yimmenu v2 Virus and keylogger/card logger #615
-
|
Hey this may not be a issue for some but I just wanted to make sure I was safe. I was scanning through the code and ran it through Virus Total. When you check the behavior of the most recent update it says it can "Log keystroked via polling" "Parse credit card information" "log keystrokes" "get geographical location" "read clipboard data" It also says it uses a shellcode execution using indirect call + RWX memory use. I don't know if these are standard or normal but they definitely do not seem normal. In the previous release that was a couple days ago it did not have these behaviors. I just want to make sure my stuff and others stuff wont get stolen from this new release. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 4 replies
-
|
I understand that every cheat has characteristics of malware and get false
positives however when I installed it from the official release today and
ran it through Virus Total it is now showing a keylogger and a credit card
logger in the files behavior. when I ran a previous version again from the
official release there was no such behavior. Again I don’t know if this is
normal but it definitely doesn’t seem normal especially with a credit card
logger.
|
Beta Was this translation helpful? Give feedback.
-
|
While VT is useful (I use it in my job), it does blindly go with what other vendors are saying - and that could mean "oh this is patching memory - therefore it must be bad!" without looking at context. Unfortunately with how popular Yimmenu is - it has also seen its fair share of malicious twats taking the source and adding their own code (i.e calling out to a C2 to drop a stealer) to catch users. This is why you never trust downloads on Youtube videos, but by extension it also means VT and other vendors tar everything Yimmenu with the same brush even though they're actually 2 different files, vendors only look for commonalities which can lead to false positives like this. The rule of thumb regardless - never trust any Yimmenu DLL which is not from the releases section here or from a reputable site like Unknowncheats which have a process for looking at uploads for poisoning. |
Beta Was this translation helpful? Give feedback.
-
|
Since all of the anti virus systems say that menus are viruses, you have to trust the people who make the menu and only download it from where they post it. The folks that have created Yimmenu have been around for awhile, and I personally think I can trust them. |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/YimMenu/YimMenuV2/releases/tag/nightly, is it safe or not? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.

More a less - yes. Malicious actors will take the source, add their malware, compile it and upload it to Mega, Discord or some other file sharing site and spread it through Telegram, YouTube, Discord etc etc. They'll target Yimmenu, Menyoo etc because they know it's popular and it'll be easy to convince someone to load it up without thinking.
An antivirus will scan and look for bits of code which does not change similar to how Yimmenu makes memory patterns so it can patch addresses or hook things. AVs function in a similar way. It's scanned the malicious Yimmenu DLL, found some areas which are unlikely to change and made detections for it. The problem is those sections where the AV's have…