Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)
It looks like a bitcoin miner was included in the installer, and the admins on 1337x may or may not give a shit apparently. Scanned my pc and my wifes and found the same stuff the others mentioned.
According to the other comments, don’t feel the need to uninstall as the miner was installed separate to the game, just give a Malwarebytes scan to get rid of the junk.
For gog games you can check the digital signature on the installer to make sure it’s legit. It should be signed by GOG.
If you aren’t scanning every software you download, whether a pirate torrent or normal direct download, that’s kinda your own fault
Motherfuckers out here rawdogging the internet like it’s 1998.
It just feels better… I can’t feel the bits otherwise.
Even in '98, that was fucking stupid.
Oh 100%. Was a dumb moment where I didn’t expect it and didn’t bother, and neither did a lot of other people from the looks of it. Good thing is it was something fixable in less than 5 mins and not a bigger problem.
I would completely reformat all affected machines. AVs are not perfect. Yes it sucks, but imagine the consequences of doing any form of banking on an infected machine.
Amazingly enough this all happened on 2 machines with 2-week-old OS installs so, honestly not a huge hassle to do so lmao.`
No downloading much anyways, but if I were to start, how would I go about scanning the files properly? Could you recommend something to read up on the topic?
For small files virustotal is great
Thanks, will check out! :-)
To be fair, I cannot remember a software where no anti virus program turned red. Those cracks always look suspicous to the heuristics.
Agreed, but if it’s a GOG release it doesn’t need a crack because it never had DRM in the first place.
You shouldn’t trust anything uploaded there by IGGGames. They’ve been caught before adding miners to their files. I downloaded the rune release somewhere else seeing as they were the uploader on 1337x. I only really use 1337x for fitgirl repacks.
Why not from fitgirl page directly?
I mean I do grab the torrent link from the fitgirl site, but I find the torrent faster to download than the direct download links.
LOL idiots BG3 is DRM Free just get the GOG installer, surely people mirror that shit, I’ve seent it before.
There’s a whole ass site for exactly that in the megathread.
deleted by creator
Yeah the thing is it installs programs that then give themselves access. You can block install.exe all you like, they’re way more advanced than that.
If you have a firewall like Tinywall, you can set it to block all apps from accessing the Internet unless they’re explicitly allowed to. Problem solved?
deleted by creator
I mean
He said it installed separately
So blocking the network for the game or the installer wouldn’t achieve anything lol
deleted by creator
I don’t run a whole ass DPS firewall for my home network lmao.
Firewall won’t do anything if the mining software was made decently well and just hides every connection through outgoing HTTPS.
deleted by creator
I’m talking about the firewall which is network handling only.
Most host firewalls only block incoming traffic.
All you have to do is get all mining data by making outgoing web connections to some random proxy, which can optionally have a domain to look more legit.
Firewall won’t care, and unless you’re pouring over the logs or looking at active connections, you won’t find it either.
Since it’s mining software, the fastest giveaway would be high usage or running an anti-virus to find sketchy executables.
I’m assuming OP is on windows which means the installer asked for admin perms to install to program files which is a really easy way to hide your mining executable assuming it hasn’t been fingerprinted by popular anti virus yet.
deleted by creator
I reported it on 1337x earlier today, but they aren’t very responsive. Fitgirl has it listed as an upcoming repack, so hopefully not long to wait for a clean copy.
I opened this post all scared that I might’ve accidentally downloaded malware and my fuckin’ AV alerted
yeah yeah I know piracy and AVs don’t generally mix
I get a notification of malware from that address pretty often, could someone explain what it is?
My guess is that it’s an instance of some federated platform talking to lemmy, which has once been used to serve malware by one of its users. AFAIK lemmy only fetch avatars directly from instances, but it’s a privacy nightmare which, admittedly easy to say for one who doesn’t pay for storage space, should be mitigated with a caching mediaproxy.
On the private tracker I’m at I have already seen a clean mirror uploaded
I downloaded the RUNE release from TorrentLeech and Windows Defender found a trojan so yeah I’ll believe it. I guess I’ll wait for a FitGirls repack.
Torrent galaxy rune release. However not seeing any issues? Malwarebytes scans coming up clean. No integritycheck folder in app data. No hidden process running when game running. 🤷♂️?
More than likely a false positive- they often show up as Trojans due to the payload. I saw a similar issue from the rune release off of my private tracker.
isnt malwarebytes kinda crap these days?
Nah they do a good job. They are having intrusive popups asking you to subscribe to their paid tier for scheduled searches and real time protection, but if you know what you want/need, the free version is alright.
deleted by creator
What joke? I didnt make one.
Will we get a Mac version?
It’s even worse apparently. Apparently someone looked at where the coins are going, and the coins are going to the 1337x admins, and the uploader is just getting a cut of those coins. Which explains why the admins are unlikely to really care because they’re profiting off their users.
I have severe trust issues with any kind of pirated software so I basically never download it as a result, and shit like this is why. Even private trackers and “trusted” groups aren’t enough for me to download most software.
Do you have any evidence of that?
Dont be mad at me but I bought the game from GOG :)
Is DODI’s repack safe?
