this post was submitted on 19 Oct 2024
28 points (91.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54565 readers
398 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
dataprolet@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
28
BlockTheSpot compromised or false positive? (github.com)
submitted 3 weeks ago by DoctorButts@kbin.melroy.org to c/piracy@lemmy.dbzer0.com
13 comments fedilink hide all child comments
 

Seems strange that the dev seems to be keeping quiet on this, no? I'm not telling you to read every comment of every post, you can just skim the post titles. Then you'll see multiple open issues and a few closed issues too going back 5 days to the latest BtS update.

Though I haven't followed this project long enough to tell if this is just the way they normally behave.

Edit:

I'm back at my computer, so it's easier to edit and add info now.

Some key points that have stuck out to me:

  • Previous version released in July only triggers 2 detections on Windows defender versus 29 for the most recent version: https://i.imgur.com/GIoH7eG.png

  • Users getting constantly pestered to update to the latest version: https://i.imgur.com/Oege3kU.png

  • Yeah, naturally, the dev is going to say it's a false positive. Obviously. I've only mentioned that the dev has previously responded because some people barely skimmed through the issues and thought the dev simply hadn't seen the latest open issue from only a few hours ago, when that is not the case.

you are viewing a single comment's thread
view the rest of the comments
[–] fl42v@lemmy.ml 2 points 3 weeks ago* (last edited 3 weeks ago)

So, the "[edit: ~~last~~] previous update" was built from ac41318, since then there were exactly 2 commits:

Both do not immediately look malicious. So, either the release is poisoned (in which case you can build it from source and see if still detected), or the repo was poisoned before, and the payload didn't activate until those changes, or AVs decided to crackdown on random shit running their code in other law-abiding processes' address space 🤣