MINECRAFT'S DEADLIEST COMPUTER VIRUS
Vložit
- čas přidán 19. 06. 2024
- When you download a mod, do you really know what you're downloading? Ideally, the answer is yes, but what if something malicious is hiding inside - and what if the creator of the mod didn't even know something malicious was inside?
CHAPTERS
0:00 - What is a Virus?
3:06 - A Mysterious Mod
7:45 - Inside the Virus
13:46 - The Dangerous Bit
16:58 - Aftermath
CREDITS
- The Fractureiser Mitigation Team (github.com/fractureiser-inves...) for researching and stopping this virus, as well as publishing this info publically
- @_thomas , nwunder and Angry_Pineapple for proofreading
- Everybody else involved in this investigation
MUSIC (in order of appearance)
On Little Cat Feet - OneShot OST
Resurrections - Celeste OST
Divide By Four Add Seven - C418
Negative Gravity - Foewi
Tides - HOME
DISCLAIMER
Nothing in this video is even remotely close to being malicious, nor does it provide any sort of framework for a potential malicious actor. If you choose to seek out any of the code for this virus, I accept no responsibility for anything that may happen if you run it on your computer and I do not encourage you to seek it out.
LINKS & SOURCES
- Fractureiser Investigation Document: github.com/fractureiser-inves...
- Payload Analysis Document: hackmd.io/5gqXVri5S4ewZcGaCbsJdQ
- SkyRage Extra Reading: ljskatt.no/analysis/updater_c...
- CurseForge Detector & Blog Post: support.curseforge.com/en/sup...
- Minecraft Malware Community: / discord
Use code : "Hellcastle" in the hypixel store when checking out to support the channel :)
Get the blanca hat to have a cat on your head 24/7 whilst you mindlessly grind for items! : essential.gg/hellcastle
Follow us on twitter so we can see some meaningless numbers increase :
/ hellcastlebtw
/ tylerwith4rs
-------------------------------------------------------------------------------------------
Our discord server : / discord
-------------------------------------------------------------------------------------------
Our Texture Pack video (includes the ones we use in videos) : • [READ DESCRIPTION, OUT...
-------------------------------------------------------------------------------------------
Our mods folder video (includes the ones we use in videos) : • (OUTDATED, READ DESCRI... - Hry
Apologies for the random repeating parts in like, 2 seconds of the video. Seems like the file got corrupted whilst uploading - just pretend the video is HACKED and EVIL and that it adds to the atmosphere
What do you mean "pretend". It is EVIL. On a serious note, it's pretty much nothing.
Brain aneurysm go brrr
dont upload a minecraft virus video at 3 am!!!
Yeah
yipee heaven fortress updat
that's 10 times worse than just getting ratted and getting your coins stolen in skyblock
10 TIMES BETTER IF I LOOSE MY TERM I WILL SOB, WHO CARES ABT MY CRYPTO OR MONEY OR PERSONAL INFO
@@Acoldfox they will probably sell your entire minecraft account, so no more term, no more minecraft, no more pc pretty much
@@Acoldfox would you rather lose a term (replacable, just takes long time)
or lose your entire minecraft account, lose every single one of your files, its literally getting ratted but it effects much more (most likely non-replacable)
@@KingTurtle2607 as someone who doesn't have a term, i see this as a win
Although skyblock rats usually also steal all that other info, too; I still have to agree. The way viruses spread is terrifying, both in the digital and physical worlds!
I wanna make a joke comment but I just genuinely can’t stop appreciating the effort you two put into these videos. This feels like a legitimate documentary and it’s something that I feel like would be interesting even to those that have never played Minecraft in their life.
make the joke
It IS a legitimate documentary, but who is Tyler? Is hellcastle schizophrenic?
@@tariksleftnut yes
As a mod developper : A mod running in a sandbox doesn't really at all prevent making mods, as long as you do it well. Example : mods generally never really need to look for files beyond the game's location, so any file outside of that can be made unreachable to the game, without causing any real issue. Only cases where it would be problematic is if a mod needs a shared library to run, although those can just be placed inside of a folder accessible in the sandbox.
Kinda true, but mods (which arent really gonna be played by the public) ie. Instantly shutdown pc when a player dies or things like that won't work in a sandbox.. (other than that i completely agree with your point!)
After seeing this video, I saw your comment and, I completely agree as a mod developer aswell.
@@nicky7006 these are edge cases, a good option would be to be able to disable mod-by-mod sandbox, with the sandbox being enabled by default
Got a bit of a scare because only a few days before the scare, my friends and I logged into MC for the first time in ~6 months to play modded for the first time and started a world. Luckily we didnt hit a landmine according to Forge's scan, but we still decided to stay off the game til Forge announced it was safe.
better safe than sorry, bro.
Sucks that so many people are getting hacked just for playing games they enjoy. Its been happening a lot with older fps titles such as the old cod games and even some more recent ones like battlefield 5
It's a shame. Only need a few people to ruin it for everyone else 😔
was one of the people trying to survive through this, i didnt get infected but this was one of the scariest moments of my life, knowing how much i could've lost
i panicked so hard over this i reset my pc anyway. even though i lost most of my files im glad i didnt lose EVERYTHING
@@Nub85204 thats so lucky dude! im happy for you!
Very fascinating video, thanks for doing what you can to spread awareness that people shouldn't just download random mods without checking! I see it way too often even with people I've told over and over again not to.
i do not like sircow
its our favourite sb creater ❤
wait i swear you had other sb videos
@@dahamvich2789 eh i decided making videos isnt really for me and i only make them rarely now
🍔
As someone who knows a lot about IT security, this was a great video! I loved how you explained everything.
This video is great! Love to see a documentary like video on Fractureiser.
Thanks for having the courage to make this video and educate us! I remember being one of many using curseforge when that happened and I had no idea what was going on. This educational yet simple video taught me alot!
HellCastle and Tyler know more about malwareanalysys and stuff than i expected
Tyler scripted the entire video
What if someone made a mod that spread like malware, but instead of doing harm, it just added a weird mob into all of the packs?
Herobrine. Everyone would think Herobrine is real😂
There's only 2 routes this could go
horror mob
or
skrunkly little scrimbo
I loved that you used AE2 to describe this, great video!
I am so thankful for the premier countdown music because I almost missed the premiere
17:50 currently, im working on a modding api for minecraft, using javascript. since the javascript engine is as sandboxed as it gets, the mod loader can control exactly what the mod can do. the whole mod loader should be done by early january next year
How is the performance
I love JavaScript myself but am concerned about the slowness and bloat of such a high level language
@@Xnoob545Compared to the JVM? It should be just as fast, since both the JVM and major JS engines use JIT compilation to optimize often-executed "hot" code into faster machine code, based on information about the code that's collected over the time (what branches are more likely, what types are usually used, etc.). Also, JS engines are maintained by folks at Google (for V8), Apple (for JSC), and Mozilla (for SpiderMonkey), so a large amount of effort has been put in to make JS as fast as can be. In the end, JS itself isn't significantly slower than Java, and the only aspect that is likely to be more bloated is file size, since traditional mods are distributed in a literal .zip file containing JVM bytecode, and JS doesn't have such a (standardized and stable) bytecode (V8's bytecode doesn't really count).
Can we appreciate that this guy used "On Little cat Feet" from OneShot?
You have given the best coverage on this I have seen. Good job.
fr
on little cat feet is such a good song its so fitting for the background!!
the other big problem is, this is also a situation where you can get multiple false positives, there's plenty of legitimate mods that use classloaders, and this virus also tended to push like slightly different code to each other jar file
Fantastic video
Also I heard that OneShot OST :D
ah the 1am content from hellcastle, love it! at least it's a weekend...
POV: waiting for the 1 am piece of content that drops every 2 months
Dang it's 1am here too
6pm for me lol
I think I should sleep more bc I stay up like until 5am and wake up around 10 am
1 am gang
Very informative video, great job as always!
2:13 the things in the back ground and the item used to show the infected file are from the mod ae2(applied energestics 2)
I didn't end up using new mods for about two months, and even now I still check every file manually for stuff. I don't use CurseForge anymore because of the way they kinda just don't usually care about normal malware, and only do things when someone big notices which sucks
One of the most common Minecraft viruses will open the terminal app on your windows device.
There is a version of the virus that actually deletes the virus then opens some anti virus webpages and then deletes itself
That's incredible
@@derpyslurp8779 is just someone who changed the code to be that thing, extremely basic coding
Not impressive at all
@@MilesProwerTailsFox it's impressive somebody did that at all lol
@@russianyoutube no, it’s always the first response to a big virus
@@MilesProwerTailsFox🤓🤓🤓
Pog Oneshot and Celeste background music
That Oneshot bgm mmmhh *chef kiss*
Not related with the video but you using On Little Cat Feet for background music at the start is awesome
Dude i am trying to stop my head from going crazy to the celeste ressurections OST
I like your use of Minecraft mods to explain a virus about Minecraft mods.
Thx for the on time news T_T
(but a real thx for a comprehensive explanation of the code)
That song from celeste is such a banger tho
This video in short: virus bad connecting to server stealing your entire Computer live
wait, so if it uses that property to tell itself it's already run, could you potentially protect yourself from it by manually setting that property yourself?
Its funny because ik the people that did this and you really barely scratched the surface, it goes so much deeper and in so many more communities
this, is a very informative video, thank you for making it :)
I was so cared at the beginning because I recently downloaded litematica like day before yesterday and thought that I might have gotten infected
The problem here is that programs which modify a lot of exe, jpg, docx, pptx, mp3, mp4 files are being instantly flagged as suspicious by AV companies, but the same principle doesn't apply for jar files.
that guy who was the last really trolled us all
Great video, almost a shame you don't make skyblock let's plays
Holly sh*t when i show the topic i knew this would be ur best video yet, atleast for me
and i was right
am rlly interested in that stuff and a video of your quality is fire
btw as a guy who dose code this code looks mad suspicious to an1 who codes, a guy who doesn't do code wouldn't read it anyways
0:37 This music... did you play that game?
I Hope you did....
If you did how was it?
Hearing that song confused me, since it's my background music from Wallpaper engine. Spent a couple minutes trying to figure out why it was playing before I realized it came from the video, lul. Really enjoyed the game! :D
hopefully he did, very underrated game
Great video explaining dangers of viruses!
I owned all of the mod packs, but luckily somehow used them all right before they were malicious.
Lets go another insane video incoming
The best day of the month is when you guys post a video
15:23 this, this right there is why I don't save cookies on very important sites, (and why you shouldn't either) because its basically an open invitation for hackers to steal your login info.
Thank lord I was on my 1 year minecraft hiatus.
Thank you i have been wonendering clueless around for far too long because i dont know anything abbout coding/java. Verry good explained even a complete brickhead like me understood it, verry gud👍
The big issue of us mod developers is: we are also just he average person, most of the time we too just trust files our friends send us, because why would we read every single bit of code, for the very small chance something is wrong
nah bro it feels like that thing happend weeks ago and curse forge already fixed everything
Hellcastle made me think that Tyler would speak this time :)
thanks for closure on this
i cannot overhear the oneshot ost, really good game
love the combination of educational content and humor
The oneshot ost slaps
Thanks for the info
great vid!
i actually nearly downloaded Create: Diesel & Oil generators but im glad i didnt
19:24 who else thought he was gonna be sponsored by ExpressVPN
Starting off with Oneshot music, nice
This video made me understand how viruses work and made, pretty much a tutorial. there comes my summer online plans !
Thanks for the guide👍
Slight correction? Maybe? The community mostly figured out what it was (they found the code and were sending out instructions on how to check your pc for it) far before curseforge did anything..I was there when all hell broke loose and everyone was panicking sending warnings in their servers and everyone was going to curseforges discord server to find out what was up..the panic happened during the night for the curseforge devs so we had to wait a while for them to wake up of which they reposted the info being sent out by others and then worked on the virus checker thing on sight. It was so bizzare to be there during it all 😅one of the mods in their discord server really tried to convince everyone there was no virus and stuff..yea no one exactly bought it and people acted pretty aggressively to their comments.
Though it is true we didn't know at the time how infected curseforge was, or if curseforge itself was compromised..it was pretty scary ngl! We didn't know fully what the virus was programmed to do, where it came from (though we had a decent suspicion it was uploaded and infected people who downloaded it and thus infected those people's modpacks which spread it further), but we did know how to check for it! Crazy the virus stayed active that long without curseforge stomping it out (as you meantioned people had been on the case and were contacting curseforge about it about a week prior to the "massive panic day")..they only acted once it had grown to a massive level and everyone was freaking out.
I had no idea it was that bad! Currently watching what the virus does..I cannot believe it steals that much omg
I don’t know if it’s just me, but when I look at obfuscated text with something like hello or something I can kinda see the text very slightly. Maybe I’m just seeing things.
there is, in fact, a way to partially mitigate risks like this, which is running mc in a vm, but that doesn’t completely solve the problem, + it’s not something anybody is going to do
They should have a system like tmodloader's/terraria's, where its impossible to get a virus and modding is available ingame and not in sketchy websites. And yes i know websites like curseforge arent sketchy, but as proven, it can still contain viruses.
Curseforge honestly doesnt care about anyone (not mod devs or users) they just want you to see more ads. They only do something if it is a virus or it brings negative attention
When I got the notification all I saw for the title was minecraft's dead
bc of the most recent virus infection on curseforge im totally scared to even run moded game
On Little Cat Feet hits hard
I heard the oneshot music, and instantly recognized it, i freaking love that game!!!!
This is the 2nd time a website I frequent being hacked or something along those lines since May first was MyAnimeList on May 11th (I just use the list feature not the reviews) with a hack that overwrote any text with "Let's all Love Lain" (Based on the ending of Serial Experiments Lain)
How I avoided this playing Bugrock and Modded Sims 4 but avoiding CF (Game already had ways to download mods without CF since that was only introduced in Late 2022) on the latter since even though TS4 mods are Python based and are sandboxed (Props to EA for doing that) I wasn't taking any chances with CurseForge and I moved all my Modpacks from launchers so they would not get AutoUpdated to an infected version (Which was a bit overboard since I didn't even touch Java Edition at all during the time) and to added even overboard prep I even ran the Infection detector to be positive I didn't have this
Alright so is fracturizer gone now for people who has not already got it?
Btw error: the mods infected were not uploaded by a malicious person (probably) rather they didnt know they had been infected.
The virus came from somewhere..it likely started with one malicious person making the virus and putting it into a mod (probably one of the ones pretending to be other popular mods) and from there anyone who downloaded them grew infected which lead to it spreading to the modpacks they'd created.
i love 11 pm content from hellcastle
i love 6pm content from hellcastle
Nice waited for a new video
essential sponsor on a vid about malware 🤣
Damn. As a mod developer they deny my mod for having a somewhat similar checksum or having other jars in my modpacks ZIPs, but they don't catch this.
True lmao
This music from oneshot made me cry
Waking up to hellcastle's video
day fixed
but link sayd free robux :(
LOL
These are like mini documentaries
I'm glad it was caught quickly and didn't do that much damage, but still it shouldn't have been able to happen at all.
Time to start writing a script that overloads the malicious cloudbases with useless data
Or try to make the mod call home and infect the place it came from 😅
@@309electronics5 for realz
ONESHOT MUSIC ON THE BACKGROUND! I CAN HEAR IT FROM ANOTHER UNIVERSE
Cant we just make it so when a virus checks for a virus it’s thinks there’s one but there isint
why they stealing that much information from me, i literally have nothing to lose
2:07 "Summoned new Infected Friend" 💀💀💀💀
Bro used OneShot music. That's straight up enough for me to like the video.
"Most mods arent even submitted in human-readable source code" well there's the problem right there. And the other problem is many, many mods' pages just have comments disabled, silencing anyone from speaking up and saying "hey, this is malware trash, do not download".
What mods were used for the ingame minecraft computers?
u know its gonna be a good day when this madlad uploads
edit: i dont think the current situation is good though, but its nice to have an upload from this mans
This type of virus is a worm
Is that me or there is a bug in the original source code at 7:27 before control obfuscation in 4th line:
if (n=0) {
because n will always be 0 (since n is assigned to 0) and thus that block will never be executed.
This is the most detailed explanation ive seen on this topic so far! Hats off to you for the amazing video.
It's a good thing I have a 400 gigabyte backup of every mod I've played in the past 8 years!
The only thing slowing humanity down is other humans being assholes... damn it
I like how you say three and threat
i love how people comment before the video actually is done with the premiere