Forged Alliance Forever

Re: Malware in FAF client?

2018-01-14T16:01:06+02:00

I am using the installer from this homepage:
https://github.com/FAForever/client/rel ... -win32.msi
And don't know anything about Python.

So, what you are saying is that the problem is on my side. Maybe MalwareBytes doesn't fully remove SocialDownloadr and it keeps reviving itself. I have to investigate.

Statistics: Posted by Puschkin — 14 Jan 2018, 16:01

Re: Malware in FAF client!

2018-01-14T11:27:26+02:00

Are you using the official python client?

Our installer packages for the python client are produced by python setuptools on the appveyor build service. You can see the process for this here: https://ci.appveyor.com/project/Sheeo/client/build/2771

If python setuptools or appveyor was compromised, that would be pretty shocking. So far we have seen no evidence that that is so, and nobody can reproduce your experience.

Virustotal shows one detection for the latest installer, which is almost certainly a false positive: Suspicious_GEN.F47V1016

So I think something else is going on with your PC that has nothing to do with the FAF client.

Statistics: Posted by DukeOfEarl — 14 Jan 2018, 11:27

Re: Malware in FAF client!

2018-01-14T11:17:07+02:00

You're probably the only one to notice because there is no maleware that we distribute and you messed up somehow.

Statistics: Posted by PhilipJFry — 14 Jan 2018, 11:17

Malware in FAF client?

2018-01-14T15:30:11+02:00

Time and again my system gets infected by a browser hijacker called "SocialDownloadr". I wondered how that could happen so many times since I try hard to avoid all known traps. Research on that topic taught me that malware like this are typically installed in bundles with legit software and that is recommended to always do custom installations and excluded all additional software. Well, that's standard procedure for me anyway.
The only software I install on regular basis is FAF, but I never thought that this could come with malware - it's such a great fan project! If that comes with malware, I will lose my faith in humanity!

But the infection kept popping up, suspiciously close to FAF updates. So, this is what I just did, after experiencing issues in FAF:
Step 1) I deinstalled FAF.
Step 2) I ran MalwareBytes. It found zero threats.
Step 3) I installed FAF.
Step 4) I ran MalwareBytes. It found that damn SocialDownloadr again ...

It only infects IE, though, which I use rarely (only when I need to because of compatibility issues), but nevertheless, it is annoying and and outright dangerous for any user that relies on IE. You might argue that whoever uses IE deserves no better, but I will argue that a project like this can't afford to spread malware, even if it only hits Internet Explorer.

So, there you go. I can't believe that, of all places, FAF is the source of malware, and I also can't believe I am the only one to notice. Somehow someone managed to sneak in malware into your installer and nobody ever caught wind of that? Meh.

Statistics: Posted by Puschkin — 14 Jan 2018, 02:30