Malware in FAF client?

This is for troubleshooting of problems with the FAF client and Forged Alliance game.

Moderator: DukeOfEarl

Malware in FAF client?

Postby Puschkin » 14 Jan 2018, 02:30

Time and again my system gets infected by a browser hijacker called "SocialDownloadr". I wondered how that could happen so many times since I try hard to avoid all known traps. Research on that topic taught me that malware like this are typically installed in bundles with legit software and that is recommended to always do custom installations and excluded all additional software. Well, that's standard procedure for me anyway.
The only software I install on regular basis is FAF, but I never thought that this could come with malware - it's such a great fan project! If that comes with malware, I will lose my faith in humanity!

But the infection kept popping up, suspiciously close to FAF updates. So, this is what I just did, after experiencing issues in FAF:
Step 1) I deinstalled FAF.
Step 2) I ran MalwareBytes. It found zero threats.
Step 3) I installed FAF.
Step 4) I ran MalwareBytes. It found that damn SocialDownloadr again ...

It only infects IE, though, which I use rarely (only when I need to because of compatibility issues), but nevertheless, it is annoying and and outright dangerous for any user that relies on IE. You might argue that whoever uses IE deserves no better, but I will argue that a project like this can't afford to spread malware, even if it only hits Internet Explorer.

So, there you go. I can't believe that, of all places, FAF is the source of malware, and I also can't believe I am the only one to notice. Somehow someone managed to sneak in malware into your installer and nobody ever caught wind of that? Meh.
Last edited by Puschkin on 14 Jan 2018, 15:30, edited 1 time in total.
Puschkin
Crusader
 
Posts: 16
Joined: 25 Mar 2015, 13:00
Has liked: 1 time
Been liked: 4 times
FAF User Name: Puschkin

Re: Malware in FAF client!

Postby PhilipJFry » 14 Jan 2018, 11:17

You're probably the only one to notice because there is no maleware that we distribute and you messed up somehow.
cats>dogs
post logs
User avatar
PhilipJFry
Moderator
 
Posts: 1720
Joined: 23 Mar 2016, 21:16
Location: Austria
Has liked: 198 times
Been liked: 276 times
FAF User Name: PhilipJFry

Re: Malware in FAF client!

Postby DukeOfEarl » 14 Jan 2018, 11:27

Are you using the official python client?

Our installer packages for the python client are produced by python setuptools on the appveyor build service. You can see the process for this here: https://ci.appveyor.com/project/Sheeo/client/build/2771

If python setuptools or appveyor was compromised, that would be pretty shocking. So far we have seen no evidence that that is so, and nobody can reproduce your experience.

Virustotal shows one detection for the latest installer, which is almost certainly a false positive: Suspicious_GEN.F47V1016

So I think something else is going on with your PC that has nothing to do with the FAF client.
DevOps Councillor and Maintainer of the FAF Python Client
aka Duke / OppressiveDuke / DukeOfEarl / duk3luk3 - call me Duke

Problems? Get help in the Tech Support Forum
Have I fixed your problems? You can support me on Patreon and LiberaPay!
User avatar
DukeOfEarl
Councillor - DevOps
 
Posts: 206
Joined: 17 Apr 2013, 14:31
Has liked: 12 times
Been liked: 18 times
FAF User Name: OppressiveDuke

Re: Malware in FAF client?

Postby Puschkin » 14 Jan 2018, 16:01

I am using the installer from this homepage:
https://github.com/FAForever/client/rel ... -win32.msi
And don't know anything about Python.

So, what you are saying is that the problem is on my side. Maybe MalwareBytes doesn't fully remove SocialDownloadr and it keeps reviving itself. I have to investigate.
Puschkin
Crusader
 
Posts: 16
Joined: 25 Mar 2015, 13:00
Has liked: 1 time
Been liked: 4 times
FAF User Name: Puschkin


Return to Tech Support

Who is online

Users browsing this forum: No registered users and 1 guest