Be Wary of "KiLO"

Discussion in 'Server & Community Management' started by Night, May 17, 2015.

Thread Status:
Not open for further replies.
  1. This thread has been found to have little to no factual basis and is left for posterity only.

    There's an extremely sketchy mc client out there, it's called KiLO. It looks *really* nice, but I don't trust it at all.
    Code (Text):

    https://www.youtube.com/watch?v=T9LeI88Yzis
     
    The code is extremely heavily obfuscated, and is picked up by several antivirus softwares - [ https://www.virustotal.com/en/file/...144c1295a7f3c7c62074d511/analysis/1431800077/ ] I'd suggest that nobody use it until we have a clearer idea of what this client is capable of and what it does.

    Here is the source generated from bytecode (it broke fernflower):
    https://git.minepay.net/projects/KILO/repos/bytecode/browse
     
    #1 Night, May 17, 2015
    Last edited by a moderator: Jun 15, 2015
    • Informative Informative x 2
  2. Not to mention one of its author developed the client Matix, which was proven to have a RAT in one of its releases.
    Also here's not notes from a friend who ran it in his VM. The client's extremely laggy, shit doesnt work very well, and its all around bad. It just looks pretty. Also loading screen is a mp4, so yeah, tells you how much the developers actually know.
     
  3. Everything's laggy if you run it in a VM :p

    but yea, it is bad
     
  4. Oh my god, that client is so...... much.
     
  5. True, but we're talking vanilla mc still gets ~80fps, on kilo he had ~20
     
  6. Not defending the client, but you used a VM, not fully tested naturally, it was fine for me, better than vanilla.
     
    • Agree Agree x 2
  7. So using a VM instantly degrades the context of everything not wrong?

    I would never run that normally. One author is known to infect his users in the past. Any decently coded java application should never trigger an detections ever.

    And how can something that clearly is bloated to hell ever be better than vanilla. You should clear your java cache in the meantime.
     
  8. if anyone would like to help reverse the client, please send me a PM and you'll be added to the skype chat.
     
  9. mm, look at the comments, kiddies going crazy.
    this seems like a well thought of OP to get slaves.

    client looks real good + lots of kids using it + RAT packed in = lots of slaves for a commander (botnet - slave/commander)

    and is it just me or is some of the features in it not possible via only Java?
    is he using something external? C maybe?
     
  10. which ones, I didnt look at the feature list
     
  11. I'm going to play devil's advocate and say maybe it's obfuscated because there's something in it that they don't want mojang or ncp to be able to reverse engineer and patch. Still seems sketch
     
    • Agree Agree x 1
  12. Because any half smart developer is totally gonna release private exploits/bypasses to the public
    *sarcasm*
     
  13. well, the UI is kinda amazing looking for Java, though I haven't ever worked with designing in Java.
    Anyways, I guess the playing music feature isn't too complex via Java, eh, maybe it is all Java.
     
  14. If someone finds one and they think they can cover it up well enough they might give it a try. People release exploits publicly for much much more important things than minecraft all the time after all.
     
  15. If you wanted to make a botnet (I'm not condoning this), this would be the ideal way to. The majority of hacked client users are children that will download anything. This client seems like the mother of all hacked clients and they're going to be super excited and download it, meanwhile it's a botnet program/virus.
     
    • Agree Agree x 2
  16. You clearly don't understand how java bytecode works. So stop arguing.
     
  17. Not hard to replicate a flat ui via opengl.
     
  18. I'm on a Mac, and I'm seeing roughly the same amount of theads and %cpu in Kilo vs Vanilla vs other hacked clients, such as Metro. While I am experiencing quite a bit of lag spikes, and several freezes (for 1 or 2 seconds), I'm not too sure it's a rat yet. I'm going to stay safe and not use it until there is more information on it. I'd advise all y'all to do the same :)
     
    • Agree Agree x 1

  19. Using a VM versus a natural machine is obviously different..if you dont know this i feel bad for you.

    I tested it on an extra old laptop i had, doesnt really matter, used a random alt.


    Like i said before, in my opinion, ran better than vanilla with higher framrates for me.
    Not defending it again, just sharing my info.
     
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  20. You clearly missed the entire point of my original post. It was compared with vanilla. Both being run in a VM doesn't change the fact that the tests are what they are. Not everyone has an extra laptop they can use for purely testing, but not being dumb and running something that is most likely infected is something one should never do.

    You don't understand what a VM is, used for, and how they relate to testing. I feel bad for you. Whether an OS is run in a VM or installed on a partition doesn't degrade testing at all (unless ofc said testable item has some sort of anti virtualization techniques)
     
Thread Status:
Not open for further replies.