The Malware So Tricky Even Programmers Fall For It
2024 ж. 18 Мам.
131 691 Рет қаралды
Sponsored: Discover the new Bitdefender Scamio (Free, easy-to-use AI chatbot for detecting and preventing scams): www.bitdefender.com/solutions...
▼ Time Stamps: ▼
0:00 - Intro
0:27 - What Are Hackers Doing This Time?
0:45 - A Very Good Thing
2:07 - The Hacker's 1st Technique
4:20 - The 2nd Technique
6:32 - Some General Tips
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
• My Gear & Equipment ⇨ kit.co/ThioJoe
• Merch ⇨ teespring.com/stores/thiojoe
• My Desktop Wallpapers ⇨ thiojoe.art/
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Of note on modern Linux desktops (at least in Gnome and KDE), file managers will ask before executing files by default, so remember to keep that option enabled!
Maybe newer versions of GNOME/Plasma should make it more clear because some people just click ok on popups It is already quite clear but if people are doing this it means it works, which isn't good.
@@AlfiesFuntime Isn't that the truth. Also wish KDE would get rid of that "Don't ask me again" checkbox.
One issue is the KDE dialog has a rather stupid "don't ask again" checkbox. Sounds reasonable right? Yeah, no. "Don't ask again" means "never ask me how I want to run an executable ever again" not "don't ask me about running this executable again". Clicking that checkbox once permanently turns off that security measure completely unless you specifically reenable it, after which you need to deal with the pop up everytime you want to run any executable directly, even if you trust it.
@@AlfiesFuntimenope. Its purpose is to clarify the action that will be taken, not protect people from themselves. If you don't read the warnings thats your problem. Its there to tell/ask you whether to run the executable, not protect you from yourself if you don't read warnings. Fool-proof is one thing, but Linus-proofing is a futile effort that just makes the UX worse for no reason. Linus proved pretty plainly that if you're willing to ignore one warning you're willing to ignore 5 more.
@@GeekIWGthey can keep the checkbox, they just need to make it file-specific. If a user wants to turn it off completely put that setting somewhere else, but the pop-up checkbox should be "Don't ask me again for this file" because as it currently is it's unacceptably ambiguous.
new fear unlocked: unicode period pretending to be a file extension separator
on windows, no extension would say what do you want to do with this file with no extention, notepad, paint? so we're probably safe, jut linux users to worry about.
@@WindowsDaily but.. i am a linux user...
Just use bind mount with noexec option for you downloads directory. $ cat /etc/fstab | tail -n1 /home/x-user/downloads /home/x-user/downloads none bind,noexec,nofail,x-systemd.device-timeout=2 0 0
@@cindrmonmost file managers have a setting to show a "do you want to run this file" popup when doubleclicking executables
@@cindrmon what would that do? file names don't mean anything, so that wouldn't change the functionality of the file, would it?
30 years experience in IT and I can honestly say that I might have fallen for it.
I would have checked the file with VirusTotal, even if it actually had ".pdf" extension, because PDF files can contain viruses, and I don't trust any e-mail attachment, even if it came from a legitimate source, because that person could not know that his PC is infected.
Yup, especially the first one. I think it says a lot about our industry practices (using npm without care).
Especially how unicode has devolved into a diarrhea of gotchas. Namely, by allowing it to mix with ASCII
Plot twist: the job application is for a cybersecurity position, and their challenge is to not fall for the less obvious hacks
Nice idea but obviously it would still be illegal
@@sayvenMaybe the cybersecurity position is actually hiring black-hat hackers. So the first test does double-duty: If you detect the problem, you get to the next round. If you don't, they still profit from you.
@@__christopher__ This is mad clever fr
bruh mind blowing
4:09 That malicious package has 285k downloads. I probably would have trusted it too... Although the description starts with 'A' instead of 'An', so maybe not so much. That pdf executable is really smart.
So people who make a grammar mistake are automatically people giving you a virus?
I wouldn't even trust a download counter. I'll have to run the file through file command
The download counter is a trophy for the hacker who made that tactic.
It's scary they are targeting software Devs they could infect thier releases
Another good reason to sign your commits and software packages!
Possibly hunting for access to a good supply chain, e.g. Solarwinds or Linux kernel contributors.
@@dingokidneys luckily the kernel is safe since everything has to pass through Linus before getting merged
@@FlooferLand I have great faith in the kernel development team and of course Linus, but if bad actors keep nibbling at the edges there's a possibility that something nefarious could creep in, if not all at once, in little bits over time. Nation State actors play the long game so we have to be on our toes at all times. The fact that some binary BLOBS of proprietary software are accepted in drivers, like the official nVidia driver, means that if someone can get into the nVidia driver team, they could possibly sneak something effectively into the kernel without review by the kernel team. This is why Stallman and Debian (previously) were so adamant about keeping proprietary software, especially that where the source was not open, out of the ecosystem.
Not just them. Any "company" may ask you to download some form for their rebate or promotion.
The malicious NPM is really scary, you will get hacked even before run the code. There's a something called "preinstall script" in NPM which is will be executed when downloading the package. This is known technique for attack called "Dependency Confusion"
This is terrible and hopeless!
I don't think the preinstall script runs the code though.
@@markusklyver6277 there's a lot of article explaining about Dependency Confusion, read and understand it
I had a scam from a "recruiter" once where they wanted me to set up an account with them and they required a password to be my last four SS number. That flagged me and they held firm after I called them out on it. I also held firm. It was a major known corp that I wanted to work for, but I still believe it was a scammer working through the resume sites.
some places like Capital One ask you to enter your SS # but it is optional
@@edwardmacnab354It's ALWAYS optional to use your SS# for anything that doesn't directly deal with your employment or personal taxes. Even banks can't require your SS#, even though most of their employees have been trained to tell you that the patriot act requires them to get it from you. It's actually illegal, in most cases, for them to even ask for it. I ran into a situation several years back when I was given a corporate debit card so I could withdraw money to pay for vehicles. Wells Fargo gave me a huge issue over refusing to give them my SS# for a few weeks, but after consulting with their legal department, they told me that I was 100% correct about everything that I told them, and they gave me the card. Even if it had been an interest bearing account, it would not have directly, or even indirectly, been related to MY taxes. The only impact on taxes would have been on the company I worked for. I had an AMEX card, and cards from BoA, Wells Fargo, and TD bank, all with my name and the company name on them, and I never gave any of them my SS#, because you're NEVER supposed to give that to anyone except your employer and whoever is doing your taxes.
Malware targeting Linux users? Wow, the year of the Linux desktop is truly upon us! Though seriously, thanks for spreading the word on these scams! This could easily fool anyone
That’s unironically very encouraging in regards to the future of Linux in the home. Adoption of Linux is getting high enough for attackers to target end-users and not just servers
A new linux thing was a fake Exodus snap package, which asked people to input their 12-words phrase to import wallet. Then of course, the crypto got stolen.
The money was spent on a diamond encrusted gold toilet for Kim Jong Un. It's very lavish but awfully painful to sit on. Being a dictator has it's costs.
as if anyone needed more reasons to avoid flatshit, snapshit and other kinds of shit
@@shinobuoshino5066 holy shit
@@shinobuoshino5066 If you don't like Flatpak or Snap, that's fine. And Snap has closed-source elements, which is also perfectly reasonable to dislike. But the original intention behind Flatpak is that it is on average more secure because the installer never has to leave userspace.
You can see the +x as a different color on cli so 😉
also you'd never ./ a pdf file, you'd run `evince` (or whatever pdf reader you use) on it
@@KingJellyfishII or xdg-open path/to/pdf and this also didn't launch malware executable. IMHO only mc (or other curses file managers) users at risk if they try to open this fake PDF file by selecting it and hitting enter.
furthermore, while double clicking in a file manager may run it, xdg-open will never run the executable
@@aarond309the run function normally requires a prompt or can be deactivated
@@KingJellyfishIIyou don't use Firefox?
Personally, I would not have fallen for either. NPM, VS Code, GitHub and other similar repos are known to be vectors of malicious packages, even worse on NPM for a lot of typo-squatting packages. If I really had to install something like that, I would probably make into a disposable virtual machine with Clam-AV scanning after any install. (yes, sometimes paranoia pays off) The second one is a lot more obvious for some reasons: 1. Many terminals, specially simpler ones are not UTF-8 (a.k.a. Unicode) piped, so listing the file would show up as file[?]pdf or file``~~pdf 2. Even if it displays correctly the name, many terminal emulators would highlight the document in the executable colors, different from the regular documents (that are usally uncolored) 3. As many other comments mention, file managers typically warn against executing files that are not generated by known compilers 4. In many file managers, the thumbnail would be absent, wrong or use the thumbnail of the language of the file 5. The options in "open with" would be devoid of any PDF reader
The only terminal I can think of off the top of my head that doesn't support unicode is xterm, which isn't very widely used
6. People ususlly don't "./file.pdf", they usually do " file.pdf"
ThioJoe, I always like the way you share your thoughts on different topics about Security, PCs, and Preventing Scams! Keep up the good work!
Well that's first time I've rewinded to hear an ad ever I think
as a programmer, i can confirm that i would 110% fall for this malware.
first one, probably.. second one, very unlikely
@@dvorakgigachad1444 ma mans a giga
Printing hello world doesnt make you a programmer
Thanks for the information about scamio - probably the first advertisement that I can actually use. Really appreciate your channel and the time you spend teaching and keeping us informed !
i agree, i used it and i identified some scams, would recommend
On Linux, most file managers don't actually use extensions to determine file type like on Windows. They use something called "magic bytes" which are present at the very beginning of a file and associates files to a particular program(s). So it should be obviouse that it wasn't a PDF file regardless of extension in good file managers.
Yeah, as a longtime Linux user, I was a bit confused that the hackers bothered to use a fake period to create a "file extension". Most of the time Linux doesn't care what the "file extension" is. On the other hand, I'm not so sure that common file managers would make it obvious that it's not a PDF. A sufficiently clever attacker could come up with various ways of making it look like a normal PDF at first glance.
Huh, I tried it with my own silly little executables and was surprised to find that, while Linux itself might not care, Dolphin actually cared rather a lot about the file extension. If the file ended in .pdf, it would give it a PDF icon and never try to execute it, instead trying to open it in a PDF viewer, regardless of the junk content. If it had no extension, it wouldn't get the PDF icon, but I would be prompted to confirm that I wanted to execute it. Learned something new today.
That Linux exploit is pretty clever.
Yet only affects windows users who installed linux and tried best they could to make it work like windows. Anyone using GNU/Linux as intended, from the terminal would be told that file is corrupt if they tab, or not found if they wrote full filename with extension. There's 0 risk of them executing it as the way you open files in terminal is write out the program of choice that will open the file, and only then giving it the file to open... Also if you use ls beforehand to look at files anyone will immediately see that file is suspiciously marked as executable, pdf files also are distinct color on my system. And best part is that opening files from terminal is faster than fumbling through GUI with your mouse, so GUIdiots deserve anything coming their way.
@@shinobuoshino5066 So, how does KZhead look like in terminal?
@@user255 wintoddler grasping straws now, after I posted this comment on firefox... started from terminal.
@@shinobuoshino5066 Oh, I thought GUIs were only for GUIdiots.
@@shinobuoshino5066 If you're not using GET and POST while parsing through all the html with your mind you're not a real terminal truther.
Couldn’t the second one also work on Mac? Because the Mac has these Unix Executables which also don’t have a File Extension. Although these will probably immediately get terminated by the typical „Dude don’t download from Internet use App Store“ Window.
Mark-of-the-Web is one of the few ideas Microsoft was genuinely _right_ about on a conceptual level, I think (as long as an option is provided to "run away, I know what I'm doing").
“Yes, I want to execute this picture, why the hell are you asking?..” >computer starts making noises “Must be rendering those pixels or something”
Correction: that window is not about the App Store. It's about code signing. You can run anything that has a valid signature on a Mac by default.
@@null-nl5su Yes I know that. My comment was supposed to be funny :)
MacOS Gatekeeper would have stopped the execution of the file if it wasn't signed (interesting name for a sec tool lol)
Now even the job applications must to be made in a VM. Can't have job in this world Orvus. Great video appreciate.
Or just create new user account, it's not that hard.
Or don't run as a user with sudo privilege. Every time you make a 'convenience' decision that is lowering your security.
As always, thank you for the proper subtitles!
Thanks for another informative video, ThioJoe! Your clear explanations and engaging style make learning fun. Always appreciate your dedication to tackling complex topics in such an accessible way. Keep up the great work!
Your videos are very helpful❤
Your videos always make my day. Keep shining!
❤ This Scamio looks really cool
As others pointed out, most file managers pop up a warning asking the user if they really want to run an executable. Also, I'd be suspicious of the file being in a zip as stated in the video, but also, PDF files always get an icon of a PDF file, or a preview of the actual document, whereas executables get another icon or just a general 'file' icon. I'd be suspicious of that immediately. I guess the advice is as always, be very very careful with what you download and run.. Whether it's files from a zip or libraries to use.
Can't the icon be changed? why would it be a generic icon?
@@lukkkasz323 On some systems you can change the icon, but you have to do it manually. The generic 'file' icon appears when the system doesn't recognize what kind of file it is. Executables often get a general 'file' icon or an icon clearly indicating it's executable. Not something like a PDF icon.
First time I completely saw a sponsered segment. Scamio sounds really useful if it works.
Thanks for the video!
Love your videos, keep up the good work, it is very helpful
The first thing you do when you clone an Node.js repo is install the dependencies, some devs simply won't check what the dependencies are and will install everything straight away, and for the ones who do check the top-level dependencies, the attacker company could create a completely legit package which in turn uses a dependency meant to do harm, ransom, theft and what not, making it harder to detect. The best part about NPM is that you don't even have to run the dependencies, there are plenty of ways for post-install scripts to be ran once you install your project dependencies. How do I know that? - I'm sorry for myself, but I'm a web dev.
This issue makes me think about the whole *npm install everything* if anyone remembers that old issue.
Or you can just realize that JS is the devil, and not use it. JS has been known for serious security holes ever since it was first created, and it's never gotten any better.
Oh it only took 30 years for hackers to discover that you can put executable files on linux by using an archive. The no-extension trick works because linux does not check the extension to determine what to do with the file. So jpg files are opened with the picture viewer even when they have no extension.
Yep its called magic number and is the first few bytes of the file.
Thank you for this Great Information.
This is why I stay familiar with what icons go with what filetype. If a PDF does not have the icon my system uses for PDFs, I will be very suspicious and investigate, ESPECIALLY if other, known ok PDFs have their icons!
Imagine being the only person that didn't get caught out in a large scale attack because you used a custom icon pack
I use XFCE and my icon pack makes PDF files pretty obvious. Also Thunar labels the file type when you single click a file
I use terminal so this by default would never work on me even if I wasn't paying attention.
Thank you so much and I had these problems when I had a computer! I only use an IPhone now but I still enjoy watching your videos as many of the scams I understand apply to all computer based appliances!
Excellent video 👍 Thank you 💜
This is wild! I'm a Linux user, and although I'm pretty careful about where I download files from and who I trust, I can see how an unsuspecting or new Linux user could fall for this! I always say, the best antivirus is the user and his or her common sense! Be careful out there, no matter what system you're using!
GNU/Linux user who has any sense would use terminal to do everything, not some shitty Windows clone DE.
Thio, you saved me the other week! I had just watched you talking about downloaded files having a password to uncompress them, and on Facebook I came across a cool AI system to download "for free". -- I almost fell for it. Thanx again, Thio!
Thank you! ❤
Linux has had the run as .exe option for a very long time. I'm amazed it has taken this long for some hacker to use it in such a way.
Scams are getting progressively harder and harder to detect. Scary
thiojoe, please add this "verified" spammer to your youtube comment block list or something i forgot what it is
As a linux user, the only reason why I wouldn't have falled for it is my setup - either I would try to open it from `vifm`, in which case it wouldn't have recognised the file and just opened it in a text editor, or I would have tried to open it from the terminal with `zathura`, in which case it would have complained about unrecognised file format.
just swapped to linux(lmde) and didn’t knew that! thanks a lot
Believe it or not but some antiviruses can scan encrypted zip files. They do so by checking the CRC32 checksum of the file and its unpacked filesize. This prevents heuristic or more generalized patterns and the like, but simple signatures work.
Fortunately, the last (and only) remote coding challenge was for a known company, and I didn't have to run anything but a Groovy script, which I read first. But the second scam got me thinking that I should be more careful on things I install on my system, specially if not from the package manager. Thanks for the awareness!
You are a life saver!
Hi Joe, how are you doing? thanks for the quality of your videos. Was wondering if Bitdefender scamio is available for detecting fishing in French and Spanish.
Oh no... that is astoundingly devious. I think I would have fallen for it.
Great video, we have reached a level where it is very difficult to stay vigilant, just like zip files, git repositories also retain +x attribute on files. And it can lead to similar issues.
Thanks for letting us know. Usually coding challenges are done in a sandboxed online environment and don't require downloading anything, but I still might have fallen for it.
*Thank you.*
I was always very sceptical about allowing unicode in filesystems, and now the reality confirms it.
I almost never use .zip in linux but thank you for this info. Never download anythng you don't already trust but always do it in a sandbox or isolated VM first .
Wow. I think they'd easily get me with both tricks. I'm not a Linux user, but NPM... I'd love to learn more about that security policies that protected you
always do email access via windows hyper-v sandbox or sandbox in general,have separate emails for everything don't login at same time
Thanks for the heads-up. I am a *nix user, and did not know that 😨
on linux the icon of pdf file and executable file are different. so user can easily identify that.
true, on my system it would try to generate a preview for a pdf.
Thanks - did not know that stuff.
yep, the linux trick will get me for sure... thx for sharing..
I said that npm is wildlife everyday since like 5 years ago :D. Pretty sure most ppl already agreed with that but I am happy for any awareness spread on this.
Best sponsor segment I've ever seen. Thanks bitdefender!
At least the linux one can't do that much harm since they're gonna get at most access to user space. Still plenty of room to do bad things but as long as you consider your user space to be unsafe (and you have taken measures around that) you could be fine. Protecting your user config such as your bashrc with root locks is a must to prevent this kind of attacks to work.
glad to see this channel go from lemon usb charger to something legit
As the technological economy becomes harder to compete in, more genuinely skilled professionals will resort to things like scams, and so scams will start to become more skillful.
Well.. sort of, but not really. The main reason scams are (usually) so simplistic isn't that the scammers are really that dumb that they couldn't do anything better, but rather because it's just more lucrative to target idiots than it is to target tech savvy people. In the same amount of effort it takes to scam 1 tech savvy person you could've scammed dozens of idiots instead, so it's kind of just a waste of time making the scams more complicated like that - you can trick them of course, but not quickly enough for it to be economical for the scammer to focus on it unless you're doing a much more targeted attack where you're trying to target a specific person instead of just trying to scam anybody.
This is making me long for my days in college using the keypunch machine to generate the lines of code for programs.
You can still do that if you wish. ;)
Thanks for sharing! I'm a Linux user and never heard about zip hack, especially with unicode dot.. That's something new to be alerted and to warn my daughter too. Sometimes, I saw before single files compressed in Zip and, at preview, always wondering and thinking about reason for that, usually, before zip extraction.. 😂 About executable, now I will check file properties before clicking..
Just learn how to use terminal and suddenly all these problems that target GUIdiots are completely nullified even if you aren't even aware of the fact that you're dealing with a malicious file.
Wow this video did actually teach me something I didn't know, great content! I don't know if I'd fall for the fake extension file trick, because thanks to Windows, I'm very suspicious if a PDF or ZIP file doesn't show the right icon. 🤓
The reason that Linux thing works is that "running a text-file" is something that you are expected to do My recommendation is to (in a terminal) run something like 'file sus.pdf' It will take a look at the file and tell you about its content (and file type) You can also do 'cat sus.pdf' but that might garble your terminal session if it's actually a pdf One alternative is to do 'head -1 sus.pdf ', which should just give you the first line Scripts usually start with '#!/usr/bin/bash' or something similar
As someone who always looks at packages that are being installed, checks file properties, and reviews source code before running anything I wouldn’t have fallen for this. When it is a binary file I will either open a hex editor or delete it without a second thought.
I probably wouldn't fall for this, but you never know. Password protecting a zip is something I didn't know had that effect, but it does make sense and it now gives me an out to send files to work that don't get canned by the email protection there. previously I had to stuff around with a download service.
Not really a Linux specific thing, but I dislike file managers showing items not in a list with details -- that might allow you to catch something like that, too.
I never double-click an unknown PDF file to open it. I load the reader software and "Open" the file I want to read. That small step can protect you from a world of hurt.
It actually doesn't hurt double clicking a pdf file on linux, the video is misleading. If it was an executable, there would be a popup warning asking you whether you want to run the file.
ngl that had to be the most enticing ad
As a linux user, I will say that in my system I get a warning if something is going to execute. I am currently running a version of Arch.
Same here. Running Fedora and the file manager (Nautilus) won't even run a script unless you right-click it.
“I use arch btw” - average arch user
@NB6G lmao so true usually but I only clarified so no one would be like "oh but what do you use" blah blah
No, I did not know that execution protection is bypassed via archives. Realistically speaking archive extractors should really just remove the execution permission always. Sure it would be annoying to re-add those permissions for legitimate ones but that's still preferable to sneaky attacks getting though.
Not a completely good idea. If an archive includes subdirectories, then _always_ removing the exec bit will make the lower directories inaccessible - in a directory file the exec permission means you can search that directory for files when trying to read those files: you have to know what the files are called. The read bit on a directory allows you to list the contents of that directory (to see the names of the files in that directory).
@@cigmorfil4101You realise I meant in the context of files right? Also the search and read should've been bundled into just one permission. There's no valid use case where you would want to be able to search for files you can't even read.
@@zxuiji directories are files, hope you realise that.
Actually first noti - I think. already know it’s gonna be a bagner
1:24 : Cool! Thank you!
This Scamio does really seem like a great tool
One way to test for this, is force the OS to open the file you're suspicious of in a text editor. Most of these formats aren't compatible with just being "read" from a text editor, however these files will not only be plain "English," if you're savvy you can call out the bash script. For context, attempt to force a PDF or image into Notepad. Most files forced into notepad will look like gibberish and symbols. The malware here won't.
Things like that second one are the reason I run more and more things through the 'file' command in a Linux shell, which reads (without executing) the beginning of the file to determine the filetype, usually based on the file's magic number.
The second one is a mismatch between higher levels of abstraction (file manager automagically selecting the correct program) and lower levels of abstraction (file extensions don't exist and "executable" is a permission)
can you make a video about Kernel Power Failure Error - Event ID 41? There seems to be no way out from this, I tried a lot of things, but nothing is working out.
as a somewhat familiar with the system linux user, i did not know archives would extract files with their meta + the exeuctable meta bit, so thats interesting to know
tar with some flags even can preserve xattrs attributes of file such as SELinux labels. It's often used for making full system backups.
That first technique is pretty clever
Do Linux file explorers typically have a "file type" column by default in detail view like Windows has? That is one way to catch this sort of thing. Granted these days so many people just instantly run stuff directly from the browser when it's done downloading (although I guess the zip file would still need to be opened and extracted), or even if they don't as a linux user they might just be doing some sort of CLI stuff that won't have them notice.
That Linux one is quite smart, lots of different things packed into one. I totally would have fallen for this kind of stuff
in linux when you feel that your computer is doing something wrong just do sudo lsof -i you will get a list of connections pids and proc names then continue analysing in your way
pdf documents, i usually drag-and-drop those into a browser tab to open them... but this could 100% fool me damn
I wrote an article for my student newspaper about that issue with Linux execute permissions. Many of the UI/UX aspects of Linux's security undermine the whole system.
Even better is when actual companies use LLMs (AI) to create packages and the LLM hallucinates dependencies. There was a research study recently where the researchers created a bunch of packages that way and then (as a test) typo-squatted a few of the hallucinated dependencies. They actually found a few large tech companies accidentally using them. In one case, the hallucinated dependency was supposed to be another package by the same company!
IDK about Unix Systems (MacOS/Linux) but on Windows when you change the file extension it asks you "are you sure?", so it would be that simple if you want to make sure of the file's extension
Clever!
The npm example is why it’s best nowadays to do JavaScript projects in ether something like webcontainers (stackblitz) or just remote github workspaces (vscode server). That way you are never running random npm packages on your system unsandboxed.
On a Mac you will get a warning telling you something along the lines of "do you really want to execute this random application from an unidentified developer that you downloaded from the internet?" (or, by default, will tell you it can't run it because it's from an unidentified developer, although you can still run it if you want, just not with a simple double click). Even if they did register as developers and sign the application, you will still get a warning the first time because it's an application downloaded from the web, so you get a heads up.
btw one could also set -x on a directory level (E.g. tmp or where one downloads the files.) for all users, and AFAIK this would override the permissions on the file level.
the fact that I got tons of video artifacts on this is crazy
I love getting scams because it means I can prank call the scammers and have hours of free entertainment. Hearing the scammers rage and curse before being forced to shut down their scam is its own reward.
EW.
@@mattbergman2788 ?
@@mattbergman2788 are you a scammer yourself? cuz why you saying "EW" to that?
Interesting!
Thiojoe isn’t pregnant (yet) but he always delivers!😂
I look in the top comment and see this
Stop it.
worst comment of the year
Yet
Best comment of the year*
Jon, Now you got me worried. I consider myself to be a tech savvy person. If even people like you can get hacked somehow, then just what chance do I have to avoid getting hit?
Not a chance. Relax.
If you were tech savvy you'd use terminal and know not to type ./pdffile.pdf
I will use a sandbox environment to view pdfs and run them separately. Also I check the size of the pdf if they are found to have large size I wont open them, Also I will analyse the files using binwalk to find whatever is hidden. I can pull that thing outside and study. Whatever the file is there If I want to get something outta it I just use binwalk before opening it.