Beam.NG Players are in Danger

Подписаться 102 тыс.

Просмотров 125 тыс.

50% 1

In this video I investigate a new series of stealers targetting Beam.NG players.
Official Discord Server - / discord
Follow me on X - / atericparker
Deobfuscated Malicious Lua code - pastebin.com/r... (do not run)
From some further code analysis, it seems this is a key part of the payload. "PySilon", while I was not able to decompile the Python code, using a hex editor I noticed strings. This software has a long list of capabilities.
github.com/mat...
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate RU-vid stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024

Опубликовано:

30 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 569

@HypeCrazed 3 месяца назад

If you get mods from the official repository, you're fine.

@Noname-iq1gz 3 месяца назад

Mods outside the repo were never good imo

@jennalove6755 3 месяца назад

yuh just rip the paid mod and upload it to a reputable website

@Alfred-Neuman 3 месяца назад

Are you sure about that? lol

@rustirab3465 3 месяца назад

Things can slip through and cause problems in the meantime until they get removed.

@ArizonaTooth 3 месяца назад

@@Noname-iq1gz beam monsters monster trucks are bangin bro

@Ke1teu 3 месяца назад

Seems like game mods being infected is becoming even more common, its such a shame

@Vhie05 3 месяца назад

I wonder if I'm in danger, GTA SA is my most modded game atm

@luigidabro 3 месяца назад

@Vhie05 SKULL EMOJI. Btw, they edited their comment, and now there is no more SKULL EMOJI.

@hansmitdergans7879 3 месяца назад

@@Vhie05 I can't remember GTA modding being not dangerous

@JoshuaPeisach 3 месяца назад

Yeah, one year after fractureiser. I think now the target is games for sure

@yourtypicalutpersona 3 месяца назад

Minecraft had it coming before, and now that one game

@NoOrganHarvesters 3 месяца назад

Funny how you decoded the hackers code who hate AI, with AI.

@zrehirs 3 месяца назад

I hope they get defeated by AI, too.

@jwalster9412 2 месяца назад

It's like that time someone snuck into the national US security conference.

@edwardfanboy 3 месяца назад

The NullBulge logo is AI generated, and they accepted Monero donations, so I don't think they genuinely believe a single thing in that manifesto.

@infinitemausoleum721 3 месяца назад

THANK YOU. It absolutely feels like a "We're the Good Guys:tm: so please don't try to stop us!" thing.

@Jay-kc2pm 3 месяца назад

@@infinitemausoleum721 Basic propaganda that they couldn't even bother pretending to follow

@ZiddersRooFurry 3 месяца назад

People that do this kind of shit never do. They're all sociopaths.

@bolm1 2 месяца назад

@@infinitemausoleum721that's the point

@ultimatesigmagamer 3 месяца назад

The malware is a python based discord rat called "Pysilon". The bot token which is found in the stub is no longer active which is good.

@PixelCraftPlay 3 месяца назад

so the malware broke?

@ultimatesigmagamer 3 месяца назад

@@PixelCraftPlay every stub that used that bot token is broken and possibly the server was destroyed too where the bot was in

@firenado4295 3 месяца назад

@@ultimatesigmagamer probably just means tyhe token was reset

@madbanana22 3 месяца назад

shows how competent the devs are when their bot's token is just chilling in an open github repo

@firenado4295 3 месяца назад

@@madbanana22 oh damn didn't realise it was on git hub, thats even more funny cuz for about the last 5 years or so discord and github have teamed up to automatically invalidate tokens when they are uploaded there.

@XelaFourEva 3 месяца назад

Fucking hilarious that they're putting fetish art on other people's websites lmfaooo

@afloof9649 3 месяца назад

As a furry, i can say that these people are dumbasses. Especially because of the fetish art, easily the single best way to track a possible owner or lead of the group

@aywei 3 месяца назад

I am furry around 7 years now and it always amaze me how fked up the community actually is... just learned this fetish exist wtf is with people.

@XelaFourEva 3 месяца назад

@@aywei Okay, either you're an actual child or you're incredibly weak willed. If you think this is "fucked up" then you should just stick to the surface level knowledge of the community.

@yosutzuhruoj 3 месяца назад

@@ayweiTell me why you like dogs too much

@dashdashdash_ 3 месяца назад

@@aywei Kero the wolf fan located

@MysLouis 3 месяца назад

mods are getting more dangerous than random exe's

@BobTrollge 3 месяца назад

i mean mods are just code, and code can do a lot, i've seen videos of people using lua scripts to write an exe and then run it

@MysLouis 3 месяца назад

@@BobTrollge ye but still malicous mods are getting more and more popular

@3RR0RNULL 3 месяца назад

@@MysLouis Yeah, I’ve made a few before. (For testing and practice, not for malicious purposes) In recent years it’s become incredibly easy in nearly every language, especially with certain AI tools being easily jailbroken or having no protection against outputting malicious code at the user’s request.

@chibisayori20 3 месяца назад

@@BobTrollge That's exactly why Lua should be sandboxed and don't allow access to operating system calls

@herrlehrer1479 3 месяца назад

Bullshit. Just don’t torrents fucking mods

@Exponaut_R-01 3 месяца назад

The hacker group really called themselves null bulge, of all things. We live in a society. One where our hacker groups are apparently, into some wild stuff.

@leneal2315 3 месяца назад

null-bulge fetish being used as a hacker group name was not expected

@NickAc 3 месяца назад

Yeah, i know right! Also caught me very off guard

@S-573 3 месяца назад

it actually made it question reality for a sec

@sprolyborn2554 3 месяца назад

I expect it more and more. "Programmer socks" are becoming a bigger and bigger thing with each passing day

@Bronyfur05 3 месяца назад

Funny nonetheless

@Exponaut_R-01 3 месяца назад

That must be something they're into because I saw that and went "...Do they know?"

@definitelyaraven 3 месяца назад

Damn my dad was right, BeamNG drive WAS incredibly vulnerable to malware, thankfully I only install mods from the repository, I will be checking my mods before I load up the game again, thank you so much Eric. update: I'm not affected, but I swear to the heavens.. 10 whole years and we have the first stealer in beamng's modding history..

@maticz3923 3 месяца назад

Lua is very easy to sandbox. Idk the details but there should be no way for a mod to load ffi

@aykarain 3 месяца назад

i dont play this game but its pretty cool how there hasnt been anything like this for 10 years...

@leepicgaymer5464 2 месяца назад

@@aykarainBecause the ingame repository is actually checked for harmful malware by the team at BeamNG and that's where people usually download mods

@Voxelstice 3 месяца назад

i have only just seen the first couple of frames and it's IMMEDIATELY obvious what the problem is i have played beamng. i have looked at the lua scripts. the problem here is the ffi library being publicly exposed to the lua programming interface ffi is basically an interface to the C++ side, which is an helpful utility sometimes (beamng devs use it to execute some engine code in lua scripts, or unpack a C++ struct to a lua table), but when it ends up in the wrong hands, it's basically just a glorified executable that gets compiled and ran. you're unlikely to experience this sort of trollery on the actual mod repository, as there are people actually manually approving mods

@araghon007 3 месяца назад

So you're telling me mod developers have unrestricted access to what is essentially javascript's eval()

@Voxelstice 3 месяца назад

@@araghon007 basically. I don't know if there's any restrictions but there may be barely any

@sideswipebl 3 месяца назад

Hackers working for paid mods is like anarchists working for the government

@NachosElectric 3 месяца назад

They're against using paid mods without paying for them. I think.

@CWINDOWSsystem32 3 месяца назад

Isn't that what being a grey hat hacker is?

@sideswipebl 3 месяца назад

@@NachosElectric Yeah I majorly misphrased, I meant hackers working to protect paid mods

@dogewow8999 3 месяца назад

Ok, but in which BeamNG mod did you find this?

@bitelaserkhalif 2 месяца назад

Hovering bolide by applebotzz on modland. From now on, check your modcs lua just in case.

@X340n 2 месяца назад

I know right? I'm panicking just a lil

@Izakp Месяц назад

@@X340nfr

@Mihacappy 2 месяца назад

They are against AI generated artwork, yet they use AI generated artwork for the nullbulge logo XD

@ThePimpinator 2 месяца назад

Oh the irony

@3magikarpinamansuit281 2 месяца назад

Almost as if they are grifting and just say that so they seem more moral.

@kcgd3707 3 месяца назад

Which mod was affected? Is the malware in the official repository? Dude you cant just say there's stealer malware in a beamng mod and give no info about which mods are affected

@kekkodance 3 месяца назад

pirated mods from modland

@3magikarpinamansuit281 2 месяца назад

Someone didnt listen to what he said.

@latvian5555 2 месяца назад

@@kekkodance how do i know what mods are pirated?

@-__-O 2 месяца назад

@@latvian5555 paid mods than are given for free on modlans etc...

@bitelaserkhalif 2 месяца назад

@@latvian5555 either leaked mod, or just straight up re upload from forum (which is in this case, coming from flying bolide mod)

@DoggyDieter 3 месяца назад

Im a active Beam NG player with many mods. I am so thankful for that video

@GTAMAN-officiel 3 месяца назад

LOOL i have 647 mods right now 534 are from modland 16 from worldofmod and the othets are from repositorie@@WhoKilledRadioStar

@bitelaserkhalif 3 месяца назад

102? Huh. Try 710 mods.@@WhoKilledRadioStar

@Gabethedoggo 3 месяца назад

I have some cars that just fly and are white Gravil D series.

@Gabethedoggo 3 месяца назад

Is that a virus?

@GTAMAN-officiel 3 месяца назад

@@Gabethedoggo no not a virus but a broken mod me too i have the Toyota Hilux mod spawning white d séries but i recommand scanning every mod you download in virustotal and i am talking about modland and other sites not the repo

@_daniel.w 3 месяца назад

I recently found a vulnerability in BeamNG which allowed for arbitrary code execution (or remote code execution in multiplayer), but after reporting it, they fixed it. So that's always nice. There's definitely more issues though (such as this one). Edit: If I were you though, I would have personally kept it private until something was done. Now we'll get a few hundren skids on BeamMP and KissMP doing RCE's 🙃

@Kwpolska 3 месяца назад

I have used the base64 feature of PowerShell to be able to run a PowerShell script from a program in another language without having to bother with the pain that is escaping quotes and newlines. UTF-16 is the internal encoding Windows uses, and the only one supported for that PowerShell base64 feature (which is an explicit PowerShell feature, not some “core .NET thing” another commenter mentioned).

@Triro 3 месяца назад

I really just hate paid mods. Mods should be free. Now, I don't care if you do something like your supporters get new mod versions lets say 2 weeks early, but doing completely paid just rubs me the wrong way. At that point it might as well be 3rd party DLC.

@ThatCapybara315 3 месяца назад

I think paid for mods are ok if you make mods alot and they are super high quality what shouldn't be allowed is paid mods that are absolute trash

@Triro 3 месяца назад

@@ThatCapybara315 Absolutely not. You might as well just consider them unoffical paid DLC. But unlike DLC these modders use things like Patreon, where guess what. Its a monthly expense! Meaning you're paying monthly if u want the latest updated unoffical paid DLC, I mean "mod". You wouldn't be happy if u had to pay monthly for a DLC of a game, so why not the modders. I get they have to make money somehow, but their are better ways like asking for donations, or giving early access to your paid subscribers.

@matthewpauls2498 3 месяца назад

⁠@@TriroI definitely think monthly is dumb but you only need to pay again if there’s a game breaking bug tbh. But general idea of paying is fine. Everyone just expects good mods to appear on silver platters like a granted law of physics.

@iretr0x675 3 месяца назад

FiveM police livery for $69.99: Farding simulator pickup truck for $80: Truck simulator truck for $140: Stealing your moms credit card for a $14 fuckatnite skin: Paying $34 for 7 gallons of gas: Beamng mod for $3.45: 😱😱😨😨😥😥😰😥😬🤮🤢🤕🤒😷😪😮

@Wasmachineman 3 месяца назад

@@iretr0x675 >FiveM police livery for $69.99 Knowing how fucking retarded FiveM RP servers are i'm not even surprised. t. former FiveM player.

@creeperlv6668 3 месяца назад

The Base64 thing just calling to core library of .Net, not necessarily the powershell is designed with executing base64 encoded scrupt in mind. It's kinda like piping result from base64 command to a shell command in GNU/Linux.

@Kykof 3 месяца назад

I remember telling you about this like 2 years ago! So glad that you are making a video about it now. Great video as always Eric.

@MordecaiTheAwesomeBluejay 3 месяца назад

We got furry fetish hackers before GTA 6 💀💀💀

@GiliceJani 3 месяца назад

Also is this a PSA or a code review? I have no problem with the video, except that it doesn't mention anything which/what mods were affected AND how to check if YOU ARE infected.

@bitelaserkhalif 2 месяца назад

The affected mod IIRC is flying bolide on modland by applebotzz

@c02c02 3 месяца назад

love your videos but please fix the glitches in your mic output, i had to rewind to check if something was broken on my end lol

@EricParker 3 месяца назад

Will try and figure out what's going on, noticed a bit in editing, not sure what's happened their.

@wrathofainz 3 месяца назад

Same

@th3WhiteRose 3 месяца назад

I think the Mic is peaking

@genisis3457 3 месяца назад

@@EricParkerif youre using voicemod, then you have to switch to another mic input, then back to your normal mic, i get that issue a lot.

@fliermcduck 3 месяца назад

i play beam occasionally this is actually quite helpful to me, even though it was VERY unexpected i'm always wary with downloads, but i never thought some knucklehead would upload malware to a goofy, small community like this one

@rustirab3465 3 месяца назад

No place is safe ☠

@fliermcduck 3 месяца назад

@@rustirab3465 yeah, it really sucks now i get real nervous even when i download steam workshop mods or develop my own minecraft modpacks or other game mods a whole lot of addons and file-manipulation tools still don't sit right with me, even after i look into them and get negative results from virustotal and hybridanalysis

@baadkeming 3 месяца назад

UTF-16 is fairly normal in WindowsLand™, most of Microsoft committed to UTF-16 back in Windows NT long before UTF-8 was widely used. Internally, .NET (which Powershell is built upon) uses UTF-16 rather than UTF-8 for its string types. As a result, it's not unreasonable that Powershell would expect encoded scripts in UTF-16. edit: whoops, someone already pointed out the bit about .NET. Still, I figure it might be nice to know the context of why that is.

@Crazyclay78YT 2 месяца назад

these are the same furry hackers that leaked 1TB of disney's files 😭😭

@lands1459 3 месяца назад

which mods are affected?

@picklejho4200 2 месяца назад

Stuff from those shady sites like modland and world of mods, if you download mods from the repo or forums you should most likely be fine

@tomtom987 3 месяца назад

13:20 this is a RAT using discord, i believe it’s a bot used to receive information and send information from the infected computer to the discord server, they are using a bot to do so, they can control the RAT from discord using the bot if I remember correctly

@Pwnz0rServer2009 3 месяца назад

if they included their bot cookie in their program, you know what to do :)

@aoobasuzukaze 3 месяца назад

FYI that request tries to fetch user info about the bot (the bot's username, avatar, etc), I'm guessing it's to check if the bot is still alive, and if the API didn't return a 401 (indicating that the token is no longer valid, so it was either reset or the bot was deleted) then it would probably try to send whatever it collected thru that bot, it's about as bad as using webhooks since it's just as prone to getting spammed and deleted by someone xd

@tomtom987 3 месяца назад

@@Pwnz0rServer2009 I know it’s possible to log as a bot if you have the cookie, but If they have certain settings enabled then it’s not normally possible

@tomtom987 3 месяца назад

@@aoobasuzukaze Oh ok! Thanks!

@Pwnz0rServer2009 3 месяца назад

@@tomtom987 i specifically said *if*

@lucywucyyy 3 месяца назад

wait am i getting this right anti malware activist furries are putting malware in beamng mods???

@TAELSDOLL 3 месяца назад

l love it when microsoft makes it easy for hackers to encode their malware lol

@NielsHeusinkveld 3 месяца назад

Off topic, that 'stutter' in the video at around 7 seconds reminds me of the day before I found out Trusted Platform thingymajig was the cause of ruining my gaming experience for over a year..

@joshua-kramer 2 месяца назад

I’m honestly not upset about this. Imagine being shocked that the 50th upload of a Dodge Hellcat is infected with a trojan when that dubious mod site is only filled with desperate fanboy asset flips stolen from another game or asset library, and providing only the most basic collision meshes and jbeams. It’s like critical thinking is a wish. 😂 Remember kids; if something is free, you’re the product. This includes things you obtain from the high seas. 😊

@LukasGaz.444 3 месяца назад

A weird thing is, i am watching this while playing BeamNG. Thanks for informing me. I will stay safe when downloading mods.

@GiliceJani 3 месяца назад

Base64 has a myriad legitimate uses. One being that you don't have to escape it because it is ASCII.

@jamiebonczek8026 3 месяца назад

I’m not really good with computers although I’m on it a lot. I got a bunch of mods and wondering what exactly in the vehicle folder I should look out for? Watched the video but it’s super confusing imo and short explanations of what I look for

@chrissametrinequartz9389 3 месяца назад

If you get it from the official repository (so like in game) you should be fine

@LozeiiYT Месяц назад

@@chrissametrinequartz9389 so im fucked?

@jamiebonczek8026 27 дней назад

@DJSurronXthanks for this info. I tend to get mods that have more than 1k downloads and have better like ratios.

@LozeiiYT Месяц назад

i have so many question bc im stupid: what does any of this code things mean? how do i look for these viruses with the iq of a goldfish? is there a extremely simple explanation to this? how can i tell if my pc is already infected? which websites are safe? what does it mean by "hot singles in my area"? and even if i do have a virius what if the virius bypasses the windows virius detector and says im in the clear even if im not? what if my personal information has already been leaked? how do i effectively get rid of it without doing this codeing stuff that will give me a massive headache? how do i really make sure that my device is clean of viriuses? pls see this bc i am now in a state of panik and will explode

@GhostOfDamned 2 месяца назад

Repository gang 💪

@SpaceCadetKitty 3 месяца назад

This is a great analysis of malware, you make it look so easy

@kanna2515 3 месяца назад

why do you always have these weird cuts in your videos? you'll be in the middle of a sentence and it'll jump to another sentence, usually during explanation of something

@jouby3109 3 месяца назад

These guys are phony losers lmao

@BlazerNG. 3 месяца назад

I knew it. I knew something was up with BeamNG mods lately, but this is even worse than I thought. Anyway, thanks for the video mate. Could you please tell us the name of the mod? I want to make sure I did not download it. :D

@kiwirocket64 3 месяца назад

Payed mods should be illegal mods are supposed to be free

@babuskaonline8907 3 месяца назад

I like how people are crying about not being able to torrent paid mods for free without consequences. Just use the repo if you don't want to get a virus lol the dev team literally vets every single mod thats uploaded to the repo.

@siunaussiunaus 3 месяца назад

Of course it's a furry hacker group feeling like not going outside this year well well well

@javi_3753 3 месяца назад

And if I only download from steam store. I mean in game mods

@EricParker 3 месяца назад

That should be fine, the main issue is pirated mods.

@braidenzack309 3 месяца назад

I got Chinese malware from a left 4 dead workshop mod, so I'm not so sure.

@robotmechanicalwhizkid2521 3 месяца назад

Which mod specifically?@@braidenzack309

@BigMan7o0 3 месяца назад

@@EricParker How likely would you say it is for something like this to get past Windows Security AND constant Malwarebytes scans (typically one a day)? I don't THINK I have any pirated beam mods but I use Modland and sometimes they don't scan/vette the mods themselves and I don't know for sure their vetting is even trustworthy so I have always scanned anything I get there almost obsessively, but am curious what my chances are of getting hit anyways.

@tonid-pj8qn 3 месяца назад

@@braidenzack309 what was it called, now I'm interested

@thegamer. 3 месяца назад

I installed a couple mods from the beamng mod menu, but i never installed anything from a 3rd party website, i should be fine, right? I played recently and my mods were disabled anyway due to me not playing in a while but i wanted to make sure

@chrissametrinequartz9389 3 месяца назад

You should be fine if from the mod menu

@sturmifan 2 месяца назад

just get mods from the official repository

@awesomeguysuncle 3 месяца назад

I had a feeling this would happen to beamng, be careful out there guys

@WesleyTRVOfficial 3 месяца назад

Audio glitch at 0:06. In the meantime, stay safe.

@NewBuildmini 3 месяца назад

I thought something was wrong with my headphones.

@marh122 3 месяца назад

funny how he started to talk about trojan malicious virus and the audio started stuttering

@twids4 3 месяца назад

For whatever reason powershell, I’m not sure if it’s windows apps too but powershell uses utf16LE and can be really annoying if you’re switching between Linux and windows but I don’t believe this is localisation just powershell being powershell Base64 can be useful in powershell if you need to pass commands and there might be encoding that breaks characters or url encodes etc. Used a VM where I couldn’t move a powershell script into host and copy and pasting would break encoding so I base64 encoded pasted it into host and just used the encoding parameter. While it’s used maliciously it does have some legit good uses

@goongleton 3 месяца назад

i'd love to see you try older malware on newer systems or vice versa

@indominusrex1652 3 месяца назад

Newer malware on older system will cause more damage than new malware on new system due to the absence of necessary security updates Older Malware on Newer systems will do nearly nothing just be an inconvenience since the security updates stop those in their tracks

@d3tach3d 2 месяца назад

The Sad Truth is we will see more and more of this because what do people need to be hackers like these? They are Coders who have and will likely lose their livelihoods to A.I. more by the day. White Hats are turning into Back Hats out of Revenge and many other reasons. Another important factor is the stereotypes of coders/hacker being introverts and living a lonely life can be a miserable life where its easy to get radicalized. I sympathize with them but cant say I agree.

@matthewlewington2470 3 месяца назад

I love watching this stuff. Just seeing what these programs are upto is cool

@SeamanLord 3 месяца назад

There’s something about the mic being slightly different video to video that I look forward to every video 😂 my lil cousins always asking me to get them “hacks, mods, etc” in Roblox and Fortnite and even before coming across your channel I could smell the malicious intent. So it’s neat to have someone to show what would’ve happened if I just went along and installed everything from a “Free Robux” RU-vid description. Keep up the great work 🙏🏽

@tomtravis858 3 месяца назад

base64 encoded scripts just seems like a quality of life feature, let's say I want to send a friend a command or script it would be possible for whatever messaging app I use to interpret stuff like "\*" as a way to format italics so would break the command/script. I don't see why it shouldn't exist since you could just decode it yourself if you're a malicious actor.

@monkaSisLife 3 месяца назад

i think it causes more harm than it does good. There's plenty of other (and safer) options to send someone a script

@tomtravis858 3 месяца назад

@@monkaSisLife I don't see how it changes anything, it's trivial for malware to just decode it. You can still decode the script/command if you want to confirm it's safety but pasting a full script into powershell is not likely to work.

@bitelaserkhalif 3 месяца назад

It also can be used to deter DMCA bots. All efforts to take those down must be done manually, since if bot decodes the entire website, it'll be jumbled mess.

@d0tmaxx376 3 месяца назад

The moment you see ShellExecute in source code you are fucked

@Blitzkrieg_Wolf 3 месяца назад

Hackers defending paying for mods? Sounds like some Bethesda hires to me. As for their image... well, they're not winning over any major players in the free market/piracy debate with _that_ kind of image.

@kitastro 3 месяца назад

that logo is a ai art

@tiagotiagot 3 месяца назад

Wait, when does Lua get into play? I didn't even see the game being launched in order to interpret the Lua script... Did I miss some moment in the video where you show it hijacking the game's Lua interpreter or something?

@dot32 3 месяца назад

LuaJIT has a feature called FFI which to my understanding can run external dlls. This feature is intended for performance critical code such as math libraries. This mod downloads this exe and executes it using FFI. He reviews what the exe does in the video.

@LEPOX208 3 месяца назад

Well, back to making my own mods with Automation I guess.

@bluebutterfly6394 3 месяца назад

Minecraft: first time?

@coolcostupit 3 месяца назад

I honestly don't understand why beamng drive is allowing to execute external c code purely in lua, its weird and a huge security issue.

@ChristopherGray00 3 месяца назад

i hadn't played beamNG or modded for it so i'm unfamiliar with how it works on there specifically, but if i were to guess, it could be for particularly advanced mods that have their own hooks to allow for functionality that otherwise isn't implemented in the game's lua API. but yes, this opens the door for massive security implications, this should at least be an explicit opt-in feature.

@coolcostupit 3 месяца назад

@ChristopherGray00 I am a mod developer on beamng myself, I know ffi exists in lua but I did not expect that it would exist in beamng drive as well. The ffi executor doesn't interact with beamng or its internal api's, it's just a external executor and I have only seen Beamngs internal source code use it. At least they could lock ffi to Source scripts rather than making it an unlocked and insecure api.

@olnnn 3 месяца назад

@@ChristopherGray00 There is a third party mod that adds multiplayer support for the game (BeamMP), I suspect that could be (ab)using this functionality to do communication with the outside. Maybe they'll add official multiplayer at some point but in the meantime, if they broke that mod I think a lot of players would be angry so they would at least want some way of making that still work even though it was probably not an intended "feature".

@sepehrjaveri 2 месяца назад

You Shouldn't name this game only, when it is a Malware that targeting "games" and not only BeamNG; I just surprised that I saw this video's thumbnail and don't thought that is just a malware from malicious mods

@whtiequillBj 3 месяца назад

@2:08, I can't tell you WHY Microsoft would add obfuscation of strings other then they seem to ❤obfuscation and redirection if you spend anytime in the Configuration Manager, better known as the Registry. I have found keys that point to keys that finally point to a data key with the actual data in it.

@yvonetubla7682 3 месяца назад

a hacker group of steam fanboys lmao

@llIlll 3 месяца назад

Am I amble to dump my mod folder into a program that can tell me if any of my mods are malware?

@bakkerem1967 2 месяца назад

Powershell Base64 encoded commands are useful when you need to pass a complex commandline, containing special characters that for some reason cannot be escaped. I want to note that bash also has the possibility to use base64 encoded commands. I've seen this first hand while watching the installation of an official patch for a broadcom product.

3 месяца назад

I just run games in a container isolated from the rest of the system. \o/ Linux for da win.

@chibisayori20 3 месяца назад

Just run it on your main system, you can trust all my mods and games.

@eilidhmm 3 месяца назад

this is what you get when you have this weird elitism around paid (and even private!) mods, beamng is the only game where I've heard of either and now it's the only game I've heard of where mods infect your pc with malware, sick sick sick sick

@CamillaLyn6 3 месяца назад

Stop piriating BeamNG, if u love the game, buy the feckin thing, or we'll be stuck in beta forever .-.

@CzlowiekDrzewo 3 месяца назад

Horrible day to have eyes

@shalodey 3 месяца назад

Uploaded the day after I enabled all my mods on BeamNG lol But the virus seems to be very targeted at Windows, which should leave me safe. Might wanna clear out some of my shady mods regardless though.

@potardo9851 3 месяца назад

The second I heard "you get it through a torrent" I was immediately put at ease as I never use torrents. Not saying you couldn't get it from other sources but it was kind of a yeah duh moment.

@EricParker 3 месяца назад

Has been distributed on sites like modland as well. Pretty much anyway people are getting leaked mods is effected.

@LeeFirlotte-o8y 2 месяца назад

Thankyou so much for this video decided to do a pc scan and found out I had a trojan all sorted out now but thanks for giving me the insentive to do a check

@nullset. 3 месяца назад

how sad do you have to be to infect people that aren't financially stable enough to pay for ridiculously priced mods

@optimumplatinum2640 2 месяца назад

wtf is that at 2:56 💀

@llIlll 3 месяца назад

So how can I check if my mods are infected?

@4Panccaa4 3 месяца назад

Thanks for this video. I only get mods of the ingame mods on the official BeamNG mod browser and the other mods I use is a ultra graphics one made by a BeamNG dev which is safe and the other one is the multipler mod. aka Beammp

@ayandamabhena9391 3 месяца назад

Your mic glitched at the start

@nickaalex 3 месяца назад

Having a hard time understanding this. What does this thing even do and why should I be worried?

@EricParker 3 месяца назад

I also made a video on the virus they're using here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-yjLYz2lo0FE.html& this is what they can do with your computer.

@nickaalex 3 месяца назад

@@EricParker That helped, thanks

@ShawnMeira 3 месяца назад

Could you please clarify if mods on the official repository are affected???

@chrissametrinequartz9389 3 месяца назад

You should be fine with the offical repo, I think its mainly 3rd party stuff thats the issue

@pedodoxxer 3 месяца назад

if so then thats beamngs fault maybe a few on the forums but none on the official

@Vallee152 3 месяца назад

Chat GPT absolutely sucks at every translation task I give it

@jaxson8262 Месяц назад

utf-16le is for powershell to understand the base64 data

@oodalaK Месяц назад

beamng broke like 2 months ago for me anyways :shrug:

@arcadeportal32 3 месяца назад

I use linux, which powershell does not work so, yay? Lol

@TprocNet 3 месяца назад

RU-vid knows me well, Hacking, furries and ...

@adina-the-nerd 2 месяца назад

Luckily these kinda bad mods don't work on Linux

@user9536 3 месяца назад

i have 0 idea what you are talking about at all but this is cool

@purple-zot 3 месяца назад

this video made me drop everything

@darkpit1303 3 месяца назад

Paid mods will lead to this games downfall, mark my words

@Odin-Flora 3 месяца назад

Time to go delete all my mods😢😢😢😢 edit: I got them from the repo

@Pwnz0rServer2009 3 месяца назад

me who hasn't launched Beam.NG since 2023:

@senorporko3299 2 месяца назад

Im so glad that i dont have a pc that can run beam at the moment

@kavylavx 3 месяца назад

hey i havent watched the full vid like, but def a like and sub.

@ambientlightofdarknesss4245 2 месяца назад

The good thing is most mods are heavily community driven. As long as you stay on the big mod websites. Nexus, Steam workshop etc. Make sure the mod has at least some downloads and comments. Most modding communies for games are incredibly passionate about their community. And they'll fall down like the wrath of god on the mods if people start to get hacked.

@hondacivictypyr 3 месяца назад

Im very curious what mod have this shit in them

@pedodoxxer 3 месяца назад

forza implements that are fake that cant make it to the repository and a lot of ui mods since there easy to make

@hondacivictypyr 3 месяца назад

@@pedodoxxer But i would like to use some modland mods for my friend

@pedodoxxer 3 месяца назад

@@hondacivictypyr too bad if you want to then download a mod and decode it best ones are most popular ones if you go further into the pages then there is way more chance of a virus

@XVXC-M8 3 месяца назад

It's really disappointing that there's no other games out there like BeamNG and the modding scene is nothing but shitty meshslaps, paid sub par or really good quality mods, and russian kids hiding the most deeply integrated viruses into mods.