The Hacking Empire Built on Discord
VloĆŸit
- Äas pĆidĂĄn 12. 06. 2024
- đ Free $100 Cloud Computing Credit linode.com/seytonic
0:00 Intro
0:16 Hacker Empire Built On Discord
3:48 Joe Biden Themed Carding Marketplace Gives Away 1M Credit Crds
7:31 KillNet Targets US Airports
9:12 Linode
9:51 Outro
Sources:
www.bleepingcomputer.com/news...
thehackernews.com/2022/10/lof...
lofygang.info/
/ lofygang
checkmarx.com/blog/lofygang-s...
www.bleepingcomputer.com/news...
www.bleepingcomputer.com/news...
securityaffairs.co/wordpress/...
gizmodo.com/bidencash-dark-we...
blog.cyble.com/2022/10/07/bid...
hothardware.com/news/hackers-...
securityaffairs.co/wordpress/...
go.theregister.com/feed/www.t...
www.bleepingcomputer.com/news...
www.darkreading.com/attacks-b...
blog.eclecticiq.com/killnet-e...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - ZĂĄbava
So generous of the Biden administration to sell free Credit Cards in these tough times đ
Just like Musk and those free watches.
I can't believe communist Biden is giving credit cards out for FREE!!
Billionaires and the ruling class will never help those in want or need
â@@RhizometricRealityâNot like the Rockefellers giving away dimes on street corners during the Depression.
@@RhizometricReality bro biden is giving free credit cards for free he is changing the rules now give him time đ
Also, downloading and using a NPM package is basically like running an exe. As it runs on node, you can do everything on the computer/server that it is running on.
node is so scary, I always have the creeps when I use npm or pip or the like :(
is there any way to make it safe?
@@yeetyeet7070 I'd say the only way to make it safe is to use a VM to isolate it from your system...
This is one of the reasons why I hope Deno, a Node alternative, will gain more traction: it's secure by default. You have to explicitly enable file, network and environment access through separate flags.
The threat is identical with most other package managers for other environments that allows pre and post install scripts and download code that can be executed, not just NPM; apt-get, yum, RPM, Nuget, PIP, you name it. It just so happens that NPM is the most widely used and most accessible of the bunch and therefore gets the most attention from users and malicious actors alike.
One way to deal with it would be to do something like Deno; not allowing pre/post install scripts, and allow granular permissions on features to prevent any modules access to the file system, networking and more by default. However, this is only realistic for non-compiled languages, since every system is different and different software sometimes require different installation processes. It's convenience over security.
@@yeetyeet7070 virtual machines! Dont do such on host computer.
Very smart way of infecting people with malware.
I am a huge fan Mr Dvr
Plz dont
@@HazyJ28 I wont obviously. Just have to give credit its clever.
Ironically I got some accounts hacked today. Itâs been years, been waiting for it to happen. They doxxed my whole family, destroyed what Iâve been building, and did I mention they called me over 100 times today? Just to taunt and gloat their prizes of my accounts. I hate it here
Sure you did. Sure...
You wouldn't be casually watching CZcams videos and writing comments if that happened to you. And if "what you've been building" was anything larger and have more significance to your life than a crappy school project, it either couldn't be destroyed in just one day or you wouldn't be able to assess all the damage in the very same day it happened. You post just reeks of shit and demand for attention.
Donât worry law enforcement of some kind will do something about it (not).
Anyways, sorry to hear that. Always good to learn and prevent it from happening in the future.
Go cry me a river you fucking stooge.
@@williamjohnson3229 đ€Ą itâs Saturday night and you alone on CZcams. Get a life
@@williamjohnson3229 Watch your tone or I will slap the sht out of you with a drone that has hands attached to it.
Babe wake up new Seytonic video is out
Wake bake*
It do be like that
One point about free credit cards publishing is diversification. If you steal thousands of credit cards info and steal money, you will likely face serious prosecution and leave a money trail. If you publish that info and let other people also steal, it is the same, but now there will be too much money trails to track, reducing the amount you can steal, but also reducing the probability of you being caught.
No you would just have sum more time as your friends got busted.
@@Desolationist unless
Nice video as always! Today devs must be aware of packages like this. There are also some packages with typo in it containing malicious code. Btw, discord is doing ban waves and terming discord servers related to hacking content, I was a moderator on one server and my acc got termed too.
This is a challenge for any package manager. Does the NPM security team know about the site tracking the other malicious versions?
Can confirm. Managed to jump ship on a server belonging to a hacked game client less than an a day before it got termed.
Malware in packages is my actual nightmare.
I love getting my Seytonic fix. Every time I see you upload a new video, I get a wave of techy relaxation wash over me. Cheersâïž
Man imagine running a pro-russian ddos group without even being paid for it
They do it for free
Those fools, giving away for free what someone would pay them for!
@@StephenGillie there is no price for moral responsibility
@@user-yv2fb4mi1k Moral duty my ass
đ
@@user-yv2fb4mi1k Even the Ferengi side with you here.
Absolutely no one should be surprised by the discord news.
LOL it almost feels like 6:30 is the start of a promo video.
Glad to be a new sub, cybersecurity and hacking is a fairly new interest of mine, I love learning about this typa stuff. Thank you Seytonic.
Thanks for watching my dude : ) Thereâs a lot of interesting nuggets in the cybersecurity world
@@Seytonic facts!
@@Seytonic I'm going to be the one do to unpatch the V2 switch when I turn 18 hopefully hopefully it's packed before then
Notifications working now!! :) thanks seytonic
You guys should join that forum, there's some good stuff on there
ok fed
glowing
Which forum are u talking about
4:25 Western Sahara is finally included in a stat map. Amazing!
Ahh good âole Malwarecord
Discord self bots are actually against the TOS & you can get banned for using them.
You can also get banned for just about anything else. The reason they're banned is to prevent spamming or general abuse. Any automation of Discord is probably against ToS if used maliciously or to gain an unfair advantage. But so is using AdBlock, and with many services even using VPN is against its ToS, so I wouldn't take this too seriously.
@@NatiiixLP I wouldnt either, but discord's filter for self bots is incredibly effective
@@seailz in my experience it is actually incredibly ineffective
@@NatiiixLP Where in the ToS does it mention adblockers and VPNs are not allowed?
@@NatiiixLP discord automation isnât really against TOS, you can make your own personal bots running on your personal computer pretty easily, Iâve made one before. The only thing is that you need to make it with discordâs developer tools, so itâs legit and within the TOS.
Great video, subscribed!
Thanks for your videos!
Love how the instant I went to my home page I saw "7 minutes ago, 14 views". Glad to be this early! A new subscriber btw since a couple of days ago.
Same
Glad to have you on board : )
I actually decomposed a python script doing what these npm packages are doing, it didn't seem like the author knew what they were doing beyond following some shady tutorial.
Wasn't obfuscated, had proper formatting, hell I even found it on a public GitHub repo after some digging.
What I found really interesting was that instead of exploiting API access to acquire credentials, it was straight up reading admin-only windows paths.
I had a spare drive that was gathering dust, and one windows installation, one discord install, and a new, entirely untracable discord account later, I ran the script.
Didn't ask for admin permission, just crashed.
Script kiddies are hilarious.
Excellent video, well worth a like and subscribe
Not that I would wire fraud anyway, but I had no idea that it's not the bank that takes the hit when someome uses a stolen credit card!
Usually there's like a $50 limit for credit card fraud. You pay the first $50 and the bank pays the rest.
@@StephenGillie Still means the store takes a hit too.
'It's funny buying their drugs from Tesco"......."it adds a little spice". Lol lol. Did you actually notice that? Great video. Thanks.
I feel like that whole mpm package thing would of never happened if they just fixed a couple things . Like that part where you can put the legit link that isnât yours onto your malmare package . Thatâs insane . Everything looks legit so itâs no wonder people downloaded it .
3:34 After almost 2 years of discord nuking and token logging. i can assure you that they sell those accounts to people who want to raid servers. At normal, 100 tokens cost around 2-3$ depending on the account age and verification
i used to sell bot tokens for like 0.50$
love this channel
Taking notice
people always find ways to hack peoples discord accounts, they even made people hack themselves by scanning a qr
Social engineering is hacking 101, tbh.
@@Akronymus_ altough it wasnt really hacking, it was more like making people give them their accounts
@@gangsterism yes, social engineering is what that's called.
I just had to help someone secure their card from a fraud who opened a shopping and social media accounts. How the thief didn't realize what they had could be easily tracked somewhat befuddles me unless they just don't care.
Biden cash is a pun play.. that's the spice. "buy'ed in cash" (the pun) -> for credit cards (not cash but cash equivalent). It's funny
What software do you use for text scrambling on the pictures you show?
I know this may seem like a weird ask, but would you cover any IT news impacting Healthcare?
I've been around hackers recently.
Almost saved myself from getting doxx .
U just need to careful with your bot
3:50 missed oppurtunity to call it Biden Bucks
ClintonCash
Thereâs another discord malware thatâs been spreading like mad and still undetected because no one seems to want to check their node programs.
elaborate please.
@@legitsu_ a malware thats based in Node has been going around in various forms. Mostly noted to be a compiled EXE and averaging above 100mb in size usually. From games to be "tested" to selfbots to impersonating any program you can think of. It's still undetected by any antivirus vendor and I've been investigating it for a year. Your passwords, Cookies, Tokens, and Browser Data are what it targets.
How can card companies possibly blame a retailer for a fraudulent transaction?
yeah this doesn't seem likely tbh
I'm so curious to know more about the way those credit cards are skimmed using the malicious npm package for my own research ofc, where do i find out more ?
See the checkmarx link in the description, thatâll lead to the full research
@@Seytonic thanks man
Supply chain attacks are increasing by the day.
i think they use account to see which users dont care about their CC spending and to make their socks look legit by "unreverted purchases"
You ain't even hear about Anonix dawg, we got taken down, we was some rowdy mfs dropping packs all the damn time, PDFs and books for learning, it was nuts
Ironic that people are downloading âself botâ just to turn themselves in to a bot
How can a bank charge the company for someone using a stolen card?
How is the company supposed to know?
Isn't it up to the bank and the user to maintain their own security, not the company they use the card on.
This just doesn't make sense????
what happend to the cyberwar, idk it just vanished ._.
@Seytonic looks like you browse pages loaded with malware on your desktop, that's surprising considering your expertise. I would suggest using virtual machine to prevent attacks.
Hey, at least they are destroying the weird people
Anyone know what that background music is called?
The name itself defines this sole app not very surprising
The creator of Javascript said it was a mistake he made it, and he regrets it
Not JavaScript, just node.
Hi seytonic, i'm watching you for a quite long time and really enjoy your videos, but in Ukraine we have one ineteresting things in war - drones. I would be happy if you create video about radio-electronic warfare (attack/protect drones) and if yoy bring so new for us ideas or information it would be great
P.S. I'm not talking about military drones like bayraktar, but about civilian drones that usually use our solders for scouting. (some of us modify civilians drones with different SBCs for auto-go-home control, when russian radio interference kicks in)
Haha, jokes on them, I never pay for nitro!!
Supply chain attack. Then it's better to write your request instead of a package.
Well I am just glad that my CVV is switching every hour, and every online payment requires 2 Factor authentication
what is the best website to buy illegal things
See why said Discord is Dangerous too most people
You can change passwprd after getting the nitro
Tesco Express!
Babe wake up, just wake up
Damn I want to make a group as powerful as the Discord ppl
Tell me how I just got ran through đ someone had spam uploaded vids on my channel, but I got it back
5:09 you had about 2 hours. if that.
If I was 3 views earlier, I would be the 111,111st viewer!
Hold on i'm going to watch this video later because my hard drive is with 0 bytes free
Is it fine now
U sure its not lo-fi? Anyone actualy asked one one of the hackers or are we just letting him get away with saying "lofe"
What is that forum that you always show ? That has hackers confessing what they do (showing off )
Credit-cards, revoked or not, are fine to sign in nasty web servicesđ€
Lmao once on the dark web on some marketplace I found someoneâs listing, for $100,000,00 you could spend a night with belle Delphine. There was also government secrets for sale for like $85,000,00 lol
I got a notification. Crap
Speaking of Discord: do you have one we could join? I love your content.
who could thout about that ;)
"Killnet" part didn't age well lol.
Haha well I geuss killnet is gonna be betrayed soonđ
Biden Cash đ€Ł Thanks Joe Biden!
Iâve seen some crazy shit on very few discord servers. For example, one has ddos tools, deep web links, gore, credit cards, all purchasable with BTC or ETH.
where?
I personally came across a few days ago by some weird discord invites in channels that after joining them they ask for a QR code scan for supposedly checking that the user is not a bot instead of reacting to a comment xD which was weird not to mention that these invite links were posted multiple times by a lot of people xD then I remembered that discord added a fast authentication for PC by having users do a QR code scan xD.
I can conclude that a lot of user authentication cookies had been stored xD for multiple reasons xD.
7:40 remember, no russian.
WellâŠ.. donât use a library that doesnât have at least tens of thousands of weekly downloads. Otherwise build it yourself
Nice. I have a good excuse for not learning node.js.
Node has little to do with npm, besides that you need node installed to use npm. npm is used for all of javascript.
@@Wolfo70 Shhhh, don't.
@@Wolfo70 One of the best things you can do as a developer is learn how to make your own stuff, so you need as few 3rd party modules as possible. Why trust when you don't need to? This also shifts security left.
@@StephenGillie The thing is if you're a web dev you will always use npm no matter what. For things like react, axios, routing packages etc... Also npm is completely fine to use just don't download obscure stuff you can do yourself (as you said).
@@Wolfo70 You should try my serverless framework. No NPM involved.
2:58 excuse me does the bottom email say "Onlyfans" ayo
I try to use discord for good purposes only.
I swear only nefarious things happen on discordđ
Yep. Its worse then 4chan honestly nowaday đ
Hello world :D
discord is like the bastard child of irc and a web forum, all the worst aspects with no redeeming features.
telegram has a lot of wild stuff
Like ?Âż?
biden cash? those are two words i never expected together in a sentence lol
Theres alot more deep and darker communities on discord
Like???
That video where they are using the bot is fake . Do not give them your token . I highly doubt they have a bot that runs stolen credit cards through a registration . Itâs obviously fake. If they had a working bot like that they would not be using it to buy discord registration , I can promise that.
Umm, about the thing you said about chargebacks etc: It IS actually true. Partly. My GFs ex stole her cc info and used it to purchase shit on playstation, steam, amazon etc for like 2 years, totalling maybe 5 thousand dollars. We weren't able to get playstation or the others to do a single thing about it, but at least here in norway, we could just start a case on this with the police, provide evidence, receive our documentation, and then give that to the bank and the bank refunded her all of the money.
So while this might not be the case in USA, which I'm thinking you assume all your viewers are from, it definitely is for most of the rest of the developed world. It just takes a few extra steps. So in our case, it really was the bank he technically stole from in the end.
The police never did shit about the case btw, we just heard nothing from then, and then 2 months later the case was closed due to lack of evidence, despite us providing proof of her ex fully confessing to everything
The bank refunds the money, but that money has to come from somewhere⊠usually thatâs the company that the goods were bought from.
But yea, the bank has the liability if that money canât be recouped from the company from which the purchase was made.
@@Seytonic generally though this *would* mean that the actual target of the attack isn't assumed to be the victim in the end, in terms of the financial side of it, or? Not that I'm at all of the opinion that any of this stuff is good, i'm just nitpicking at a tiny detail in a comprehensive video, so I consider myself lucky you even responded to me
@@liveen I've owned many businesses and whenever there was a chargeback for an unauthorized charge, the bank would refund the money to the customer and then the bank would immediately take the money out of MY account (as the business owner) AND charge me a $35 fee. So no, you're wrong. They aren't stealing from the bank. They are stealing from small business owners which are usually just people like myself, not rich, just trying to make a living like everyone else.
@@teddyruxpin3811 its because US is ruled by the evil banks, payment processors, and cousins. You have no rights because you're their slave and the collective consciousness and moral integrity and character is broken and non existent.
It would be hilarious to watch you cry like a little girl after being attacking by a stray dog.
Everybody merged to telegram
I wonder how many wordpress plugins are infected...
A colleague once called Wordpress "a remote unauthenticated system administration tool that also happens to host a blog."
lol
Dang Joseph tryna hack me on discord đź
hello
Trur
"Pro-Russian group" tells me all I need to know.
Bidencash lul
First
x
This is laughingly the least worst thing about discord. what do any of you that use it know about who owns, runs, secures and harvests discords data. lof etc are the bottom feeders, discord itself is the shark perhaps :)