D2sage

Actualized.org Trying to install crypto miner?

54 posts in this topic

@D2sage It's you who have some antivirus that gives you false positives. You have fallen for some bullshit marketing of how good their software is. It protects you from imaginary threats.

Share this post


Link to post
Share on other sites
4 minutes ago, Girzo said:

@D2sage It's you who have some antivirus that gives you false positives. You have fallen for some bullshit marketing of how good their software is. It protects you from imaginary threats.

you the straight anti bs patch on this forum I like this

Share this post


Link to post
Share on other sites

@Girzo

All you did there was pure assumption.

Do you own websites yourself? Then you know that you can get malware injected into your site without your knowledge.

This post was not to get your insight from your expertise in Software Engineering. It was to make Leo aware that he maybe has some malware worth looking into. 

False or not, still worth mentioning that I get alerts only on his profile and not somewhere else on the page.

If you just assume threat alert as false then you are an idiot.

Edited by D2sage

Share this post


Link to post
Share on other sites

Calm down, guys. The point is to check for a potentially harmful piece of software. I'm sure Leo is looking into it. Let's just hope that it gets sorted out soon.

Edited by UnbornTao

Share this post


Link to post
Share on other sites
7 hours ago, D2sage said:

@Joyboy @thepixelmonk

Do you have a d'egree in computer science?

I do.

7 hours ago, D2sage said:

A trojan doesn't need your permission to install.

It does. Like you mentioned something like coinimp could use in-browser javascript execution to theoretically contribute to some sort of mining but nothing is "installed".

7 hours ago, D2sage said:

And the code only tries to install on my PC when I visit Leo Gura profile. 

Nothing is special about his profile. Your shit is broken.

Share this post


Link to post
Share on other sites
36 minutes ago, something_else said:

@thepixelmonk Websites mining cryptocurrency when you visit is absolutely a thing. And it is absolutely possible for it to be injected into a site, too:

https://blog.sucuri.net/2018/10/obfuscated-javascript-cryptominer.html

https://threats.kaspersky.com/en/threat/Trojan.JS.Miner/

Again, yes, in-browser javascript execution could theoretically contribute to some form of mining, but nothing gets "installed", and once you close the tab you're fine. And yes, if you already have malware of some form installed of course it can inject itself into certain places.
 

Quote

Unauthorized drive-by downloads are downloads which happen without a person's knowledge, often a computer virus, spyware, malware, or crimeware.[2]

Drive-by downloads may happen when visiting a website,[3]

https://en.wikipedia.org/wiki/Drive-by_download

99.9% of "drive by downloads" are the first type described- authorized, but unintended.

Edited by thepixelmonk

Share this post


Link to post
Share on other sites
25 minutes ago, thepixelmonk said:

Again, yes, in-browser javascript execution could theoretically contribute to some form of mining, but nothing gets "installed" and once you close the tab you're fine. And yes, if you already have malware of some form installed of course it can inject itself into certain places.

You're pedantically focusing on OPs technically incorrect use of the word install, but it's pretty obvious what OP was talking about. You can infer from context that he is talking about malicious/trojan JS being downloaded and executed behind the scenes on the website.

He even uses the correct word 'injected' in the post you quoted originally to give him a hard time about using the word 'install'. That original post more gives me the impression that you misunderstood what was happening, and you're clinging to the fact that he technically used 'install' incorrectly to avoid admitting that. Maybe because English isn't his first language :P

Quote

theoretically contribute to some form of mining

If it was theoretical, no one would do it. But lots of people do. If you have 10k users running that script it will generate some income. There was talk of using that to replace ads on websites at one point.

6 hours ago, Girzo said:

@D2sage It's you who have some antivirus that gives you false positives. You have fallen for some bullshit marketing of how good their software is. It protects you from imaginary threats.

There is always a tradeoff between being too strict and too lenient with AV. If you are too strict, you get lots of false positives, if you are too lenient you get lots of false negatives. Considering the cost of a false negative (real virus not being found) can be very high (identity theft, money theft, theft of your computer resources, leaked passwords, keylogger, nudes sent to the entire world, blackmail, etc. etc.), good AV often errs on the side of caution and provides more false positives.

Edited by something_else

Share this post


Link to post
Share on other sites
3 hours ago, something_else said:

You're pedantically focusing on OPs technically incorrect use of the word install, but it's pretty obvious what OP was talking about. You can infer from context that he is talking about malicious/trojan JS being downloaded and executed behind the scenes on the website.

He even uses the correct word 'injected' in the post you quoted originally to give him a hard time about using the word 'install'. That original post sounds like you misunderstood what was happening and now you're clinging to the fact that he technically used 'install' incorrectly, maybe because English isn't his first language :P

It's not pedantic, the difference between some background javascript running and actually having malicious trojans downloaded and installed onto your computer is a hugely significant difference. Very explicitly stating install multiple times, that it can "be run independently of the actualized.org site", zurew linking the "drive by downloads", etc. in multiple contexts, it was not "pretty obvious" and needed clearing up.

The entire source of the file in question is: https://pastebin.com/raw/uUdgE8xy. There is obviously no "bitcoin miners" here. It's a false positive.

Honestly most likely, if anything, is OP himself has other malware on his computer that is injecting it onto the page lmao.

Edited by thepixelmonk

Share this post


Link to post
Share on other sites

@thepixelmonk

My PC has a fresh Windows 11 installed and the source of the "malware" is from this site.

12 hours ago, thepixelmonk said:

The entire source of the file in question is

Also, that's not the entire source of the file you linked hehe, here's the whole thing https://pastebin.com/raw/ZeBwZtvG :P

You have no clue what you're talking about.

Would be better if a Javascript developer could confirm.

Here's how google analytic script look. 

fetasdads.png

The code  itself (embedded JavaScript), it is not obvious that this will track your location, device, age etc? 

So the potential miner script here would not be so obvious.

Edited by D2sage

Share this post


Link to post
Share on other sites
7 minutes ago, D2sage said:

@thepixelmonk

My PC has a fresh Windows 11 installed and the source of the "malware" is from this site.

Also, that's not the entire source of the file you linked hehe, here's the whole thing https://pastebin.com/raw/ZeBwZtvG :P

You have no clue what you're talking about.

Would be better if a Javascript developer could confirm.

I deal with javascript every single day, there's nothing on that pastebin either. The source is your browser. How it got there doesn't necessarily have anything to do with actualized.org. Nice malware filled system you got over there lmao.

Share this post


Link to post
Share on other sites

@thepixelmonk You don't sound credible at all, more like a fool tbh. "lmao" My system is clean. 

Why am I only getting alerts when visiting profile? But nowhere else on the site?

And you can clearly see the source right here:

kuk.png

asdasadsadsads.png

February 3rd. First time I visited this site on my new PC. But then I did not care, but now I think its worth mentioning.

Edited by D2sage

Share this post


Link to post
Share on other sites
17 minutes ago, D2sage said:

 

fetasdads.png

The code  itself (embedded JavaScript), it is not obvious that this will track your location, device, age etc? 

So the potential miner script here would not be so obvious.

Did you literally just screenshot a completely unrelated, standard installation of google analytics as some sort of proof of actualized bitcoin mining hahahah. And yes, it tracks whatever easily available public information is available to it. What a surprise for an analytics script.

Share this post


Link to post
Share on other sites

@thepixelmonk The point was: The code is not obvious that it is a miner. 

To view the tracked data you need another platform. So its 100% possible that the js. file on actualized.org can be a miner. 

Plus, the code here is trying to execute on my computer.

Why am I only getting alerts when visiting profile? But nowhere else on the site?

And you can clearly see the source right here:

February 3rd. First time I visited this site on my new PC. But then I did not care, but now I think its worth mentioning.

 

asdasadsadsads.png

kuk.png

Edited by D2sage

Share this post


Link to post
Share on other sites
1 minute ago, D2sage said:

@thepixelmonk The point was: The code is not obvious that it is a miner.

The fact that snippet is loading an outside script is super obvious.
 

Quote

Why am I only getting alerts when visiting profile? But nowhere else on the site?

And you can clearly see the source right here:

 

kuk.png

February 3rd. First time I visited this site on my new PC. But then I did not care, but now I think its worth mentioning.

 

asdasadsadsads.png

Reposting screenshots of your false positives / malware filled windows computer doesn't mean anything. Nothing is in that file.

Share this post


Link to post
Share on other sites
2 minutes ago, D2sage said:

@thepixelmonk I hope you're right. 

@Leo Gura 

You can delete the js file? The site will work just fine. Better safe than sorry.

Yeah just delete all the profile page javascript the site will work just fine.

/s

Share this post


Link to post
Share on other sites
3 hours ago, thepixelmonk said:

Yeah just delete all the profile page javascript the site will work just fine.

/s

@thepixelmonk

Not all, just that one. 

Well, the path is https://www.actualized.org/forum/uploads/

Isn't that the same catalog where our uploaded media files are. 

Edited by D2sage

Share this post


Link to post
Share on other sites
3 hours ago, thepixelmonk said:

Reposting screenshots of your false positives / malware filled windows computer doesn't mean anything. Nothing is in that file.

So my computer is now hosted  here on actualized.org/forum/uploads O.o 

I run online servers, a kratom forum, and websites. My PC is cleaner than your vocabulary.

It is classified as a Trojan because it is typically disguised as a legitimate file and is designed to deceive the victim into running it on their computer.

Look, I know some of you guys here would drink Leos bathwater. 

You fail to realize one thing. I am not bashing Leo that he’s injected some code.  On my old PC, I had poor security and did not care about alerts. Then I got my credit card stolen and Instagram hacked. I am just cautious nowadays and more alert online.

Edited by D2sage

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now