How this OPEN SOURCE "Cheat" Hacks You

Eric Parker
Eric Parker
41,242
0
Published 2024-07-29
Taking a look at a new trend of 'open source' projects hiding malware in plain site, in this case in the build files.
Official Discord Server - discord.gg/ericparker
Follow me on X - www.twitter.com/atericparker

Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.

Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.

More Malware Investigation Videos:

→ The latest "NORD" Malware - Nordsecured:    • The latest 'NORD' Malware - Nordsecured  
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM:    • 🧧VIRUS WARNING🧧 NEW Optifine for Mine...  
→ The wilkreate YouTube stealer virus that started this whole trend:    • Fake sponsor DESTROYS YOUTUBE CHANNEL  


(C) Eric Parker
All Comments (21)
  • @p0008874
    > Open source > Look inside > Electron slop Yes it's toddler malware.
  • @KillianTwew
    0:37 not only are they reading the comments, but they probably are the comments pointing people to their malicious cheats
  • @rebok232
    the commit names are so professional, good work from their side completely legit
  • @0owmjapo0
    This might seem like a stupid question but how do people deal with info stealers? Seems like a game over kind of thing. You just lose all your accounts? Is it only if you sign into something after installing the stealer? So you don't lose everything but it's still an awful thing to go through. Seems like a nightmare.
  • @Rockyreal-h1b
    idk anything about cheating or coding, but your videos are very good with good info on these rats and hidden malwares! its enjoyable to watch. thanks
  • @olivertech507
    I have seen a malware campaign similar to this, but by the same threat actor, as it uses the string “muck” in the urls and had same distribution vector (fake cheat source code). However, it uses RTL characters and an scr. It used a FUD node payload too. The EXE is fud because it is not malicious in itself, as the real stuff is in app.asar. Usually it’s detected by Kaspersky in runtime.
  • @mu11668B
    That exe file is likely harmless. The real deal in electron malware usually lies in resource/app.asar, except for the 3CX one done by the DPRK.
  • @PrincessColumbidae
    1:57 what AI is that? I never knew it was good at detecting malware, especially identifying it Ah, it's Claude. I'd never heard of it before!
  • @ZeptionT
    It running at compile time is clever.
  • @ChemicalsTNO
    idk if is the same, but there is a obfuscator that does let you build a Remote access trojan using that kind of obfuscation
  • @awesomecronk7183
    Hiding in the build script reminds me of the XZ backdoor where the malicious component was hidden in the tests and injected the backdoor into the binary after compiling, during testing
  • @happyts-00
    "ctrl + /" to comment a line in the file extension's appropriate syntax in visual studio code
  • @alejandroalzatesanchez
    Yeah the software is doing what's being told to do, is cheating but we didn't talked on who.
  • @yama900
    The malware is pretty classic, however hiding it during compile time is really clever
  • @grn-xx
    This looks like it is impersonating some processes like search filter. Is there an easy way to detect those? For example if the process is causing an unusually high cpu load, is it possible to check if the underlying exe is real?
  • @tuskiomisham
    what programs are you using for forenzics here?
  • @XxXDeadlykingdxXxX
    You say that open source cheats are bad cause the anti cheat will detect them however EAC on Linux for example runs on usermode and so any cheat that doesnt write to memory, with 2-3 precaution steps like running the cheat at root level and hiding root pids, will make it undetectable.