Don't Get Hacked Like Linus Tech Tips
Don't Get Hacked Like Linus Tech Tips
Linus Tech Tips KZread recently was recently hacked by a redline infostealer. These types of files are sent in emails as attachments. These malicious sponsor email are common if you are a influencer like myself and Linus Tech Tips. I receive loads of fake sponsor emails trying to entice me to collab with them or do a review of a product. NEVER click on LINKS or ATTACHMENTS in emails.
Session hijacking: What is a session hijacking and how does it work?
us.norton.com/blog/id-theft/s...
Kaspersky File Analysis
opentip.kaspersky.com/
Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.
www.virustotal.com/gui/home/u...
WHOIS Domain Lookup
www.hostinger.co.uk/whois
WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers
www.nirsoft.net/utils/web_bro...
Website Reputation Checker
This service helps you detect potentially malicious websites.
www.urlvoid.com/
Safe Browsing site status
Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites.
transparencyreport.google.com...
Submit suspected phishes.
www.phishtank.com/
Free website malware and security checker
sitecheck.sucuri.net/
🔔 SUBSCRIBE for more:
kzread.info...
------------------------------------------------------------------------------------------
🛍 Support me with your Amazon purchases:
UK amzn.to/3diZslY
US amzn.to/2OwZWux
------------------------------------------------------------------------------------------
❤️ Join Britec KZread Members:
/ @britec09
------------------------------------------------------------------------------------------
📃Watch related playlists and videos
🖥️ / britec09
------------------------------------------------------------------------------------------
👕Check out our merch:
teespring.com/en-GB/stores/br...
------------------------------------------------------------------------------------------
💻Discord Access:
/ discord
------------------------------------------------------------------------------------------
🐦Follow and interact with me on Twitter:
/ britec09
------------------------------------------------------------------------------------------
✅Follow and interact with me on Facebook:
/ briteccomputers
-----------------------------------------------------------------------------------------
🎬 View my Website:
BritecComputers.co.uk
-----------------------------------------------------------------------------------------
Пікірлер: 126
Let me know in comments if you have received dodgy emails like these and you are a KZreadr.
@welshtony1
Жыл бұрын
Not a big enough KZreadr yet for the scammers to try this with me haha
@CattopyTheWeb
Жыл бұрын
@@welshtony1 You know when your popular that scammers and bots hit your channel lol
@ExperiencersInternational
Жыл бұрын
Had a few, basically all my emails are scams though
@JayRee1993
Жыл бұрын
Do the KZread Telegram scam accounts count? They post on popular music videos / pages.
@lezbriddon
Жыл бұрын
@@welshtony1 in the words of corrdor digital / crew, were finally so big we've been hacked!
One of the problem was the file was 700Kb. viewed in a Hex editor it was comprised of mostly zero's and dots. because of it's size most antivirus would not even be suspicious enough to scan the file. Now that it's happened all data bases have been updated so it would be detected but before that not even virus total would have detected it! I'm glad you touched on the Britech. By the way The Pc security channel which is Leo of Emsisoft has a vdeo that's an in depth analysis of this threat if any one would like to watch it. Keep up the good work Britech it's much appreciated.
@Britec09
Жыл бұрын
The solution is simple, don't click on the links or attachments. That was the biggest mistake, human error.
@jockrocks7392
Жыл бұрын
700 MB I think it was, 700 KB is pretty small & would have been detected. 🙂
Part of the onus is on KZread as well. They should not allow renaming a change and deleting videos without further validation. The hacker did not have to enter any passwords or 2FA to perform this mass deletion/channel renaming. KZread like other services has aimed for ease of use vs security.
Great video, I will be sure to check all emails even more than I currently do. Also use a VM to. Thanks for the video.
@Britec09
Жыл бұрын
You're welcome
The problem with signatures are when the malware shellcode is re-encoded with encoders to obfuscate them, the signature can never be recognised, but they execute just the same and the only way to pick it up is by behavioural analysis of a well designed AV product
I nearly became a victim of these hackers. I received similar emails but I sensed something suspicious and I logged out immediately.
That was quite a saga. Thanks Brian for all the useful tips🙂
@Britec09
Жыл бұрын
Glad you enjoyed it
even if you don't do anything else, the one recommendation you made to do all transactions on an isolated computer was the best advice
@VirtualTrucker74
Жыл бұрын
100% agreed, I'd even go one step further and have the os on the isolated computer running in a virtual machine, that way you could completely refresh everything if anything was attached to certain files.
thanks for this information Brian great work.
@Britec09
Жыл бұрын
Glad you enjoyed it!
BACKUP. Nothing beats a good backup. If you value streaming as much as Linus does, I would have thought that having a copy of everything would have been adequate.
Very good explanation. Thank you.
@Britec09
Жыл бұрын
You are welcome!
Not sure if it's me, but i tend to what alot of vids, specifically on this channel, but it be interesting to learn how to find out if a systems or phones been running these things and how end it. So far don't recall seeing a video on this here anyway. I run a scanner and another program but don't think scanner works to well on phone anyway. Interested to hear back ur ideas and or watch a video on correcting if someone might have clicked anything or has a similar problem.
@Britec09 Where can i find this file(s)? I want to analyse it. Thanks.
Sometimes it a scr or a com file. You can use a hex program to delete those junk data and scan the file.
Thanx, Brian. Would this sort of malware still be able to hijack your sessions even if you're running linux? I'm guessing yes, but I'm really curious.
@Britec09
Жыл бұрын
I would think so
@notjustforhackers4252
Жыл бұрын
Well this hack is created for Windows, so, no not this one. A Linux version could be created but it would be incredibly difficult to execute ( run ) on a Linux system without the user actively giving it root permissions to do so. Linux desktops and apps run in "user mode", if you gave it user mode permission to run it still doesn't have root ( admin ) access so wouldn't be able to do much harm. *You* would first have to give the file root permissions with either sudo or as root for it to execute. Sure it could happen, but only if a major moron is behind the keyboard. They would have to work at getting it to run. In the real world, no, not much chance of it affecting a Linux machine... if you're a Linux user with basic knowledge running the system that is. MAC's are pretty well protected in the same way, user, root and giving permissions. I imagine whoever it was who got LTT hacked was also running Windows in Admin mode, which you should never do. A simple user account should have protected the system from executing the file.
Perhaps you could do a video on the setup and configuration of Windows Defender Application Guard to sandbox the edge browser (or chrome or firefox) in a lightweight container/VM using hyper-v. I believe that's what Microsoft calls Virtualization Based Security (VBS). It should be able to protect the host from a bad browser session, or protect a trusted browser session from malware on the host. I think both Windows 10 and 11 Pro editions support Application Guard.
surely gmail and outlook should have attachment scanning built in? also a decent av should detect on launch. scary thought though that 2fa and everything can be so easier bypassed
@Britec09
Жыл бұрын
Nope
right on the point I loved it
@Britec09
Жыл бұрын
Thanks
How does downloading a PDF run as an EXE application on Windows?
What would happen if you opened something like that on Google Docs? I had a fake copyright claim the other day
Had no idea something like that was possible then again just like technology evolves so does malware
@Britec09
Жыл бұрын
dangerous times
Your information is priceless. But it's annoying that I usually don't see your writing when I'm using my mobile 😒
Thank you
@Britec09
Жыл бұрын
You're welcome
Of all people, the tech King? He's the one who teaches us of such things. He didn't have any AV running ? Shame on him - shows you what familiarity & complacency reaps. Good episode Brian. Demonstrates NO one is safe. G'day Mate 👍👍👍
@Britec09
Жыл бұрын
Thanks
@enginerd80
Жыл бұрын
Windows does have Microsoft's AV in it, but apparently the file that stole LTT's browser data had been artificially bloated to be hundreds of megabytes so antivirus would skip checking it.
I watch your videos. I will share them.
@Britec09
Жыл бұрын
I appreciate that
Stealing a banking session would be MUCH harder and probably not possible using Redline.
Very surprised this happened to them. Something doesn't seem right. 🤔
@Britec09
Жыл бұрын
It could happen to anyone.
@GregM
Жыл бұрын
When you have 50+ people working for you with multiple people having various admin rights and poor training apparently for new hires which is apparently who opened this attachment.
Poor Linus. God knows how he recovered from that. I hope my channel never gets hacked! 😬
@Britec09
Жыл бұрын
Yeah, not good
@technoWZ5598
Жыл бұрын
@@Britec09 Hackers ain't going away anytime soon, so we, as users, must be super careful opening attached files in emails
It seem a convenient time when he is catching heat for employee pay disparities
I always open a linux virtual machine to deal with these kinds of scams and also have some fun with them.
Linus media group hasn't been the only one that has been hacked by this. Another of my KZread channel got hacked by it. And another one had received it but didn't follow it.
@Britec09
Жыл бұрын
I know
When YT is your business and you have the money and equipment like linus, everyone who has access to the business email account should have a dedicated email only pc just for situations like this. Email is the easiest way to get payloads onto a target computer, all you have to hope for is someone falls for the social engineering aspect of it.
@Britec09
Жыл бұрын
I agree
@Jagosix
Жыл бұрын
AnthoJoh - Exactly. I was thinking the same. A separate LINUX based email Server with AV and Malware checker. Thankfully, nothing of this magnitude has ever occurred while I've been using Linux over the years. I still find it puzzling why more people don't use Linux for applications like this.
I had emails from amazon and one other , congratulations you have won a kettle, the other was for trial of one of these new air fryers I have deleted both both of them. Although they continued to send me emails
@Britec09
Жыл бұрын
a kettle lol
Cool!
@Britec09
Жыл бұрын
Thanks
Redline stealer steals cookies passwords and deletes cookies and passwords (sometimes gives access to users phones so attackers format their phones remotely)
So his AV didnt scan email's . Thats the most important thing for av scanners to do . Sadly, some free av that some recommend dont scan emails
@Britec09
Жыл бұрын
I don't know, sometimes they don't get detected, the problem was clicking on the file.
Use a Virtual OS not connected to a network to deal with emails.
@seediffusion
Жыл бұрын
How, if it's not connected to a network?
The curse of windows users, they never learn that the problem, is not hackers, is the operating system itself.
right
The truth is, unless your KZread channel has reached a certain size, which I cannot say definitively as a threshold, no one will be interested in trying to hack you. Especially in the case here, where the LTT channels were hijacked to broadcast a specific livestream. This is NOT to say to be lax and not do all the proper things mentioned here and in other channels' post-mortem on this situation. That would be idiotic. And obviously, the old rule about never opening files you don't absolutely trust from senders you absolutely trust and can verify. For sure do all the right, safe things to increase your security. But no one will bother to hack tiny channels with little to no meaningful visibility - there's just no upside.
@Britec09
Жыл бұрын
My channel is not big and they have tried to hack me the same way
@joesatchton212
Жыл бұрын
@@Britec09 Brian you know what i meant. You have nearly 733K subs, a pretty darn respectable. sizable figure for a niche genre like tech. When did they try and hack you? In any event, I stand behind my main point.
they get enough money from ads, why are people soooo greedy! still happy he got his channel back though
Thumbnail 😂😂😂
@Britec09
Жыл бұрын
Got to mate
I have been using the internet for a very long time, and this kind of shocked me, I had to watch it twice to fully understand how they did it, I guess there are people out there that are smarter than they appear online, it restores my faith in this generation, but stop it not cool, and if you get caught you will go to prison for a very long time, or be forced to work for Microsoft, I shudder to think.
I laughed when I saw how he got hacked, I mean come on, seriously? I've been using virt-manager and a none persistent VM for opening downloads for years now... never mind the fact a dodgy exe file won't launch on Linux anyway ( not without WINE ).
Is there any such thing as bad publicity? Commercially he didn't suffer at all. He had a video (sponsored) up the same day and it has 6M views. He does acknowledge he has one to one support from youtube and it would be much worse for other tubers.
@Britec09
Жыл бұрын
who knows
Yes, but why are file extensions no longer trustworthy? How can a file ending in PDF be able to launch a malicious program? The PDF extension and file-type was INVENTED exactly for the purpose of providing a web-safe document type for shared internet use.
KZread content creators are really milking the "Linus Tech hack..." They know it'll impact their KZread algorithm, hoping to get a piece of the cake. LTT already explained this and in theory this is their content "we" piggyback on. Same issue with "react to" videos, where the reaction video gets more views than the original content, making the hard work less rewarding. It's pretty unfortunate in my opinion.
@Britec09
Жыл бұрын
This is my first and last video on it and at least mine is bringing awareness and helping other KZreadrs
Your a bit late to the party but thanks anyway for making a video about it
@Britec09
Жыл бұрын
No point making a video about it when no one knew what had happened until he told everyone.
@WrestlingFace
Жыл бұрын
It's never too late to be safe and secure 🔐
@CattopyTheWeb
Жыл бұрын
@@WrestlingFace True
@CattopyTheWeb
Жыл бұрын
@@Britec09 Linus told everyone on Friday but never the less good to stay up to date :)
sir i need your cureent all slideshows sir use in this video our all 11 slideshows sir plz reupload i need you use in your cureent videos plz reupload on discord plz
NoOoOoooo! Not Linus!! haha
@xdarkdragonx2727
Жыл бұрын
He has already recovered his channel
@Britec09
Жыл бұрын
Oh yes
wasn't linus, he was in bed when it started, and he's not saying it was colton.......
@Britec09
Жыл бұрын
Don't matter who it was, limit the amount of power people have
@lezbriddon
Жыл бұрын
@@Britec09 :) sounds like the government...
There are some very fraudulent adverts on your KZread channel. I don't understand how it is legal to use them kinds of advertisements online
I think this was bogus to get attention.
@Britec09
Жыл бұрын
I guess we will never know.
@Britec09
Жыл бұрын
will do
@CattopyTheWeb
Жыл бұрын
I don't think Linus would delete his channel to get attention.
@welshtony1
Жыл бұрын
@@CattopyTheWeb the half a million dollars he made from it would possible suggest otherwise but who knows lol
Doesn't the US government have an issue with Kaspersky?
@Britec09
Жыл бұрын
I don't know, I live in the UK
@cbbcbb6803
Жыл бұрын
@@Britec09 I think that Kaspersky is Russian, and Americans are just terrified of them. Or just like making political controversy. 🤪
This is the main reason I've been off, i have a bad virus..how i got it well who knows !!!
@Britec09
Жыл бұрын
If you need help, hope on our discord
@RRan-dk7ct
Жыл бұрын
@@Britec09 Thanks Brian you know it had to be something wrong if I'm not here.
linus ghey , so makes sense.
Coder_Do_As_Impossible is also wanting to be unbanned could you unban him?
@Britec09
Жыл бұрын
You never comer back, so why pester me to be unbanned?
@CattopyTheWeb
Жыл бұрын
@@Britec09 I haven't come back because I can't join yet as I am up against my server limit. Once I make some space I will join
@CattopyTheWeb
Жыл бұрын
@@Britec09 I know that you unbanned me but Coder_Do_As_Impossible is asking to be unbanned too!
@Britec09
Жыл бұрын
@@CattopyTheWeb So you constantly pestered me for no reason. you can't off want to come back that much
@CattopyTheWeb
Жыл бұрын
@@Britec09 I do want to come back. And I will in a few days when I leave some servers. But I am not talking about that I am saying that Coder_Do_As_Impossible is asking me if you could unban him
I will get 80 million subscribers in one day
lol!
IT'S A PDF.SCR FILE !