Hot Take "Potential" infostealer download link

[Parkinsond]

This post refers to a potential download link for infostealer in YT video, for those who like malware testing.

 

[harlan4096]

I've reported that video to YT.

 

[Parkinsond]

View attachment 293999

I've reported that video to YT.

Is it infostealer as claimed in Reddit post?

 

[Marko :)]

View attachment 293999

I've reported that video to YT.

Yeah, they don't care. If you turn off an ad blocker and disable personalized ads, you'd be surprised how many explicit ads you'd see. Ads that are clearly against Google's policy, yet they are allowed to stay on platform for unknown reason.

As long as video does good, and they put ads on it, they are in the clear unfortunately.

 

[Parkinsond]

Yeah, they don't care. If you turn off an ad blocker and disable personalized ads, you'd be surprised how many explicit ads you'd see. Ads that are clearly against Google's policy, yet they are allowed to stay on platform for unknown reason.

As long as video does good, and they put ads on it, they are in the clear unfortunately.

 

[Sunqfu]

 

[Parkinsond]

View attachment 294000

Has been labeled as "infostealer"?

 

[Sunqfu]

Has been labeled as "infostealer"?

McAfee never names things this way.

 

[Kongo]

Has been labeled as "infostealer"?

CyberLock:

 

[Parkinsond]

CyberLock:

View attachment 294001

I can see an additional file (bat file) in the screenshots submitted for Kaspersky and McAfee; has Cyberlock flagged it also?

 

[Kongo]

I can see an additional file (bat file) in the screenshots submitted for Kaspersky and McAfee; has Cyberlock flagged it also?

 

[Divine_Barakah]

Has been labeled as "infostealer"?

I believe only Kaspersky and Eset do this.

 

[Kongo]

I believe only Kaspersky and Eset do this.

And Cyberlock
Deep Instinct only labels it as Backdoor as it doesn't have a "Stealer" label as far as I know.

 

[Divine_Barakah]

And Cyberlock
Deep Instinct only labels it as Backdoor as it doesn't have a "Stealer" label as far as I know.

Never used Cyberlock before, but it is great to see other products guve proper names to detections.

 

[Kongo]

Never used Cyberlock before, but it is great to see other products guve proper names to detections.

It's performing so well as a secondary line of defense since the new SiriusGPT release by @danb
Definitely a great addition to any setup

 

[harlan4096]

Is it infostealer as claimed in Reddit post?

Kaspersky Threats — Trojan-PSW

threats.kaspersky.com

 

[Shadowra]

1. VirusTotal (FormBook)
2. VirusTotal (KillAV)

Detected by Kaspersky & Bitdefender

 

[Parkinsond]

1. VirusTotal (FormBook)
2. VirusTotal (KillAV)

Detected by Kaspersky & Bitdefender

The bat file is the real challenge here; the exe is detected by all (except for the erratic Avira).

 

[Shadowra]

The bat file is the real challenge here; the exe is detected by all (except for the erratic Avira).

Here is part of the batch code (something that will gently disable or even crash browsers and Microsoft Defender....)


FormBook installed - Blocked by MS Defender (He sees the original file, I had deliberately disabled it)

 

[Parkinsond]

Here is part of the batch code (something that will gently disable or even crash browsers and Microsoft Defender....)
View attachment 294006

FormBook installed - Blocked by MS Defender (He sees the original file, I had deliberately disabled it)

View attachment 294007

Unexpectedly, Quick Heal detected the bat file (with K and B), does it indicates it is not that bad?