Discord Malware - "i hacked MYSELF??"
To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
Пікірлер: 489
For the frenzy of folks that are concerned YoOuUUuU LLEeeEAAaKKEEDdA TOOKKkKEKEENNNNN!N!N!N!!nn1n1hhbjgngn: No. If you got clever and looked at individual frames, the one you see returns an Unauthorized. Others have been obscured. Thank you for your concern. :)
@castles990
3 жыл бұрын
Very nice video
@DoorThief
3 жыл бұрын
I feel like I was called out on this, lol
@nikolanojic6861
3 жыл бұрын
Dosent tokens change with time
@XenorioWasTaken
3 жыл бұрын
If you stitch together the frames where the working token is visible, you can make out about half of a token. Just to be sure, i would advise changing your password as that generates a new authentication token and invalidates the old one. You wouldn't even have had to blur any tokens if you did that before releasing the video.
@_JohnHammond
3 жыл бұрын
Yes, passwords were changed before releasing the video ;)
Please don't stop explaining the simple stuff, I've learned loads thanks.
@Khusyasy
3 жыл бұрын
same
@ajayk643
2 жыл бұрын
Then why did you see these kind of videos
@ajayk643
2 жыл бұрын
John Hammond thanks for this video😍😍
@trouty7947
2 жыл бұрын
It's good to remember every video, especially when they're popular, will have a lot of new people that this is literally their first in depth look at malware analysis. So it's always worth explaining for the new guys.
@oltn7142
2 жыл бұрын
same here
I don't think I have ever heard anyone say "please send me malware" before
@ko-Daegu
3 жыл бұрын
it's all over Twitter if you follow at least one malware analyst
@recommendastra_hack_zoneon709
3 жыл бұрын
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
@recommendastra_hack_zoneon709
3 жыл бұрын
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
@tamilxctf4075
3 жыл бұрын
@@recommendastra_hack_zoneon709 y spam.exe
@bitten2up
2 жыл бұрын
tbh I said that to someone who was infected with this malware so then I can report the links
I'm only 5 minutes in, but i feel its relevant to say I appreciate the "easy baby stuff" being reiterated for people like me. I'm learning python for data science. I don't know what all of these imports do. So when you explain every import or at least give basic descriptions of what they do, it really helps me follow along.
@JonSnyderfudge
3 жыл бұрын
Lol yup. Never assume our knowledge base. Those that already know python can easily skip forward that part if they want.
@cedricvillani8502
2 жыл бұрын
Ok well lol, if your actually learning python you KNOW what import does. Lmao think about the word for a moment…… hmmm do a little work looking up maybe? No? Just wait for someone to do it for you?
@xFalduR
2 жыл бұрын
@@cedricvillani8502 not only are you pretentious, you also can't read. That's astounding.
@issecret1
2 жыл бұрын
@@cedricvillani8502 yes. Feel free to lose your mind over this fact
@shawazonfire
Жыл бұрын
Well said, I think that's probably the reason I like this guy's videos. Clear, comprehensive step by step instructions and explanations.
That ".il" file is actual CIL (Common Intermediate Language, formerly known as MSIL) code that C# and VB source code files are compiled down to before they're turned into executables.
@nimitzufo94
3 жыл бұрын
thanks man
@THEbraylonbarnes
3 жыл бұрын
thanks david frisk neck
@yeppiidev
2 жыл бұрын
@@THEbraylonbarnes lmaoo
@rogogo1244
2 жыл бұрын
@@THEbraylonbarnes Its german: David Fresh-Knight
Omg..can’t wait for this I started seeing a lot of discord trojans in the news last year and I would love to here more in depth analysis.
This will blow up. So many script kiddies on DS
@_JohnHammond
3 жыл бұрын
I tried to make this as cl1ckb@!t as possible 😎
@JarredRandom
3 жыл бұрын
@@_JohnHammond i think youve succeeded in making it that
@JimTheScientist
3 жыл бұрын
I see them every day. Lots of the exploits people use “generators” for (python scripts you can find on GitHub) are electron related. So many ways to download files to other people’s computers and to crash other people’s computers.
@JarredRandom
3 жыл бұрын
@@JimTheScientist lol hey jim, fancy seeing you here!
@highvisibilityraincoat
3 жыл бұрын
JimTheScientist electron is a shit piece of software and I wish permanent annoyance on its devs and applications that use it. should not crash because of a video codec issue
one of your most easy to understand videos yet. well explained. learned a lot. thank you John!
Thanks for making it 'approachable'. I am a beginner in all of this and your quick description of the basic commands is extrememely helpful. It allows me to continue to follow what you are doing and also learn about a wide variety of commands. Of course, further real study is necessary but your presentation helps one broaden understanding of the overall field to be studied. Thanks.
Learning new stuff with you is always great. You always manage to draw my attention for a whole hour.
Love your content, John! It's really fun to step through code with you.
Recently stumbled upon some of your malware analysis videos and boy am I hooked! love your approach, you make things super easy to understand even for someone with little to no coding knowledge. I hope soon I can find some videos on your channel about learning to program in some of these languages that you work in with malware :) some more gamer-catered stuff would be awesomeee too! thanks John for some very entertaining videos!
Honestly I've not watched a full malware analysis vid from you but this one rly interesting and honestly very well written
200k! good job man you deserve it :)
Great content! Thank you for your contribution and for taking the risk of exposing yourself. Very informative.
Omg, we need to see more of this hog stealer code and whatever else you can find in the land of Discord malware! Keep up the great work and congrats on 200k!
I literaly saw this on my youtube feed and inmediately went to make popcorn!!
Hey John a little off topic for this video, but your terminator vid, (among all the others!) really helped me pass the eJPT in less than 4 hours last week. Thanks for all great content man!
Great video John, would love to see you de-obfuscate that JavaScript!
Was doing exchange patching a week ago and they reference @john Hammond gist love it
Awesome content as always, John 👏🏻
I hope more of you guys look into this Discord malware, a lot of this stuff is going undetected and creating a lot of headaches and some of these stealers have keyloggers, gets login sessions from your browsers etc.
You are the best! Thank you for explaining also for the beginners.
I love these kind of videos, fun new channel to nerd out to. :) Joined the Discord as well! :p
You always have great videos!
ayy congrats on 200k John!
This is much better, John. You’ve dissect each components and explained thoroughly. Rather than rushing always.
ive learned allot from this and that says something because time enrolled in college for this and I feel like these breakdowns help immensely for someone like myself.
I Love you John. Great video again, interpreted languages is cool to reverse. Congratz on the 200k :)
Congrats on 200k!
I am eagerly waiting .
You're making it happen John ! :) BigUps . Learned lot from you my Guy !! Hopefully more to come. Peace
Great video John! Many thanks :-)
Holy smokes, how can it be so easy to retrieve all your discord data without logging in essentially. I wouldn't have guessed that discord is saving these tokens as plaintext in your appdata folder. Very nice video! You've got another sub :)
@ayva1106
2 жыл бұрын
Late comment, but they're finally releasing a beta tests that encrypts your tokens... and it only took them a few years
@MakotoIchinose
Жыл бұрын
@@ayva1106 And even then it's still compromised. People found out malware that circumvented it and managed to reverse engineer it for documentation.
Great Video, and learned a bunch!
Absolutely fantastic content!
The delay is to prevent maxing out discord API requests so it's maximum efficiency
cant wait for 200k so excited !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
This is going to be interesting. I’ve studied RCE attacks and Trojans on discord, as well as some more tame malware. I can say that discord is really bad in the security area, but it’s not much to worry about as there are few people who know how to do the attacks and how they work. Edit: I’ve started watching the video, and I’ve seen almost this exact same script before while moderating a server
@Odsku
3 жыл бұрын
More advanced scripts add malicious js to discord core modules it allows the malware to keep persistence while having a low detection rate
@DM-qm5sc
3 жыл бұрын
That's ok, only a few people know how these attacks work
@Odsku
3 жыл бұрын
@@DM-qm5sc only the RCE are private but the scripts are well public
@tlocto
2 жыл бұрын
oh hey jim fancy seeing you here
@JimTheScientist
2 жыл бұрын
@@tlocto hello
Hey John, love the Malware stuff. Would love to see some Dynamic Analysis with some ransomware or something , cheers
Great video, man. As always :)
THC For (4) L(ife) 9-TetraHydroCannabinol (THC) is a chemical component in Weed and Hasj. Probably a smoker. nice vid btw, Learned a lot!
Awsome video man. I appreciate it a lot
This is going to be an amazing video!
i'm not gonna lie to you bro, the way you teach is excellent and i appreciate your videos more than you could ever imagine... ever...
amazing content john
really good explication, please keep this up
This seems very intresting. Can't wait to see it
Love your videos sir .Hope you have a great day.
Oh its a fun series keep it up!
Great video!
YOUR explanation is Osm!!!🖤🖤🖤
Thanks for this video sir
By no means the most advanced malware i've seen, like it does rely on a lot of user error to work, but still nice breakdown
Love ya work chap! Sub'd
happy 200k
I definitely want to see your deobfuscuate that js code :D
Instant pressed like, as I saw the Triforce. :)
by the end of the premiere you're gonna have 200k.
@JimTheScientist
3 жыл бұрын
true
@abdiwahabahmedomar2399
3 жыл бұрын
i dont think but i hope
@slonkazoid
3 жыл бұрын
199K NOOOOOOOOO
@yourfellowhumanbeing2323
3 жыл бұрын
@@slonkazoid Just miss :(
@cassandradawn780
3 жыл бұрын
@Jocelyn M's Alice are you ok?
Seriously the best content creator out there. Love the videos. Keep them coming.
I thought it was clickbait, but DAMN!! legit content
I was thinking if i should like this video - then you pointed out your TLOZ shirt. You win
yikes. .. follow up on what more you learn about this for sure lol. dropped a like. already subbed.
you are genius, you are exceptional tutor, thank you, thank you so much, i got a project idea from this vid.
Props to this guy managing to get a discord nuker/token logger to 1 hour
@aty4282
3 жыл бұрын
@@recommendastra_hack_zoneon709 hope it gets banned again, tiktok does not deserve users
@IkeVoodoo
3 жыл бұрын
@@aty4282 Its a bot, he is so shit and one of the worst people ngl (the person running the bot)
@aty4282
3 жыл бұрын
@@IkeVoodoo goddamn, cant believe that i fell for the classic ones
Do you prefer Virtual Box over Hyper-V manager or other softwares? And if you have some spare time, I would love to know the reason behind your choice of Virtualization software! Kind regards.
John! Do the thing!
Hey! Can u make a list of all the malware you have explored so far, making we all can send unique malware programs
Looked like that first sketchy website at 33:50 was a peertube instance. It was probably a community dedicated for malware videos.
that sever crasher is probably allowing the person to join servers and spam the server with that users token
Are you using Whonix for your malware analysis sandbox? I saw a glimpse of the Whonix desktop (little mouse and blue background) and recognized it, so I'm assuming your Virtualbox session is a Whonix VM?
If you open the webhook URL you can identify the name of the webhook, the Guild ID and Channel ID. That information is kinda basic but might help when reporting to Discord
yes i am interested in more discord stuff and yes it is bad, but it's good to see and know what is actually out there
you have a new sub keep it up.
54:55 I was kind of expecting a "it's bad mmmkay?"
I love how the token stealer disguises as a token stealer 🤣
Oh wow! I'm impressed. Only importing that actually used functions, not the whole libraries.
it could be the location for discord tokens in those browser since discord uses electron which uses chromium which chrome and a lot of other browsers also use, so it might be that cookies are stored there.
@KnightOfEvil
3 жыл бұрын
The path has leveldb which is a nosql db where chromium stores it's cookies and local storage
This is the new script kiddy stuff. Back when people just went around ddosing people for fun in online games, now the kiddies try to steal your discord payment info.
What’s the new setup looking like?
I liked at the Zelda shirt. Thanks!
51:50 Hammond enters the freaking Matrix... xD You know a content creator is entertaining when you don't understand shit, and still watches until the end, entertained!
I believe it is grabbing also grabbing Chrome, Opera and Brave tokens. The file structure generated by get_tokens seem to also work for those other directories listed
ah yes.. john.. john hammond does it again.
Hi there John, are you still accepting files to diagnose? I was hit earlier with an exe which took my discord offline and I assume let the other person log in via my token? I am now panicked as dozens of my friends also clicked on it, and it's caused chaos... If you do, how would I get it to you securely?
I am entertained way more than watching LiveOverflow
I would advise you to use solid colored bars instead of pixelation since there is currently a promising tool in development that can reverse pixelation to some extend.
@eericjacobson
2 жыл бұрын
hollywood isnt real bro
@LuciSheppy
Жыл бұрын
Reversing pixelation requires context and information, now I haven't actually seen the pixelated part in this video but unless the pixelated content is unambiguously readable as any character, an algorithm won't know either, I bet you'd be able to get an approximation of what it could look like but that may just be as unreadable as it already is, but less pixelated
@lonelyanthem
Жыл бұрын
@@eericjacobson neural networks exist, and they've been in use for years.
Yooo Hammond cool haircut 👌
Let’s get 200k!
Very nice video, wants me to create on myself (for knowledge purposes ofc, mayby will sent you a link once i do ':) )
Hair was on point.
been wondering about discords security for a while now... this should be good
@Odsku
3 жыл бұрын
Discord is not focused on security if u want maximium security while using discord u should use an very lite version of discord such as discord-cli its not the best nor does it support voice calls but it is very secure as it does stores the token in memory and rce exploits should be near impossible
Time to scream at you to continue to decode the javascript horror
This is really scary, especially if you think about how such a simple script can steal all your data in literal seconds .-.
Ok, seeing this premiere I think I can do two unfair bets right now. 1. Bet I'm subscribing here. 2. There's something malicious on my son's PC.
@IkeVoodoo
3 жыл бұрын
Depends if he downloaded it...
thank you posting a topic of choice.
Hey John any plans for releasing a pentesting/ethical hacking course on Udemy? Keep up the great work.
For the Browsers It takes The Tokens From Them, Because Some People Log into to them. Like you said :)
As someone who works with the discord api it's scary how easy it is to get information with a token
@roottokyo
3 жыл бұрын
It’s also scary to notice how soo much information including cached payment information is in the OVERLAY_INITIALIZE payload.
Coming to a CTF near you soon ;)