Categories > Exploiting > JJSploit >

Baseless Malware Accusations Don't Hold Value

_realnickk

Security Researcher

moderator

Posts: 37

Threads: 3

Joined: Feb, 2020

Reputation: 88

Posted

Every day, we’re bombarded with accusations. Apparently, if you’re using a game cheat, you must be running a hacker toolkit, malware, spyware, and trojans. Whatever, right? Sure, believe what you want, but let’s have a little rant session here.

 

Allegations We've Heard A Million Times

 

Apparently, every time someone installs a cheat for a video game, they’re automatically running something that:

 

  • Steals credentials
  • Adds your computer to a botnet
  • Mines cryptocurrency
  • Destroys your boot partition
  • Grabs Tokens

 

...and the list goes on. Sometimes, it's all of the above (like the thousands of idiots who think JJSploit is malicious software).

 

It's just endless. Now, mind you, not a single person has really provided any true, concrete evidence for any of this, as they are all wild, unproven claims based on anecdotal accusations. So, is any of it factural? Not always. Yet people keep spreading it around. You know what? Fine. Easier to throw rumors around than actually figure out how things work, right?

 

Here's the Thing

 

The reality is that most cheats out there don't really do anything malicious. Yes, there are a few exceptions, like ReDevs X back in like 2020 or something like that. I don't fully recall what year it was. Do you know what happened to it? It's unlikely unless you've been on this forum for over half a decade. It got exposed quickly. I don't even think it got many downloads either. Just got taken down, and the person on this forum still has like -120 reputation.

 

But let's just look at something like JJSploit. We've got game cheats that have to modify the game in order to actually ingrain itself into the scripting engine. Reading and writing to the memory of a process is fundamental to the function of game cheats. So, why do antiviruses flag this software?

 

The Myth of Malware

 

Let's break this down: most cheats are designed to interact with a game's process memory. This might be to change a value or inject code into the running process to modify the game. Guess what? That's the same behavior you will see with every single cheat on the market. Memory manipulation is a fundamental to cheating in video games. But, it gets interesting when you include antiviruses in the mix.

 

People say they're a computer geek, but do they really know how deep the rabbithole of computer science is? I consider myself a computer geek, but I know a LOT about computers. I almost know too much. I also have half a decade of experience in just programming in general. I understand computers on a fundamental basis: we're talking about direct bits being fed into the CPU. We as cheat developers are past what someone would simply call a generic scripter or full-stack developer. Some of us are even going to extents such as loading kernel drivers to hide our cheats for your safety! This is typically not with Roblox, but with large games that have kernel-mode anticheats.

 

I mention this because people often think they're smart with computers when they're really just average. There is so much to learn. I still learn stuff about computers every single day, and I'm a huge computer nerd. Anyways, with that aside, let's explain why antiviruses flag game cheats.

 

Well first off, if you don't have a code signing certificate that's coming from a trusted certificate authority (CA), just expect an antivirus to flag your unsigned software. Antiviruses aren't smart. If they see a valid signature, many of them will go "oh yeah this looks trusted" and let it go. If there is not a signature, then it goes "oh this is suspicious let's look into it." In reality, the developers go to a company that runs a trusted Windows CA and throws thousands of dollars at them to get a certificate. It's really just "pay-to-win." Doesn't really show legitimacy either. Even some malware developers will buy code signing certificates to circumvent antivirus detection.

 

There is also a method of hiding malware called process hollowing, and this is one of the patterns that antivirus software will look for. The specific method of how the antivirus does it will depend upon their proprietary logic, but it could be detecting imports to functions like NtWriteVirutalMemory or WriteProcessMemory, since writing to other memory that's not your memory is a little suspicious. But, this behavior is shown in cheats because they need to modify the video game. It doesn't really prove maliciousness, just suspiciousness.

  • 1

Added

Analysis and Logs Don't Lie

 

First off, I don't consider antivirus scans reliable analysis tools. I would even go so far to say that sandboxing tools like Triage and Any.Run aren't always reliable. This isn't because they are bad tools, it's because people don't know how to properly use them. For example, Triage might see a file get downloaded to the temporary file folder. It might scream THIS IS A DROPPER! But is it really? Or is it just downloading an update for the program? There is a lot of nuance that needs to go into malware analysis. A flag being thrown out there doesn't mean it's a red flag. This doesn't mean that sandboxing tools like Triage are bad, it's just that you can't just give your average joe a tool that's designed for people skilled in cybersecurity and malware analysis and expect them to use it properly. This leads to misinterpretations.

 

These tools expect some level of critical thinking on the user's end. Unfortunately, the vast majority of people cheating in video games are so technically illiterate that I actually think my IQ drops slowly when I converse with some of them. Also, people love to imagine the worst. "Oh no, I saw a GET request to some random Cloudflare reverse proxy!"

 

Guess what? That’s a normal thing to do when the cheat checks if your copy is legitimate. Some cheats use encrypted communication (shocking, I know) to secure data from prying eyes. No, it’s not exfiltrating your personal data. It’s just communicating with a server like any legitimate software does. So, grab your Wireshark and MITMProxy, and actually do some network traffic analysis, and you’ll see that in many cases, there's nothing malicious to be found.

  • 0

Added

Stop Accusing Without Evidence

 

It’s really easy to point fingers and assume the worst, but let’s be honest. If you can’t bother to understand the basics of how software works, then don’t start slinging accusations. Don’t call something "malware" just because it interacts with your system in ways you don’t understand. Just because you got a "GameHack" (you're embarassing yourself by asking if a "GameHack" is malicious) or "Wacatac" (Generic name for malware through heuristics, which are terribly notorious for false positives), doesn't mean your computer is going to be in shambles. Breathe. It'll be alright.

 

If you really think your game cheat is malicious, do some research. Use tools like Procmon or Wireshark to understand what’s going on under the hood. Look at the binaries with reverse engineering tools. If you still think it’s malware after doing all of this, fine — don’t use it. But don’t just throw wild accusations around with nothing to back them up. We just laugh at you guys for that.

 

I’ve dealt with dozens of people who call JJSploit the average malware slop, whether it’s a Bitcoin miner, a remote access trojan (RAT), adware, or spyware. It’s apparently "all of the above," if you know what I mean. Doesn’t make much sense. Is it really a Swiss Army knife of malware? Not really.

 

And when I ask for actual feasible evidence of such, I can’t get much. They just resort to the classic fallback: "Well, I just know it’s malicious," "Someone else told me that it was," "You're involved with them, why should I trust you," "My antivirus told me it was," and all of these faceless deflections that have zero logical value. You can't back up logic with fallacies and deflections.

  • 0

Added

Come on, seriously? You’re telling me this one tool is somehow everything from a cryptocurrency miner to a RAT, adware, and spyware all at once, and nobody can provide a shred of proof? But sure, let’s just roll with it—because clearly, the sheer number of wild accusations is all the evidence we need, right?

 

It’s sort of like if I were to say...

"Every time I use the air conditioning, the lights flicker in my house. So the air conditioner must be trying to start a blackout just to mess with me. It's clearly a conspiracy!"

 

In reality, the cause of the flicker is due to the fundamentals of electricity. If I were to understand that, I’d realize the air conditioner is just drawing a significant amount of power, causing a small voltage dip that makes the lights flicker. But hey, who has time to learn basic principles? It's so much more fun to believe my air conditioner is part of some elaborate scheme to ruin my day.

 

So, let’s say your close friend tells you the software is malicious. Should you believe them? Maybe. But here's the thing: people love to exaggerate things to the point where it’s practically unrecognizable.

 

Your friend might genuinely think they’re helping you out, but remember, rumors spread fast, and half the time, they're just retelling what they've heard from someone else who’s also half-informed. It’s like that game of telephone where someone whispers, “Oh, it’s just a cheat,” and by the time it gets to you, it’s “A FULL-BLOWN CYBERATTACK THAT WILL BRICK YOUR COMPUTER AND STEAL ALL YOUR SECRETS.”

  • 0

Added

But What About the Security Risks?

 

Okay, I get it. Cheats can still have risks. Running any third-party software that interacts with your system introduces security vulnerabilities. That’s true for cheats, just like it’s true for any other application you install. But the key is to be discerning about what you’re running. Use cheats from trusted sources. Don’t use suspiciously-named cheats from shady websites. Especially look out for typosquatting. Had a couple of idiots install JJSploit from jjsploit.net which is not the official download, only wearedevs.net is.

 

The bottom line is this: Stop panicking. Think for yourself. Just because a program interacts with your system in a way you don’t understand doesn’t mean it’s out to get you. We all need to be a little more critical and cautious, but don’t let fear of the unknown turn into wild accusations. Learn how these cheats work. Learn how to analyze malware. Analyze, verify, and most importantly: use your brain.

  • 0

Added

A Little Kickstart

 

If you want to start analyzing exploits to test their safety, I would look into tools like Wireshark for monitoring network traffic, Procmon for observing system calls and file activity, and IDA Pro (or Ghidra, if you're looking for a free alternative) for reverse engineering binaries. These tools are essential for anyone looking to dive deeper into malware analysis or just understand how certain software behaves under the hood.

 

Just remember—don’t expect a quick fix or immediate results. Analysis takes time, practice, and a willingness to dive into the weeds of how things work. You might have to learn a lot of basics before even scratching the surface, but once you’re comfortable with these tools, you’ll be in a much better position to make your own conclusions about the safety of software and cheats.

 

Combine this with a strong mind, and you're basically all set. Here are some of the thought patterns you'll need:

  • 0

Added

Data exfiltration fundamentally requires sending personal data out of your LAN, so if you see a game cheat or software sending encrypted traffic to a server, that doesn’t mean it’s stealing your data. It means it’s just sending data out in a way that’s protected from prying eyes. You need to assess the type of traffic (e.g., is it login data, encryption keys, or user IDs?) before jumping to conclusions.

 

Memory manipulation (like changing in-game values) doesn’t inherently mean a cheat is malicious. Cheats modify game state by changing values in memory. It's a typical and necessary behavior for any kind of game modification. When your antivirus flags this, it's usually just reacting to the way cheats interact with memory, not to any real malicious intent.

 

Flags and warnings from antivirus tools don’t always mean there’s a threat. Just because something looks suspicious doesn’t automatically mean it’s malicious. It’s important to question the why and how—what’s actually being flagged and why it might be flagged by the tool, based on known patterns or heuristics.

 

Not every file downloaded or process started is a sign of malicious intent. Many people panic when they see a file being downloaded or a new process appearing, assuming it’s a virus or malware. However, software often needs to download additional files for things like updates, patches, or supporting libraries. The key here is to understand the intended behavior of the program. A file being downloaded by itself isn’t a red flag—it’s the purpose and behavior of the file that matters.

  • 0

Added

Closing Thoughts

 

In the end, if you’re going to accuse every cheat of being malicious just because you didn’t do the research, you're making pointless arguments that might, quite literally, be worse than 90% of the political arguments thrown around in the United States.

I mean, come on—at least politicians argue with a little bit of logic sometimes, right? (Well, at least some of them.) But throwing around baseless accusations without understanding the fundamentals of how software works? That’s a whole new level of intellectual dishonesty.

 

As always, I’m here to help. I know a lot, but I am not a miracle worker. Hope you enjoyed this rant. Now go forth and use that brain of yours. Don’t accuse before you understand. It's a much better way to get through life, trust me.

  • 0

Massive computer geek. I focus on cybersecurity now but I pop on randomly to drop lore. https://github.com/reversed-coffee

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )