New YouTube Scam
Vložit
- čas přidán 3. 04. 2023
- Hello, my friends! Let's hit 15K likes? Check out my website! enderman.ch
Today I am finally going to show you the CZcams scam mail I've been trying to acquire for the past few months. They finally mailed me impersonating no-reply@youtube.com, including a malware attachment.
If there is interest, I can upload the sample itself in my GitHub repository. Let me know in the comments down below if you'd like to tackle it.
Still got questions? Don't hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #youtube #scam - Věda a technologie
This channel was not hacked. I NEED HELP. My channel is about to get terminated. I can't upload any videos for a week. Here's the overview of the situation from my second channel:
czcams.com/video/AZfNtTLnFtk/video.html
i swear youtubes getting worse and worse... by 2030 there would be no channel on youtube xd
Damn, I CZcams doesn't care a bout bots and scamming, but it cares about destroying channels. I hope everything will be good with Your channel. Good luck
Well, R.I.P to this channel, it was a good run
@@Yarpopcat08they do care about scams but they don't put enough effort into it, i reported one and it was gone in a day but that was one out of the millions of scam channels
Welp, this happened to other yt creators before, you're not the only one who is having problems in the ytverse.
Pretty sure they literally deepfaked Sundar there
I'm guessing so.
Hi thiojoe 😎
ok
True. It looks like the deepfake's lips don't even sync to the audio, and even then, the audio is quite not very natural.
Yeah, you can notice it very easily
It's actually not a keystroke logger. When you run the file, it steals the browser cookies that keep you logged into CZcams. Once the scammers have the cookies, they can put them into their browser and have access to your account without a password or 2FA. They then change the password and 2FA, and you have lost your account. It's quite effective once the victim falls for the scam.
Some different variations don't steal your browser history or any of that. They steal your cookies and session key, which lets them login even if the password gets changed.
It's basically a CZcams cookie logger. I am safe, I don't use CZcams enough.
@@tubbunny so how do you get rid of it?
@@patrickboyd8937 Cookies?
No matter the variations what the scammers are trying to get at is a session token/key for your account; that is how they would bypass the 2fa.
We need a petition to make a major policy to never open email files unless requested on most sites.
yes
Yeah, good luck.
Not clicking links or opening attachments is good practice. When I order stuff online, I always log into my account at the shop and download the receipt there.
CZcams. Stop striking Enderman.
I would find it odd that the CEO of Google and Alphabet reaching out to their creators. Pretty sure Sundar Pichai would have more important things than to make this video. However, CEO of CZcams is currently Neal Mohan. It would be Neal's responsibility for overseeing CZcams.
Wait, it's not Susan anymore?
@@user-ck1rx1yn7n New enemy basically.
@@user-ck1rx1yn7n Since about a month ago.
@@user-ck1rx1yn7n she stepped down and now we have the person who got dislikes removed and pushed for nfts on youtube as ceo
No he didn't. Dislikes were been removed earlier when Susan was the CEO.
I REALLY HOPE YOUR CHANNEL DOESN’T GET TAKEN DOWN I’VE LEARNED SO MUCH😭😭😭🥺🥺
It would just be very sad if they took his channel down like that..
Yeah, I Am A Really Nerdy Person And These Videos Inspired Me To Be, They Were Funny And I Liked Learning About New Stuff Every Day He Uploaded A VIdeo
I would cry non-stop if Enderman was banned
Wow the CEO himself made a video about the monetization policy change. What a dedicated man.
lol if that actually was legit it would be put on godly rarity
@@Sunny_chips fr
Their deepfake of Sundar changes from a British accent to an American accent halfway through
Such scams feel so legitimate and well as long as they don't screw up over small things like theze
(1:19) I remember seeing a similar thing happen where Google Drive was being abused instead of CZcams. Gmall were smart enough to file those as junk mail as they were sent to many random Gmail addresses.
i still get them lol
I get some [REDACTED] pdfs files, of certain things for no reasons in my email
@@catminer7436 hey, a fellow [big shot]
what exactly is [in there]
@@funduck2015 let's say it was some NSFW things
@@catminer7436 oh, how {boring}
I'm sorry about it. I have been watching your videos for 3 years or so since the COVID-19 lockdown, your videos were really entertaining and educational at the same time. Due to college tests starting from next Saturday, I haven't watched your videos for a while. I hope it will be resolved.
14:00 You can likely use a Hex Editor like HxD instead to remove a bunch of empty bytes (assuming that's what is inflating the file size).
ok
ok
ok thank you information that we totally needed to know 100%
ok
this is actually helpful information thanks
I hate it when cybercriminals try to impersonate a real company
fr
fr
fr
Ong
fr
"Download document for Windows"
People that have Linux: 0:19
definitely the based moment of all time
Everybody: fears that their channel could get hacked
Enderman: AHH YES, FINALLY, A SCAM MAIL!
Facts
czcams.com/video/AZfNtTLnFtk/video.html
The scammers did know the time that he was going to be striked.
It's actually pretty scary to see what hackers/scammers can do these days, wow...
This isn't that well set up but yeah -- they could've done better
@@UCyAn7sD-VHF2H9KDasGpUng i would definitely believe that
yes
Like girls on instagram >D
They even use similar looking characters called "cyrillic characters" to impersonate official e-mail addresses, so most people couldn't spot any difference unless they do some checking using the "unicode identifier"
(Slow clapping)
Way to go, scammers.
11:45 also deactivate from any other login session using the non-infected device (a phone for eg). The stealer uploads session cookies which works in some site even after password change.
How are they sending emails from the CZcams domain? Also, so much for the "Scanned by Gmail" feature doing absolutely nothing regarding this. With a company as large as Google you'd think they could run a virus check for larger files. Of course though scammers will just artificially increase the file size even more to combat that.
I actually found the answer to this question from a comment in another video. I'll copy and paste it here for convivence.
Original Commenter: Ignelis
Comment Source: "The Latest CZcams Malware Scam" from John Hammond
"Hi John, they used a share function in CZcams. So they have a private video, so you can't see it, but the thing with private videos is that you can give access to someone. So they add your and other youtubers emails, so you would get this email from youtube, stating that this and this channel shared a video with you. In the email you can see description and title of the video. Once you receive that email - the scammers just remove access so you can't see it, that's why it says the video is private, but you got email from official youtube domain."
@@GavAttackO but then how would the archive get attached to that e-mail?
@@realcomputerdude100 its in the description of the video?
@@amongsussyballs I've never heard of being able to attach a file inside the description of a CZcams video.
A link to the file, I could understand. But the file was attached *in the e-mail.*
We need Linus Sebastian and LMG to watch this now.
Btw, run it on a Linux or Mac system with wine to see what it can do.
"hey, if you do not sign the document you are banned from CZcams, also we do not have a linux/mac version"
I would love to see the OSFirstTimer guy try the latter! After all, he did respond to phone-based tech support scams that say his Windows computer has a virus, saying "Sorry, I use Ubuntu".
Run ît on a Windows computer
@@yliassloudtech348 i can't as I don't have windows and I wouldn't as ik what it does.
you can do the same in a VM
Stupid me downloaded the thing because I was scared of loosing monetization ( I know im stupid). I opened the zip but did not touch the document in it. My question now, am I safe or did it already infest my system?
Hopefully ur safe
@@violentvincentplus Just changed all my passwords on another computer. Hope that helps.
@@PaddyPatrone Did you open it. If not, you we're completely fine.
You might also want to pin a comment with the video here. If that's even possible...
I'm not sure abt the editing rights, but you could also add a "showcasing purposes only" disclaimer into every description, maybe that influences the algorithm.
Good luck, let's hope there will be a real human looking over it before they can terminate you and your communication attempts are more than speaking to a wall.
Works this virus file on IOS? Or only windows?
5:22 no way the "youtube team" would have only 700 subs
tbh the scariest part is that 700 people were tricked into thinking it's real and subbing to it, or it could be botted
I wonder if they shared a private video with the description as the scam message. Would make sense why it says Shared a video with you
Somehow this isn’t official, it’s a fake message which is a scam.
We should be able to set an anti-phishing code/passphrase on sites, so that when a real email comes from the company it contains this code. If it does not contain the passphrase we set, it should ring a bell that it’s a phishing/scam email.
This isn't anything private, but usually, that would be your CZcams channel name in this case, to at least prove its for you and not just spam.
ayo! nice video. i miss sometimes old video type like showing how virus works (like petya).
i still like this type but would be cool to see more malware videos!
BTW if You look at the subscriber count, and see that it's fake. Also I don't know they would private the video, they have them public and I would also compare the name (not the display name but the name with the @) with the real and fake CZcams channel.
Starting to think CZcams should move communications to CZcams studio
Wouldn't mind proposing a new notification format for private video sharing to CZcams so it differs from the official messages a lot (this way you can clearly distinguish a video share at a first glance). I am pretty skilled with basic HTML/CSS, so I can compose a new email layout for this.
.scr also prevents window's smartscreen from coming up when running it.
Time to make this extension non-executable in the registry.
Я не могу не пожелать тебе удачи выжить в этом недоразумении Ютуба. Ты стал жертвой людей, которые ради своей забавы хотят удалить все твои каналы, думая, что они всесильные. Справедливость должна восторжествовать, и я надеюсь, что
этой ситуации дадут больше внимания.
Just a note, the email is actually from CZcams, it's using the share feature to send a video containing that malicious link
Ahh.
That's some next-level trickery right there
Screensaver? For me those are AutoCAD scripts. 😉
I noticed after a while that I hadn't gotten any notifications from CZcams about you uploading. That alone had me a little bummed. But when i saw the title to this video. My heart truly started to melt. I absolutely love your videos and simply the thought of your channel being terminated brings a tear to my eye. Hope you get through this with your channel still in tack. I wish only the best for you Andrew 🙏
Notice the "confirm=no_antivirus" in the URL. Wonder what that does 🤔.
it skips the antivirus prompt that google drive has
@@yotoprules9361 I know what it does… I was making a joke.
i might be thinking too simple about this, but can't MS just warn users like if theres a . followed by 3 letters in the name before the actual extention?
The "Anti-anti VM" i didnt expected that XD
It's time for a class action lawsuit against CZcams/Google. No mentally stable person would share a video using the share function via email. This makes no sense. Yes it's a feature from the late 2000s but still... This really feels like negligence. Why did this not have been removed years ago?
That's why do I think that LTTs rented out their account.
i'd like to see the malware! (also i thought you used chrome not edge lol)
Can you do "Upgrading" from Windows Longhorn to Windows XP?
(it requires a special application called "Application Verifier")
I witnessed something similar back in February 22 of that year. This time, it's with Playrix's job inquiry through DeviantArt's Chat.
Hey Enderman, I have a idea. Making an Windows based OS that just launches a program and that's it, and you cant do anything else. We will use Windows PE For this process, I have tried so many times but i get the same error or just bigger errors and i don't have enough brain for it. This is how i imagined: Windows PE Launches from ISO/any boot-able Source, Installs necessary files as like system32 and the libraries, Installs some drivers for the program to run at all, Restarts. Launches the Program and that's it. Could please do a topic on This?
there is "no_antivirus" in the link LOL
This is why I watch out.
hey enderman i noticed this youtube team account only has 719 subscribers
So did he trashed that phishing e-mail or not?! (I also got a phishing e-mail on my Gmail too yesterday!)
Big companys like google, youtube(owned by google), amazon, facebook, ... should really just sign their outgoing email using SSL certificates, that user can just look for the little checkmark (or however the users email program/website/app shows it) to see wheter or not the email is real or fake, just like the litle padlock in the browser. But for some reason nobody using SSL email certificates. Wouldn't help in this case but it would help against some types of email spoofing (where they just change the sender adress)
When YOU don't TUBE the CZcams, you get scammed. Stay safe guys.
I already saw something wrong as the file protected as said in the email. Just a rules and policies document why they need to encrypt it
Well, that's called common sense, you got the common sense that it automatically flagged your suspicion into a big BS alarm
Why does Windows never show extensions by default
That's why all my friends in youtube has a backup channel in odysee, rumble and tilvids
Where do you get your MP3’s from?
Just noticed, HE WAS USING EDGE OMG
Enderman's the type of guy to install windows 11 on a potato
tbh that's exactly 1gb windows
notice how the description is unupdated that’s great.
Probably a variant of Redline
Amazing work to disclose the work of these bad people!
Next video pls! Downloading malware on MacBook
But HOW? Google doesn't let you make an account with the same email as another account! How did they bypass this?
The scammer created a channel called CZcams Team and uploaded a deepfake AI video with the text of the email in the video description. Then they use the share function from CZcams to send it to their possible victims. That's why the sender looks legit because it comes from CZcams itself. The email contains the text of the video description and the layout CZcams uses is the same layout they use for official emails. To me, this looks like negligence from Google/CZcams and they should be sued for this.
Great to see you uploading again!
hey everyone he has 1 strike WE NED TO HELP HIM NOW
pls if u can pin it
I was listening to one of my playlists on spotify, and I heard your intro music! Is it Drive Slow - Windows 96? Anyways, I love your videos and they have inspired me when creating code. I hope to keep watching your vids.
Ah yes, I love when CZcams Team shares a video with me on CZcams.
This video's good to make me forget about polynomials assignment I've got to do.
Finally a chad who has the taskbar on the top
Have it too lol
5:10 if you pay attention to the guy's lips you can see that its not syncing with the voice. giant red flag
random question but do you think you'll ever make merch?
When some russian guy (probably with one of his arms broken) has to tell you not to execute files from e-mails, there is something wrong you had just done.
"no ones gonna run this file"
i wonder to what happend to linus drop tips
i love your channel, I hope you don't get taken down
I have a question:
If I download a virus that steals my data and uploads it to the user and run the virus, will it work if my internet is disconnected?
You mean "If my internet is disconnected, the attacker will be able to steal my data". If you mean that, the answer is no.
is this right? generate me 30 sets of strings in the form of "xxxyy-OEM-NNNNNNN-zzzzz" where "xxx" is day of the year between 001 and 366 (for example, 192 = 10th july) and "yy" is the year (for example, 94=1994). your range is from the first day of 1995 to the last day of 2003. "OEM" mus remain intact the "NNNNNNN" segment consist of digits and must start with 2 zeroes. the rest of the numbers can be anything as long as their sum is divisible by 7 with no remainder. the last segment "zzzzz" should consist of random numbers. "z" representing a number.
The deep-faking levels here are scary. I think deep-fakes should be illegal.
Nah it's fun
And I like making SpongeBob say the n word
i mean it's only really viable for memes and stuff apart from this, but if you have a keen eye, you would see that the channel isn't official either way
I can see the channel’s fake, but the deepfake is scarily fake.
dannggggg they tried to hide that harddddd
Hello, I have vmware workstation 17.1, when I turn on the virtual machine, the vmware logo does not appear when I press the esc key to go to BIOS, that is, I installed Windows XP, the Windows logo does not appear, the welcome message appears directly.
Now we gotta develop a scanner that can scan files that are under 1GB in size.
Or a 1 Exabyte size file
I see what they did. They shared a video via email.
Silver Chariot Requiem is always a problem 😂
That was such an ai voice in Sundar lol 7:11
So, basically, the entire premise of this scam consists of assuming that the file is a PDF file, just because it comes packaged with a PDF icon in the executable. This is combined with completely ignoring the simple fact that this so called "PDF" file just happens to have a .scr extension.
Most pc noobs have file extensions off
What program do you use for VMs?
VMware 16
Cool video. I had a video idea that is impossible. Install windows on a hdmi cord
I don't understand how almost every scam has bad grammar which gives it away.
It is Google Translate
Yay a new Enderman Video :D
If the ceo of Google sent me a video about the policies of CZcams changing I wouldn't believe that in the first place
Even since I haven't got anything, looks like I'm good for a moment. Thanks for alerting us!
One way to prevent getting tricked by this type of scam is changing the way .scr files are opened. Create a new action for the scr and set it as default. For me, i created action 'open2' and set it to open 'notepad.exe "c:\Users\Public\screensaver_warning.txt"'. Windows will still launch screen savers normally, just the user will not. Also by right clicking it, you can still launch it using 'Test' action.
i love your videos
If you listen and look closer at the last bit of the video of the CEO of Google, you can tell it was a voice over the original. His mouth movement and what is said in audio doesn't match.
heck yeah i realized it
RIP Andrew!
what happened to your "limbo free download" video?
Same question here
mrbeast, e-mails, deepfakes, youtube scammers find every possible way to scam
i also saw a small korean channel get hacked too 😥
Hello which software you use to trace that file exicutive location plz tell i mean which software you use to find that virus location
How did you not instantly notice it was a deepfake bruh
I didn't either on first watch, I wasn't really paying close attention but looking back you can notice
Not even a good quality one, the voice sounds so robotic.
fr lol
Hii sir i have already double click scr file received in mail now my pc restarting problem every 5 min.i run all type scan Malwarebytes or windows defender but not threats detection so now what can i do?
Can i find where is scr virus installed in my folder??
Help me
Reset Windows, my dude.
hello! im really trying to find a good virtual machine. do you have a link to download one?
Software, or what?
@@dark-mode. whatever allows you to run viruses and shit without it harming your actual computer
@@WinDev101 I agree.