Quote:
Originally Posted by zebleer
Hey, can you please explain why you are saying that the malware in Cobalt's loader might be fake, yet you reference an announcement from their Discord where they admit the malware that was shown by reverse engineers was real, but implemented by someone else?
Which one is it? Cobalt admitted that the malware exists, so I'm pretty sure it's not fake. Pretty simple 2+2 there.
The question is not if the malware is real or fake, we already know it's real. The question is who put it there. The answer is Cobalt.
As I said before:
The loader is protected. It can't be edited by one byte without vmprotect or themida throwing errors & preventing functionality.
& how did Cobalt's server get infiltrated sot hat the loader could be tampered with & tampered copy retained?
Cobalt did this shit. Cobalt is spreading malware & counting on user stupidity to get away with it. They are malware distributors. They even admitted it, just not the part where they admit it was them who added it.
It's very obvious they put ACD's Discord server ID in their own malware to frame them. That doesn't mean ACD did it. Why would ACD send information to their public Discord server anyways, and not a secure private location?
Even if this was all somehow true (it's not), good luck with a provider that has such shit security that anyone can just spread malware to their users via their own website loader.
Do not support malware distributors please.
[Only registered and activated users can see links. Click Here To Register...] |
Hello, I was supposed to post this on the other post, but it seems like the thread got closed as soon as I wanted to reply.
Anyways.
Quote:
Originally Posted by zebleer
1. It isn't unheard of in the cheating community for providers to crack other providers software to use it a harmful way.
The malware analysts who evaluated Cobalt and found what Cobalt admitted was found got it from cobalt.solutions, the primary website. Cobalt also said nothing about a crack but that is secondary evidence.
2. The fact that it wasn't all client.exe that had the miner in them (Actually a small % of clients did) seems to me that it didn't come from their website, it was most likely a cracked version of the loader that had the miner. And that loader was most likely shared through out the discord.
So you've never heard of evasive malware? That is a factor of malware analysis. Malware might remain inactive for long periods of time before starting activity, it might be present in only a few instances of production, etc. These are all examples of evasive measures for malware.
3. Why ACD allegedly have sent the information to their main server i do not know, but people in the cheating community aren't always the smartest. Note that ACD doesn't dev anything them self, they are reselling their software.
Yes I know ACD is a reseller so how are they somehow able to hack Cobalt's website and alter a VMP protected loader for download? If they are somehow smart enough to do that, they aren't going to be stupid enough to leave a trail to their main Discord server which is not secure, not anonymous, and might get deleted at any time.
4. The security of Cobalt i cannot speak about since i don't know about it. But again it isn't unheard of providers cracking other providers in the cheating community.
Already answered #1.
5. Again i don't think the client.exe was spread through their website, but most likely was a cracked version of their loader, that was spread through discord.
It came from their website. People aren't distributing cheat provider loaders on Discord unless it's advertised cracked, which Cobalt didn't get cracked. They get the shit from the website like everyone else.
6. I don't see any reason for Cobalt to spread a miner to their users, they are growing rapidly, also faster than any other providers atm. Why ruin a growing good business? That in my eyes doesn't make any sense at all.
Yeah their free and 10 eur products are really flying off the shelf because they're good and not because they are cheap. When something is free or cheap in the cheat scene, your device might be what they get, not your money.
But for other providers this isn't good, the fast that both Cobalt and ACD have been seen as cheats you use for raging give them the same user base.
Cobalt is also 1/5 of the price of ACD cheat + spoofer.
I believe that ACD have more benefits for ruining Cobalt reputation/sales than Cobalt would have to rat their own customers.
Yeah ACD seems to be profit driven while Cobalt seems to be malware infection driven. Not sure why you're surprised by the price difference. Cobalt has given away a lot for "free" too. Nothing in life is free.
I do not support malware distributors. But i also wont join on the hype train to accuse a provider, that in the most logically way probably haven't done anything wrong other than having a weak protection against debugging and are being stupid enough to allow share a client.exe in their general channel on discord.
I hope that people can make their own choice on who they believe in the right and who isn't. But it was not my intention to accuse ACD, i indented for this information to be public to people can make their own choice.
The proof is legitimately overwhelming that Cobalt is a malware distributor. This is not a hype train.
|
Hello, I'm the developer of cobalt and have seen a major amount of misinformation here that I would like to correct, I am the only developer of cobalt and I am the only one who has access to the source.
You seem like you're pretty reasonable and have general knowledge about cheating, but it seems like some of your claims are incorrect and I'd like to correct those.
1.
First of all you claimed multiple times that the loader is protected and "a single byte change" would cause VMProtect/Themida to error.
This is in fact not the case as the official loader is not protected with Themida/VMProtect.
It is true that it used to be protected by Themida 2-3 months ago, but I decided to stop protecting it as people were claiming it was a RAT because "VirusTotal said it was packed/virtualized" which is what Themida does to protect the file.
I want to say that this is not the first time that people have been claiming its a rat, It seems like every 2 months or so a wave of people come claiming its a rat and then disappear after a month which is extremely infuriating.
You can test it yourself and modify the client exe with HxD or any program and it will run fine, Which means anyone is able to bind a RAT using any public binder and claim its the "official" loader.
For your last point of "ACD is profit driven and Cobalt is malware driven".
If we say that the average cobalt user has a 2070 Super, Which can generate 1.58 USD/day at maximum speed according to NiceHash ( I've only ever mined once on my main PC around 8 months ago when Ethereum was booming so I'm not sure how accurate this is )
If we say I run the miner at around 30% which is still
highly noticeable, And if we assume that the average cobalt users keeps their PC on for 12 hours every day, Which is way more than I keep my PC on ( 8 hours )
I would only be making ( 1.58 * 0.30 * ( 12/24 ) ) per day, Which is 0.237/day, 7.11/month, Which is literally half the price of the subscription?
Why would I risk 100% of my profit and reputation for a 50% increase in profit?
This calculation also doesn't include the fact that more than 90% of cobalt users don't have the infected client/drm.exe?
I make enough money from warzone, I'm not looking to be a millionaire from cheating.
I've talked to many cheat companies and they make around $100 000 which is more than x4 what I make.
Apologies for the long explanation, The point I'm trying to get across is that I'd make more working on the cheat and advertising to more customers.