc
@spykillergames8402 Жыл бұрын
I run all my sketchg files on a VM on an old raspi....so many of these viruses cant cope with an old underperforming ARM chip.....so they crash :)
@stupidfuckingrat Жыл бұрын
I just run a Virtual Machine INSIDE ANOTHER VIRTUAL MACHINE HAHAHAHA!
@Fire-Xplorer Жыл бұрын
That’s why I never read emails 😂
@heheimtrahs Жыл бұрын
this was happening in the mc pvp community recently
@TimeWisely Жыл бұрын
Wait a minute, that's the stupid company my math teacher would make us watch in school!
@o_ija Жыл бұрын
damn they got silver chariot requiem files now
@Szokker0 Жыл бұрын
by the way, in the e-mail there's writtten "message written from YOUR contact form", so I guess if someone read that, it might save them too.
@TheIntense_GamersShort Жыл бұрын
omg my youtube is dying and those videos automatticly on my HISTORY
@Willie-2024 Жыл бұрын
"going deep ;)" 💀💀💀💀
@Glojtub2011 Жыл бұрын
Yo he got the chips wallpaper just like me
@GreenAnimationsYT Жыл бұрын
bro i didnt say the "rs" in "KZfaqrs" and got terrified lol
@MoreAdamCouser Жыл бұрын
I got scammed like this recently and click the SCR file - nothing has happened yet, this was about 2 hours ago - and steps you think i should take?
@NoTextToSpeech Жыл бұрын
If you ran the SCR file... Disconnect your PC from the internet and make sure it cannot connect whatsoever. Change every single password that is saved in your browser ON A SEPARATE DEVICE. If you use the hacked PC, it might just keep sending your updated passwords to the hacker. Start backing up files on the compromised PC (can backup documents + photos, avoid applications and instead just write down the important things you need). Wipe your PC completely. Then you can add your files back and connect it to the internet.
@EmiToast Жыл бұрын
I have a friend who fell for this exept he was trying to download some editing software thing and we had to spam ping him about his channel being hacked
@shaiixx_ Жыл бұрын
3:56 Genshin Supremacy
@satinfoilplays7830 Жыл бұрын
6:38 But then I won't get my car's extended warrenty :( (joke)
@FrancescoRosi27 Жыл бұрын
"C&BT" is a totally legit advertising company... lol
@doge120 Жыл бұрын
"Not on my precious genshin impact gaming rig" 💀
@bombirbarchives Жыл бұрын
HA, good thing I don't check my email!
@kameronhouston5315 Жыл бұрын
why does my GMS softs like exhaust from motobike, pls tell how
@User-vh6uy Жыл бұрын
lets be grateful that the anti viruses wasn't a advert
@ilyStraight Жыл бұрын
I miss all the ntts tutorials :(
@LeXoLs Жыл бұрын
Whats your chrome theme i really love it
@IrtyGo560 9 ай бұрын
If the system or an app automatically opens the bad file then you're doomed.
@marhh2873 Жыл бұрын
you do get virustotal doesn't extract the folder.. that's why it doesn't detect anything, it's just scanning the zip file itself
@7u3Td4Nny Жыл бұрын
Thank you for this video
@aqua-bery Жыл бұрын
Why would any company allow people to send emails to others through their own e mail address lmfaoo
@radimnik4382 Жыл бұрын
Can you please do video where you tell us some webs you use to detect virus in files?
@mraljoskojuric7512 Жыл бұрын
Hey, former malware developer here, the reason u only got 1/58 on virustotal is because i left it in a .zip file, unpack it and put in the .src , no problemO!
@thedjdemonbutbetter Жыл бұрын
Let’s think about all the people who don’t accept sponsors.
@salihege93 Жыл бұрын
Yes they did this to the Mergxn too.
@nekoyd Жыл бұрын
Anyone notice C&BT tried to sponsor
@Ivy-Tellers Жыл бұрын
How do you make ur browser like that?
@THEKINGMAYANKTT Жыл бұрын
This also happened to me thay said it was nft game company
@Caviie Жыл бұрын
My cousin with 345 subscribers lost his account, but I was blamed for it then he also getting hacked on discord from these emails, he has viruses from when he downloads cracked apps.
ТНТ4 Shorts
Рет қаралды 2,4 МЛН