Hello everyone, as you may noticed there is some sort of malicious campaign running against mpgh users for about a week or so, so i decided to post some basic tips on how to spot malicious applications and also protect yourself from them.
1) Malware distributors don't use attachments to spread their miners/downloaders/trojans/etc.
Since each and every attachment is checked and tested by mpgh staff, so if you see external link that offers you to download something - it is probably infected and you should not blindly download/launch it on your main pc.
Seriously though, external download links are prohibited by forum rules for a good reason.
- No outside links or links to downloads/attachments, use the upload system instead. (Permanent Ban)
- No distribution of cheating/hacking material besides in thread as an approved attachment. No distributing via pm, messenger service (via MPGH). (Permanent Ban)
Also they usually don't provide any detailed info or screenshots of their program, or they use some sort of copypasted crap that is easy to spot on.
2) Virustotal.com is your friend, but don't trust it too much.
Although it may give you false positive results(usually detection names like generic/hacktool are false positive) it can give you some insight on what this file might do to your pc(so if you see something like miner/trojan you can get the idea that this thing may be malicious).
But there is also a problem - files can be encrypted to bypass static virus checkers like virustotal/novirusthanks, thus making it appear safe to use, while it actually retaining it's malicious payload.
To comprehend this issue i recommend you to use online sandboxes that will launch executables inside virtual enviroment and report any suspicious activity, here's couple of them:
https://www.hybrid-analysis.com/
https://any.run/
https://cuckoo.cert.ee/
3) Antiviruses/sandboxes may partially protect you, but they can be bypassed.
Install virtual machine(virtualbox/vmware) to launch suspicious files, and NEVER launch them on your main pc.
If executable uses something like themida/vmprotect to detect virtual machine - google how to bypass it's checks, BUT NEVER UNDER ANY CIRCUMSTANCES LAUNCH IT ON YOUR MAIN PC, EVEN IF YOU HAVE ANTIVIRUS/SANDBOX INSTALLED!