How much Malware can you get on Windows on ARM (Copilot+)

Рет қаралды 59,905

29 күн бұрын

How much Malware can you get on Windows on ARM (Copilot+)
Official Discord Server - / discord
Follow me on X - / atericparker
In this video I test the top malware samples on "Copilot Plus" windows 11 on ARM OS. Does malware need to be updated, not most of it at least. Most viruses work on windows 11 on arm / copilot devices without issue.
In other news, windows arm devices are good for malware analysis.
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate KZfaq stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024

Пікірлер: 190

@FluffyAngelUwU 27 күн бұрын

The best antivirus is running an environment where the virus doesn't know what to do or how to do!

@icantcomeupwithnames469 27 күн бұрын

seems like Windows on ARM isn''t that, though

@stonebubbleprivat 27 күн бұрын

Security through obscurity isn't a solution.

@olnnn 27 күн бұрын

@@icantcomeupwithnames469 Maybe it could be to an extent (until windows ARM becomes more widespread) if one disabled PRISM x86 emulation - though I suspect there is still a bunch of critical windows bits and/or laptop vendor/driver bits relying on it still so that may not be possible.

@Frn1 27 күн бұрын

Run them on wine!

@thmUNIX 27 күн бұрын

@@stonebubbleprivatI guess, they tried to say that it is better to run GNU/Linux or Mac OS X which indeed would protect you from the majority of malware, but I would say ‘the best antivirus is your head on your shoulders’

@GlossySquare3 26 күн бұрын

A few days ago I simply typed "potato" Into copilot, It then gave me an essay about something called a "Sea Apple" Yeah, AI Is really smart let me tell ya.

@epicpe1 26 күн бұрын

Hello AidoBoy. Long time no see. We know what you have done to headquarters.

@yesdotwmv 26 күн бұрын

Actually there is no such thing as malware on windows because microsoft says in their terms of use to not make malicious software so its impossible

@eDoc2020 21 күн бұрын

Clearly you haven't heard of cross-compilation.

@Dhendo7 19 күн бұрын

You’ve got a point.

@Juzevs 18 күн бұрын

what if the bad guys decline the terms of use?

@qvsws 4 күн бұрын

@@Juzevs it SAYS

@lunakittyyy 26 күн бұрын

That skull malware was interesting. I can't think of any recent malware that is actually infectious. Not exactly sure what it was trying to accomplish though...

@Guy-be2px 18 күн бұрын

Simulating your brain (computer) on drugs

@rainbain5474 27 күн бұрын

Its crazy to think malware for windows will run on ARM in the first place. AARCH64 is probably my favorite ISA, and its crazy to see how far its come. For a while 64 bit ARM was unheard of and I never anticipated Windows running on it and was used to most software not being built to support ARM.

@rockpie.squashfs 27 күн бұрын

How was it unheard of if most smartphones had it?

@Kwpolska 27 күн бұрын

Windows 11 on ARM emulates x86-64 software. The emulation is apparently good enough to allow malware to work.

@soundspark 27 күн бұрын

@@Kwpolska It's designed to be fully backwards compatible with usermode x86 software.

@kipchickensout 26 күн бұрын

"I use AARCH64 btw"

@the-answer-is-42 25 күн бұрын

@@Kwpolska Wonder if it's possible to turn it off until you need it as a security measure (as in you have to tell Windows to run an executable with the emulator, rather than doing it automatically, which it seems to do in the video).

@obviouslyaxo 27 күн бұрын

Bro’s KZfaq (subs) is expanding rapidly

@LukasGaz.444 27 күн бұрын

ive been watching him since he has had 10k/5k, it's crazy on how much he has grown in not much time.

@Arasiscool 27 күн бұрын

@@LukasGaz.444 i think i started at like 7k

@zombie__ 27 күн бұрын

⁠@@Arasiscooli started at 8k

@baribari1000 27 күн бұрын

wow almost at 50k

@inconsistenttutorialuploader 27 күн бұрын

I started late at 30k

@ErdrickHero 27 күн бұрын

Windows malware in WINE on Linux on ARM next?

@fluentmoheshwar 23 күн бұрын

Yesss

@ross3695_basedhax 12 күн бұрын

i sudo a virus once but thankfully was incompatible

@respectth3game 27 күн бұрын

I love how the user is "lain", pretty good taste for vm usernames 4:06

@KaidenMikami 27 күн бұрын

at the end of the day, windows is still windows and vulnerable as fuck

@magicalnoodles 27 күн бұрын

Anything can become vulnerable though. The system doesn't really matter if the user gives the malware/virus admin access. Although linux makes it more difficult to get infected, it's still very possible if you allow the wrong package to get into your system

@crackny4n 27 күн бұрын

linux and macos, the way most people use them aren't secure either

@minecrafter9099 27 күн бұрын

@@magicalnoodles sudo destroy_my_computer

@PinkAgaricus 27 күн бұрын

@@magicalnoodlesI remember this. The vulnerability that was in a fedora release that actually required you to not update until they patched the issue.

@FayyZ_Dox 27 күн бұрын

@@minecrafter9099 sudo rm -rf --no-preserve-root / (don't execute that in your bash tho, it's gonna nuke your whole drive)

@pixelthrived 27 күн бұрын

great video as always!

@Pusheen7092 27 күн бұрын

Almost 50k subscribers congratulations

@jeffzkiller3590 27 күн бұрын

id rather this guy doesnt go mainstream, never goes well

@MysLouis 27 күн бұрын

ur subs are growing so fast been here for 3yrs!

@league1809 25 күн бұрын

All your videos are extremely entertaining, thanks :)

@baribari1000 27 күн бұрын

will you do a 50k celebration video or similar Eric?

@chickfila7nugget 27 күн бұрын

being so used to win11 aesthetics, seeing sharp corners put me off

@kaiduwu 27 күн бұрын

Ew 11

@gagekillingsworth8212 27 күн бұрын

Windows 11 will use the sharp edges if there aren’t any display drivers

@another-niko-pfp-holder 26 күн бұрын

as a hyprland user, same

@kaiduwu 26 күн бұрын

@@another-niko-pfp-holder W hypr, wayland is fire

@ayden8901 27 күн бұрын

Can you do a video on IDPS like Surciata that’s bundled with UniFi hardware? Is use that in conjunction with Bitdefender but am curious on what it can actually stop. Especially the DoS and Botnet filters

@fusionconcepts 27 күн бұрын

I ran the malware through Recorded Future's Triage and it appears to be an XMRig miner and Lumma stealer

@WickedNinja48 26 күн бұрын

What do you think if you were to turn off windows antimalware executable? like derp the registry and use tools to disable it?

@tanookimariorocks 20 күн бұрын

I wanna see more of an investigation of the skull malware and what its end goal is

@finfirr 27 күн бұрын

Great video!

@patricklechner190 27 күн бұрын

Hey Eric, what security do you use on your main system? Just insanely curious...

@JJFX- 27 күн бұрын

CommonSense

@wrathofainz 27 күн бұрын

Probably just a basic firewall and caution. Maybe defender just because it's there and does a decent job of catching malware if you fucked up hard enough to get infected.

@patricklechner190 27 күн бұрын

@@wrathofainz configure correctly Defender can be insane tbh

@EricParker 27 күн бұрын

I don't use Windows other than for VMs. I use Mac & Linux both with defaults (no 3rd party), Apple does have a version of Windows defender, but they keep it hidden.

@patricklechner190 27 күн бұрын

@@EricParker thank you very much for the answer!

@Klusio19 26 күн бұрын

✨"rybody my name is Eric" ✨

@darkphantom_01 27 күн бұрын

This happened to me when I downloaded a tool from Killnet and even folders from my external drive became shortcuts and excute cmds while opening, they were in system32 I think, I carelessly deleted and it's not opening now 😂. I don't know why I didn't scan the files

@pathfinderproject9381 18 күн бұрын

lain? is that a serial experiments reference?

@SkizzieSpeedruns 27 күн бұрын

Are there any possible workarounds for vmware on how to get around the RDTSC forcing vm exit detection?

@EricParker 27 күн бұрын

vmware hardened loader passes it (I believe by fooling the guest with a rootkit), you can kinda hack KVM / qemu with a kernel edit to be less obvious. The vm exit is extremely uncommon for malware.

@SkizzieSpeedruns 27 күн бұрын

@@EricParker Yeah i am pretty sure i used the "VmwareHardenedLoader" from github, and I did some additional tweaks, although this is still the only thing that's getting detected, but as you said, the vm exit is not really common for malware.

@redoktopus3047 26 күн бұрын

you should definitely do a deepin or uos demonstration

@vinfi8526 26 күн бұрын

you sir just gain a sub

@fgf8 5 күн бұрын

What arm emulator are you using?

@mnageh-bo1mm 27 күн бұрын

can you share the yt scraper ?

@mansiselyn 24 күн бұрын

so we can say that it is unarmed?

@Kajtgg223 27 күн бұрын

Hey :D, also you start to get so much subs recently :D

@mu11668B 27 күн бұрын

I wonder if any of those PE/shellcode packers for x86/x64 would work on this ARM64 device. Maybe give xloader/formbook a try. If they do work, I'd say Microsoft did a really good job on compatibility. Lol.

@TheBenSanders 27 күн бұрын

Surprised you used a vm connected to the internet to run this. 😅 Or is it on a different vlan?

@EricParker 27 күн бұрын

Of course if I want to see net behavior.

@cursqdlol 27 күн бұрын

ngl i dont know anything he is saying but its making me wanna know

@luqmaanmohideen8422 26 күн бұрын

how did u build a scrapper

@EricParker 20 күн бұрын

More on that soon.

@DoggyDieter 27 күн бұрын

what if every company you accepted the EULA from, owns your soul. Wouldn't that be great :)

@kirill9064 27 күн бұрын

Do they own parts of it? What would they do with it? Inject into an AI to make it alive?

@DoggyDieter 27 күн бұрын

@@kirill9064 maybe who knows :)

@undefinedCat 25 күн бұрын

My soul slot has a half-eaten pack of bacon lays

@DoggyDieter 25 күн бұрын

Mine is an Borken Soundbar

@WindowsDestroyer 26 күн бұрын

1:35 Hang on how did we find the same malware

@jolly_exe 27 күн бұрын

do you have the paid version of binary ninja?

@EricParker 27 күн бұрын

yes

@RedJStudios 27 күн бұрын

You should try to see how many viruses you can get in windows s mode

@EricParker 20 күн бұрын

Exactly 0, but trying that might be fun.

@webs_exploits 27 күн бұрын

11:11 how is the tool called for editing code or what it is it looks kinda good

@redlionstudio2750 27 күн бұрын

I think it's dnSpy, and it's not a code editor

@finfirr 27 күн бұрын

@@redlionstudio2750Code Editor is called a IDE

@EricParker 27 күн бұрын

Binary ninja. Not a code editor, it's a reverse engineering tool.

@not-rv1li 22 күн бұрын

It does effect my home systems...seems like no removing it and ive hired programers that just walked away from it

@undefinedCat 25 күн бұрын

What's the network drive on the VM?

@EricParker 20 күн бұрын

connects to the host.

@fthcat 26 күн бұрын

can you do a video on bloxstrap? its a like client on roblox

@MrRorosao 26 күн бұрын

Well, expected, windows emulation layers doesn't discriminate against viruses! Be safe kids!

@NimaSakibo 27 күн бұрын

Nah - there is no malware, what are you talking about? That gibberish was just Windows trying to talk to you in a new language it invented - totally normal!

@cooltwittertag 5 күн бұрын

how cute

@fakename2123 26 күн бұрын

how would you pass the rdtsc check on a x86 installation?

@EricParker 20 күн бұрын

either using a kernel driver to fool the application you're trying to run, or if you're using linux & KVM you can edit the kernel so that the timing is about right. You can also patch the check out of the binary.

@fakename2123 20 күн бұрын

@@EricParker using a kvm setup, unfortunately all the patches for vmx.c(Intel) are for kernel version 6.0sum and unfortunately vmx.c has changed in my kernel version so those patches are moot, trying my best here but pre clueless when it comes to kernel dev

@idkiwatchvideos 27 күн бұрын

what vm do you use

@nitterwilly 27 күн бұрын

windows sandbox you need windows 11 pro

@EricParker 27 күн бұрын

vmware most videos, qemu a few. This is UTM under an M1 mac for ARM.

@asbfabfoaijfo8 27 күн бұрын

how did u run that. did u actualy bought it or maybe qemu catched up somehow?

@00evaunit 11 күн бұрын

i do not know how youtubers who test viruses don't wee themselves everytime they download it, i know it is a VM but i would be too paranoid

@moose7527 27 күн бұрын

@CanoTheVolcano 26 күн бұрын

Microsoft provides the OS to you with spyware, so that's nice of them for this challenge

@SqualidsargeStudios 27 күн бұрын

What is an alm?

@rawpie2 27 күн бұрын

people finding you bro! keep making videos your on the up

@DavidBakhash 26 күн бұрын

Your accent is so cool what is it

@luheartswarm4573 23 күн бұрын

I thought windows itself was the malware nowadays

@SamirElabed 27 күн бұрын

running a quick scan will not scan all file in Defender you need to run a full scan

@EricParker 27 күн бұрын

I am using an M1 mac and UTM.

@SamirElabed 26 күн бұрын

@@EricParker you still need to do full scan Defender will only scan common known path with quick scan while full scan it scan every file on the system

@BsktImp 27 күн бұрын

As I understand it, malware can still detect it's in a VM environment and/or evade the hypervisor, so how do you protect against malware escaping your VM and potentially disarming your modem or infecting host machine?

@EricParker 27 күн бұрын

> malware can still detect it's in a VM environment Yes, there are ways of making this more difficult, IE the vmware hardened loader rootkit I use. > protect against malware escaping your VM and potentially disarming your modem or infecting host machine Might be worth a video. As far as I know it has never ever happened in the real world to anybody (although there are VM escape demos). It's possible with bad configuration (IE bad ssh settings on host) in theory. If you enable vmware tools, there have been a few exploits based on vulnerabilites in the guest editions driver, not any actual hypervisor escapes. Using Linux /mac on the hos tinstead of windows also helps.

@BsktImp 26 күн бұрын

@@EricParker Cheers.

@edelzocker8169 27 күн бұрын

There is malware made to avoid the MS Defender and thats also the reason why I always recommend to instal an AV...

@zombi1034 26 күн бұрын

Or simply avoid downloading dubious software or mail attachments and you will probably be fine.

@edelzocker8169 26 күн бұрын

@@zombi1034 you know it's possible to get malware from trusted websites like Steam?

@not-rv1li 22 күн бұрын

I'm having huge issues on my phone I'd let anyone curious about it to take a look at my system

@stingfiretube 27 күн бұрын

Step 1: Uninstall Windows

@undefinedCat 25 күн бұрын

Step 2: Install Linux

@Real-Rin 26 күн бұрын

Step 1 get recall

@darkphantom_01 27 күн бұрын

My pc is still stuck, win def did nothing 😂,I trusted a Russian tg channel

@undefinedCat 25 күн бұрын

I remember playing bedwars on some russian server and someone was sending a link to a telegram channel with supposed "cheats". Decided to download it and it turns out it was some random Python stealer made with pyinstaller

@undefinedCat 25 күн бұрын

Also, I forgot to say that this was done in Triage vm

@mrj4264 27 күн бұрын

KZfaq scraper?

@cooltwittertag 5 күн бұрын

I use typewriters and punch cards so them damn viruses cant come for me!

@narpwa 24 күн бұрын

malware is fun

@user-cr9ix2mg5u 27 күн бұрын

I enjoy your videos so much more when I imagine Tristan Tate with a fat cigar in his mouth talking about malware to me. Your voice sounds too similar !

@ReidAstrea 25 күн бұрын

username is lain🔥🗣️

@corsola222 27 күн бұрын

virus for the love of the game

@Scy1hee 27 күн бұрын

w video

@lollol673 27 күн бұрын

7000th view

@Javka-mm6bk 27 күн бұрын

@duzaliteraf7373 27 күн бұрын

1 second ago No views No comments No likes I'm first

@Daniel99-j7l 27 күн бұрын

27th

@TechnoMinded-qp5in 27 күн бұрын

Windows 10 master race I plan on emulating my games after End of Life if Valve deprecates Windows 10 I am still set for life modern Windows will still be more secure than you think after End of Life and it might be more different than we think don't push the panic button yet get a security software and you will see why. If you have a security software Valve should ALLOW YOU to continue Windows after end of life since it's basically protecting your system I wish Valve would make Windows 10 a chance to use it at your own risk only if you have a security software. Sorry not joining Linux just yet I keep coming back to Windows I've been a Windows kid all my life and REFUSE to allow Microsoft to mandate a TPM2.0 if they want me to stay then remove it already people just want to upgrade Microsoft can still fix this it's not too late to fix it in Windows 12 by opting out TPM2.0 requirements.

@SFSAtlas 25 күн бұрын

There's something called a full stop, use it