I could have sworn I've seen something like this before, but instead of a sponsorship, it was for discord game testing scams. Insane how widespread it's getting.
Honestly, fell for one of those "Discord Game Testing" scams. Tried running the so-called "game," got hit with an error. Took me two days to realize it, checked all my accounts-no login, no spammy ads or malware. Lucky break, but still had to force logout and change all passwords. Lesson learned: steer clear of these scams, folks. A momentary lapse can lead to a world of trouble.
@@fireninja8250 perhaps you still can, just don't ask them to run an exe file right away, or at least tell them to do the testings in a virtual machine.
what is insane that people will trust some random emails, not catch up on the weird email addresses, then download zip files, unzip them, and run additional programs requiring passwords - THAT is amazing, I mean - this isn't rm -rf and enter, there are red flags all through out that whole email convo, and still people fall for that crap
older? I know people from almost every age group that have a high chance of falling for this and a lot of other seemingly easy to spot scams and malware. Not everyone is chronically online.
I have a dedicated folder for downloading any suspicious emails, and NTFS permissions are set to deny execute (ALL) in that folder. It's not much, but it's one extra onion layer.
@n0tjak I would argue that you haven't really understood the video. It is very likely that they also have a payload for Linux, which would be pretty easy to generate since the user is effectively executing it, Linux trusts the user (mostly) and there are less defense mechanisms on Linux against this type of attack (since it was increadibly rare in the past)
This video makes it seem like you're discrediting Windows Defender, but you didn't really show whether other antiviruses can catch this thing. Code obfuscation techniques can disguise malware signatures, allowing them to evade some antivirus detection. You showed Norton giving a generic warning, but that's not the same as detecting the actual threat. It'd be good to see how some other antivirus programs handle this - does it sneak past them too? Maybe it's an issue for more than just Windows Defender. No antivirus is perfect, so comparing a few could give people a better idea of how hard this kind of attack is to catch.
Thank you! He also spotted the email header was not genuine and at 1:30 you can see so many grammar mistakes in the email - "All right, let's get to jobs" - JOBS? / "read WITH the Magix contract" - WITH? (common when it's scammers, not the case when its from a legit company like Magix). Those should have been enough signs to stop in his tracks without pursuing this anything further.
It seems pretty crazy that a recently downloaded application doing a specific action like, grab session tokens, wouldn't alert ~something~. I understand(glad even) them not scanning a file with a password but I can't think of many things that would do that specific action.
There's legit reasons for this, like if you're changing browsers and use its "import browser data" functionality. Although I do agree that there should be more in place to prevent these, it is a very fine line with high stakes, that must be tread carefully.
@@theoldtruth1196 because it's not using administrator rights thus not requiring an Okay by the user and also not a certificate to show it's from a reputable source.
Listen guys, never ever run or open any files that are password protected. There is almost no reason to encrypt stuff like that other than malware or personal data.
@@fraznofire2508 honestly that is incorrect, i do actuallx pirate software and honestly, as long as youre a bit careful its really not that bad, but dont open isos those are suspicious because thexre usually not used as archive
As a experienced hacker, I must say that never ever open any file without checking with a reliable AV(not including Windows Defender).Even if it looks a like a legit Microsoft Windows file, still check it.We learnt that lesson with NoEscape.exe, which looks like Windows Defender itself.
Oh man how much i laugh when you said that the criminals are discussing about win11 being spyware and don't like competition 🤣🤣🤣 that's absolutely hilarious
This is why we should always right click on a downloaded file and see properties to confirm that a file is what it claims to be (e.g. a PDF shouldn't be identified as an executable program)
@@raylopez99 password protect files are actually quite common. You just REALLY need to know where it's coming from, and best case scenario is you can open and edit it in a secure virtual environment.
@@youdontneedmyrealname Yeah I've played around with type 2 virtual environments but I've never had a legitimate password protected file sent to me for business, and I've worked in Silicon Valley on multi-billion dollar deals back in the days (90s and 00s). Maybe it's different now, I dunno I'm retired.
this is a very effective way to get around not only Defender but also all the other sandbox-based solutions because what it effectively does is use the password you type in as the decryption key. Many sandboxes will try to interact with UI elements so a simple message box is not enough but asking for user input is because no sandbox out there will know the password. And the reason why it doesn't trip afterward is that defender does the bulk of its scanning before the file is run with only minimal heuristics at runtime.
@@wannabedal-adx458 I'm not talking about the sandboxes that a user might use (like sandboxie), I'm talking about the automated malware analysts sandboxes that run the sample in a clean VM each time and record everything the sample is doing (like cape sandbox).
when you tell the sender what kind of Operating System you have, like you might say Windows 11, you move to another Operating system, like Linux but in dual boot mode. And then open the Emails from there.
Use a whitelist, anything not on it is quarantined in a folder that only reads text/headers. Relying an security software to protect you is like relying on a gun safety to protect you from an armed robber. And it slows the fsck out of your computer, wasting resources and power.
@@cpufrost using "Whitelist" is still equal to "relying on" certain algorithm-which you might see it as software. Whenever dealing with Emails, it's not only about security. It's about Social Engineering. How you manipulate your recipient is more important than the contents of the Email itself. By pretending to lowering your guard can reveal the other party's true intentions. Therefore, if a malware was designed to attack certain OS, it is way simpler to just open it in another OS where the malware is completely useless.
Yes, I thought I was losing it, video should be corrected. He makes it seem like a PDF will execute if you put the password in and steal your cookies. I literally had to freeze it a few times to make sure it was an EXE and not a PDF when it's listed in the zip folder as an application and Leo said it was a PDF. I was like what exploit is this in PDF I have to look out for now? Also wish he stressed how every time you use windows to make sure file extensions are not hidden. It happens, still love the Channel.
@@jaydoubleyou780 exactly this. the filename is shown by norton and has exe extension. if It's a PDF exploiting software than it can be mitigated .. Anybody knowledgeable about computers should know never to run stray executable from random person. micrsoft makes it too easy for malicious to prey on the unsuspecting because they hide the file extension by default and again by not flagging an executable that grabs browser data as unexpected and possible harmful behavior. MS hates nirsoft tools but a random executable has free reign to do basically the same thing so it seems.
Some e-mail clients, particularly those made for mobile OSes (like iOS and Android) hide the sender e-mail address in order to provide what their UI/UX designers would see as a clean UI. However, many people who aren't tech-savvy, like my parents, wouldn't notice that it's possible to tap a not-so-obvious down arrow or the round profile picture to reveal the full e-mail address.
But who wouldn't get seriously alarmed by a password protected file AND the password in the SAME attachment? That defeats the purpose of pw protection unless you want to bypass security.
@@yspegel Have you ever worked in IT tech support? You would be surprised at the amount of people using computers who understand next to nothing about computers nor have any computer security training or knowledge. I work in school IT as an IT tech. We run several phishing campaigns per year and its astonishing how many people, even "higher ups" who fall for them. We've had several people flat out enter their email and password into one of our phishing campaigns because according to the email, they're supposed to "validate their account information".
Good, clear information. Very helpful. Glad you stressed that Defender will not protect you completely (in fact no software will) and that you need 'situational awareness'.
I once log in my school's computer (dumb move), after 15mn my account was logged in another country, that's how fast viruses steal the cookies and transform accounts into spammers. After that day, I never log on other people's computer even families.
I'm guessing the school you attended used Windows but didn't use Active Directory with policies set to not allow users to run their own software. Also, it could've been possible that you attended that school at a time when they were still using Windows XP, because I know that one of the school PCs did get infected with malware that spread via USB flash drives and ran using an Autorun exploit that I think was patched out in Windows Vista or 7, and I only noticed the malware due to bad coding that saw it open another Windows Explorer (File Explorer) window with the folder pane open. I also did get my Facebook account hacked once (back before they added 2FA support), particularly with it sending and accepting friend requests with people I don't know in real life, but it turned out that some bullies looked at me typing my password, and I only found out that it was done by bullies when a classmate tipped me off in person. I then changed my password and remotely logged them out. I can only imagine where those bullies are now.
*You're wrong: Microsoft Windows Defender has Data of many millions Windows Computer and they could easily recognize this malware.* OK: probably the first thousands computers would get infected, but for sure, M$ would be able to use this analytics data.
I was consider trying out flare, but I can’t find any pricing… Like, do they actually provide prices anywhere? Because I sure as hell can’t find it, yet in their FAQ they state they have a "transparent pricing model". Cool cool, maybe add a link on that FAQ to prices? Makes it look sketchy as hell, so I’m out.
Thanks for the concise but insightful video! Would it be possible to do an analysis of how this same scenario would play when passwords are behind browser's protections (Edge's Windows Hello or Firefox's Master Password) or when using Passkeys? Thanks!
I've seen a few RU-vid channels that have been hacked with this method. I guess the best way of protecting against this is to never log in to RU-vid studio in the same computer that one uses to read the emails. Maybe a simple VM is enough, but definitely we need to be aware of these attacks.
Appreciate the info I’m just curious will you be making an updated video of the best antivirus that you can get or has that not been changed since 2023 because I’m kind of curious to get an unbiased rating again instead of just going to some other places that they might be biasedespecially with free antivirus would be awesome too
all i need to do is read the third line of the email and i know, ''What is MAGIX? Is the easiest way to create music on a computer'' broken english is a immediate red flag, even without that thou i wouldn't open a link from an email i didn't know, especially if its just a bunch of random letters and numbers
[I might be wrong!] When you download a file windows will mark it is from the web (aka. Not trustworthy) Since a few months/weeks ago windows did not flag files inside a zip downloaded.This changed!Meaning that as far as I know clicking in that fake pdf will trigger a popup.(Ofcourse this only happens when open/unzip it with windows directly not a 3rd party appl like winRAR or 7z, this might also be the reason windows added support for more file)
Paid versions often try to justify their cost by adding on features that aren't often all that useful. Try some of the free versions of antivirus solutions. In testing they are just as good as the paid versions often, just with less stuff added. It also means that you'll have at least some idea of how resource intensive an antivirus product is, or if you find it irritating, for example if there are a lot of false positives.
How exactly does the file work? What does it do? Is there any way to detect it? Is it a PDF, or does it have multiple extensions? I typically ignore attachments, unless I absolutely know who sent the attachment and why. However, if I happen to have any weird PDF's on my system, I'd like to know about them. I don't have any password protected ones. I'm pretty sure about that.
PC security channel, do you recommend adding another antivirus software to wins antivirus system like $Norton or kapersky free edition?? Thanks for this info, look forward to your future videos! Now subscribed 👍🏼 Thanks again 💯
I have seen this password protected attacks in the past . At some point in the process people need to realize ,, " Wait a Minute ! " . I delete all these things without delay . I do not collaborate with any message that involves many steps or has links to the " Best new video " or " The great new shampoo " etc etc. I do not need an email to find out these things when there are hundreds of other avenues to use. :O) thanks for the share . ( The brain is meant to be used )
A lot of password protected files are common, and legit. For example, you want to buy the electronic forms of journal article, textbook or novel. So the PDF or whatever might be zipped and password protected. If you want to earn some money as a writer, it does not make sense to give full free access to all. Not everyone is honest enough to donate towards costs, etc.
make sure to check every file you download to make sure its actually what you think it is. dont run unknown filetypes, and REALLY dont run unknown exe files
I believe it's because the malware exploits Windows Defender only scanning the file before running and initially running. The fake password prompt tricks the user into triggering the malware infection on command after Windows Defender had finished scanning.
That person person that got the details from that virtual machine is going to look at what they took and see that it was an blank virtual machine. Then they will see this video bringing more awareness. LOL
You can see where your emails are coming from when you hover your mouse in Windows 11 with Xfinity and google email but not on the phone. Is there a way on Android to see what the sender id is? My relatives that use their phones a lot have run into trouble with email before on their phones.
Assuming you mean the official Gmail app, then that, the official Outlook app, and Apple 'Mail' (iOS) hide the e-mail address and only show the sender name. The user is expected to tap on the round profile picture to the left or a not-so-obvious down arrow to reveal the full address.
Well the Flare trial didn't go so well it refuses any gmail email address. Or hotmail, or Outlook, or Proton brb buying a server, installing Linux, and creating my own email server....
nowadays brower protection and antivirus sepcific to avoid these malwares but even it in place they malwares get inside in enterprise but still siem tools might detect these hardware even in firewall dose these even those there will be detections or leftover might present , any way a great vidoe
0:35 Beeeeep ain't NEVER gonna happen.. Why open e-mail conversations you've not initiated yourself. Why do VM's and sandboxes exitst... Why click on links in e-mails. Why open password protected attachments, why open attachments at all... Why are people stupid...
That's why I'd recommend a proper firewall (there are free ones) that catches every unusual outgoing connection and asks you if you want to allow it or not, because the most dangerous connections are not incoming but outgoing.
1:30 The whole time you're going on about the innocence of links, you're forgetting one of the golden rules of scammers - bad English grammar! "All right, let's get to jobs" - JOBS? That makes no sense. That one line alone would be a red flag for me before I even bothered with the links. Magix may not have Microsoft or Google money but they are a well established company so could afford to hire people who can write legitimate emails with proper spelling and grammar. Going further in paragraph 2, "read WITH the Magix contract" - WITH? Again the English is poor enough to be a warning sign and given that there are so many grammar errors laced throughout the email, that should have been the red flag.
Always suspicious of unexpected emails with links and attachments. Or being tagged by random profiles on social media asking me to contact them, or sharing link with me. And that includes private messages from my own contacts. Even a colleague sent me sms with a link, which I didn't click on until I had it confirmed from her it was genuine. Not being greedy and nosy pays off.
So you get hacked by being stupid? View Emails as ASCII only, don't click on random links and attached files and if in the least amount of doubt and you still want to click or open, view the source of the Email first. Don't indulge in unneccesary risky behaviour just because you think some safety system will protect you.
This is just an advertisement, and provides false information about Windows, Office and Edge browser protection, Windows and Edge have user customisable features that can be turned on free of charge and prevent demonstrated situation from happening. How about be honest and truthful and show people how they can enable Windows, Office and Edge security settings, for free. instead of making click bait headlines to sell your sponsors product.
some time ago I click on the pdf attachment of a scam email, I had avast av back then, It said it was pishing virus, but when I clicked on the pdf It automatically open on microsoft edge. after some time I reseted the pc and changed all my passwords, Am I safe? sorry for bad english
The reason I dont use default antivirus or firewall. No matter how much good I hear about Defender. I have nothing against it but because it's default security for the masses.
Bro, I always disable my windows defender after fresh installing my OS(Win7 Ult, btw) since it's basically useless~ Not worth the ram space~ I also disable windows update after getting the essential updates that my pc needs~
What if all apps use One Time Password that changes every time and sent to your mobile as text message .. unless they hack your phone which is bit difficult, the computer info will be useless ..
Why are you promoting a sponsor that doesn't permit regular users to register for their service and making it look like you can just use their service for personal use?
Isn't it common knowledge not to click links from email? Let alone download it. Been on pc for 30 years, this is like a blast from the past. lmao I always scan my pc and clean it before using any sensitive account online. Then erase it thoroughly when im done. And neve save their passswords.
No disrespect to the video maker but it clearly said on the zip file it was an application. So even after it got extracted, it is not a PDF. They made an app that it uses the PDF icon to make it look like a PDF but it still is an app. It was never a PDF... Reason why i always tell people to make sure windows shows the extension of files even if its well known extensions.
in order for the file to get flagged by defender AV you also need to enable automatic sample submission as well as cloud delivered protection. If you have them disabled then you either have poor security knowledge or you're just spreading bullshit information trying to make it look like defender is bad.
