Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)

It looks like a bitcoin miner was included in the installer, and the admins on 1337x may or may not give a shit apparently. Scanned my pc and my wifes and found the same stuff the others mentioned.

According to the other comments, don’t feel the need to uninstall as the miner was installed separate to the game, just give a Malwarebytes scan to get rid of the junk.

Unruffled [he/him]
mod
link
fedilink
English
241Y

I reported it on 1337x earlier today, but they aren’t very responsive. Fitgirl has it listed as an upcoming repack, so hopefully not long to wait for a clean copy.

You shouldn’t trust anything uploaded there by IGGGames. They’ve been caught before adding miners to their files. I downloaded the rune release somewhere else seeing as they were the uploader on 1337x. I only really use 1337x for fitgirl repacks.

Why not from fitgirl page directly?

I mean I do grab the torrent link from the fitgirl site, but I find the torrent faster to download than the direct download links.

@ABCDE@lemmy.world
link
fedilink
English
21Y

Will we get a Mac version?

@daninet@lemmy.world
link
fedilink
English
41Y

On the private tracker I’m at I have already seen a clean mirror uploaded

If you aren’t scanning every software you download, whether a pirate torrent or normal direct download, that’s kinda your own fault

@realherald@lemmy.world
link
fedilink
English
31Y

No downloading much anyways, but if I were to start, how would I go about scanning the files properly? Could you recommend something to read up on the topic?

@Pulp@lemmy.dbzer0.com
link
fedilink
English
41Y

For small files virustotal is great

@realherald@lemmy.world
link
fedilink
English
21Y

Thanks, will check out! :-)

@kniescherz@feddit.de
link
fedilink
English
731Y

To be fair, I cannot remember a software where no anti virus program turned red. Those cracks always look suspicous to the heuristics.

@Pulp@lemmy.dbzer0.com
link
fedilink
English
51Y

They usually say something generic like HackTool.

Of course but it’s usually pretty easy to filter out the false positives that always appear as a Trojan (because of the file modification payload) vs a crypto miner

@Graphy@lemmy.world
link
fedilink
English
101Y

Do you have a guide or anything I can checkout? I usually google what flags show up and use big name uploaders but never know for sure.

@boonhet@lemm.ee
link
fedilink
English
31Y

Agreed, but if it’s a GOG release it doesn’t need a crack because it never had DRM in the first place.

GeekFTW
creator
link
fedilink
181Y

Oh 100%. Was a dumb moment where I didn’t expect it and didn’t bother, and neither did a lot of other people from the looks of it. Good thing is it was something fixable in less than 5 mins and not a bigger problem.

@AceBonobo@lemmy.world
link
fedilink
English
71Y

I would completely reformat all affected machines. AVs are not perfect. Yes it sucks, but imagine the consequences of doing any form of banking on an infected machine.

GeekFTW
creator
link
fedilink
11Y

Amazingly enough this all happened on 2 machines with 2-week-old OS installs so, honestly not a huge hassle to do so lmao.`

teft
link
fedilink
English
791Y

Motherfuckers out here rawdogging the internet like it’s 1998.

Piecemakers
link
fedilink
English
91Y

Even in '98, that was fucking stupid.

@crow@beehaw.org
link
fedilink
English
161Y

It just feels better… I can’t feel the bits otherwise.

Is DODI’s repack safe?

Hextic
link
fedilink
English
491Y

LOL idiots BG3 is DRM Free just get the GOG installer, surely people mirror that shit, I’ve seent it before.

There’s a whole ass site for exactly that in the megathread.

deleted by creator

@mlg@lemmy.world
link
fedilink
English
181Y

I mean

He said it installed separately

So blocking the network for the game or the installer wouldn’t achieve anything lol

deleted by creator

@mlg@lemmy.world
link
fedilink
English
11Y

I don’t run a whole ass DPS firewall for my home network lmao.

Firewall won’t do anything if the mining software was made decently well and just hides every connection through outgoing HTTPS.

deleted by creator

@mlg@lemmy.world
link
fedilink
English
11Y

I’m talking about the firewall which is network handling only.

Most host firewalls only block incoming traffic.

All you have to do is get all mining data by making outgoing web connections to some random proxy, which can optionally have a domain to look more legit.

Firewall won’t care, and unless you’re pouring over the logs or looking at active connections, you won’t find it either.

Since it’s mining software, the fastest giveaway would be high usage or running an anti-virus to find sketchy executables.

I’m assuming OP is on windows which means the installer asked for admin perms to install to program files which is a really easy way to hide your mining executable assuming it hasn’t been fingerprinted by popular anti virus yet.

deleted by creator

Yeah the thing is it installs programs that then give themselves access. You can block install.exe all you like, they’re way more advanced than that.

deleted by creator

@src@lemmy.world
link
fedilink
English
6
edit-2
1Y

If you have a firewall like Tinywall, you can set it to block all apps from accessing the Internet unless they’re explicitly allowed to. Problem solved?

Dont be mad at me but I bought the game from GOG :)

@hypna@lemmy.world
link
fedilink
English
40
edit-2
1Y

I mean, it’s an mtx-free, drm-free, full feature game. If BG3 isn’t worth paying for, I don’t know what is.

Yes. If such developers are not awarded then they will also switch to the dark side.

tekeous
link
fedilink
English
111Y

Empress was right

@stappern@lemmy.one
link
fedilink
English
91Y

Nah

HatchetHaro
link
fedilink
611Y

Just popping in to say that if you enjoy the game and if you are financially able to, buy the game properly to support the developers, especially Larian Studios.

If a dev studio should be financially incentivized to keep doing what they’re doing, it’s this one

moosetwin@FMHY
link
fedilink
English
211Y

I opened this post all scared that I might’ve accidentally downloaded malware and my fuckin’ AV alerted

yeah yeah I know piracy and AVs don’t generally mix

I get a notification of malware from that address pretty often, could someone explain what it is?

smpl
link
fedilink
English
31Y

My guess is that it’s an instance of some federated platform talking to lemmy, which has once been used to serve malware by one of its users. AFAIK lemmy only fetch avatars directly from instances, but it’s a privacy nightmare which, admittedly easy to say for one who doesn’t pay for storage space, should be mitigated with a caching mediaproxy.

Altima NEO
link
fedilink
English
41Y

isnt malwarebytes kinda crap these days?

Heads up, that joke actually makes no sense.

File extensions for executable binaries is very much a windows thing. For Linux/Unix it would either be linux.sh (a script file) or just Linux

It doesn’t matter, inux does not rely on extensions, so you can name a Linux executable .exe .bin or anything. When I was learning ocaml that’s what our teacher was naming his executables.

but plz don’t do it it’s cursed and I hate it, thank you

smpl
link
fedilink
English
21Y

Why would you run linux.exe from Linux?

So would linux.txt if you did a chmod +x

godless
link
fedilink
English
171Y

Nah they do a good job. They are having intrusive popups asking you to subscribe to their paid tier for scheduled searches and real time protection, but if you know what you want/need, the free version is alright.

deleted by creator

Altima NEO
link
fedilink
English
11Y

What joke? I didnt make one.

I downloaded the RUNE release from TorrentLeech and Windows Defender found a trojan so yeah I’ll believe it. I guess I’ll wait for a FitGirls repack.

Nimmo
link
fedilink
English
-21Y

Now that’s not something I’d have expected. I’ve never encountered anything like that in the nearly 15-20 years I’ve been using TL.

@Pulp@lemmy.dbzer0.com
link
fedilink
English
11Y

20? Interesting.

Nimmo
link
fedilink
English
11Y

Just took a look at my profile, registered on 27 June 2006. So it’s in my 15-20 year window that I mentioned

More than likely a false positive- they often show up as Trojans due to the payload. I saw a similar issue from the rune release off of my private tracker.

I’ve had false positives from cracks on TL before, several times. I respect your carefulness with a known problem with another release, though.

@hogart@feddit.nu
link
fedilink
English
11Y

From TL? Really? That’s a surprise I didn’t wanna hear! :/

JelloBrains
link
fedilink
31Y

Sadly even with private sites a lot of things are taken from a public source and you occasionally run into this problem. Like some people up their ratios on these sites by using their VPN to get the public torrent and then seeding it back to the private one.

@Pulp@lemmy.dbzer0.com
link
fedilink
English
11Y

As long as the first uploader didn’t do it, then that won’t cause other downloaders any issues. Torrents always verify the hash is correct and will discard bad data. And TorrentLeech has uploading torrents limited.

Elegast
link
fedilink
English
61Y

Torrent galaxy rune release. However not seeing any issues? Malwarebytes scans coming up clean. No integritycheck folder in app data. No hidden process running when game running. 🤷‍♂️?

It’s even worse apparently. Apparently someone looked at where the coins are going, and the coins are going to the 1337x admins, and the uploader is just getting a cut of those coins. Which explains why the admins are unlikely to really care because they’re profiting off their users.

I have severe trust issues with any kind of pirated software so I basically never download it as a result, and shit like this is why. Even private trackers and “trusted” groups aren’t enough for me to download most software.

@Pulp@lemmy.dbzer0.com
link
fedilink
English
141Y

How did they figure that out?

Crytpo isn’t inherently anonymous. you can easily follow coins.

Yeah. Unless you use a tumbler (and even then) crypto is actually less anonymous than traditional banking due to all being public record.

@HelixDab2@lemm.ee
link
fedilink
English
81Y

Obligatory plug for Monero.

…Which is a huge fucking hassle to try and use, IMO.

@Puzzle_Sluts_4Ever@lemmy.world
link
fedilink
English
8
edit-2
1Y

I haven’t been following monero too much but… I would not count on their protections to matter all that much. Because you can bet the FBI/CIA/NSA equivalents around the world have put in the effort to de-obfuscate that. Because this is a relatively low cost grant to a few grad students that means they can do whatever investigations they want without needing the equivalent of a warrant and cooperation from other orgs.

I am an old fart. But I definitely remember getting some DOD grants to work on a specific architecture (that never had widespread release) with mysterious instructions that I now understand map to common operations in cryptography (of the era). I got some nice papers about graph analysis and they got some very valuable ability to handle complex networks of interactions.


Tangential, but Real Genius is probably still the greatest media portrayal of STEM grad school in existence. You have those weird social interactions (because people with people skills already have real jobs) and those fucked up relationships (… hopefully not statutory rape…). But you are either a dumbass Believer or you rapidly grow to understand the inherent ethical concerns of your field of study. And as much as you wish you could take the weapon you accidentally made for the military and blow up a prop house with popcorn… the reality is that you end up closer to Lazlo and live with the realization that people are probably suffering and dying for your work for the rest of your life. And it is up to you on whether that manifests as alcoholism or activism.

@kklusz@lemmy.world
link
fedilink
English
21Y

What about it was a hassle for you?

@HelixDab2@lemm.ee
link
fedilink
English
21Y

First, the fact that I have to download the whole blockchain to use it. I’m not on a super fast connection, so that took like a day. The difficulty and expense of getting Monero was also an issue; I had to buy Bitcoins, then move Bitcoins to an exchange that would let me buy Monero, because the exchange I could buy Bitcoin on didn’t work with Monero (due to the perception that it’s only used for criminal activity). At every step, there’s a transaction fee, and that fee isn’t entirely transparent up front, so it’s harder to estimate what the final price (in fiat currency) will be.

At the tiem I was trying to use it, there weren’t any user-friendly wallets, and I don’t think there was any capability to use it from a mobile phone; that makes it more difficult to use than other crypto.

I’m not sure how well it plays with Tails of Qubes; I never got far enough to give it a shot.

I’m not saying that any of these thigns are bad, but they do make it harder for a typical person to start using, and until more regular people are using privacy-focused crypto and operating systems, they’re always going to have the appearance of being used for crime only.

@kklusz@lemmy.world
link
fedilink
English
21Y

Ah thanks for explaining! Yeah the inability to purchase it directly on local exchanges is a bummer, although if localmonero vendors are available in your area, you may be able to pay them using your local bank account too.

These days you definitely don’t have to download the entire blockchain to use it; you can just connect to someone else’s node. But if you want to restore an old wallet, you unfortunately do have to run through each blockchain transaction after the wallet was created, to see if any of those transactions belong to you. There’s also a mobile app nowadays called Cake Wallet.

All in all, I agree that it’s not the friendliest crypto to use, unfortunately. Its main selling point is privacy, and criminals are more incentivized than others to protect their privacy, so I’m not sure how it’ll ever shake off that image.

@lemming007@lemm.ee
link
fedilink
English
101Y

You can follow the wallet address , but unles you know who the address belongs to, you can’t follow it. So we ask again, where the proof that the coins went to site admins?

@Steeve@lemmy.ca
link
fedilink
English
321Y

Do you have any evidence of that?

can we get some proof? this is really interesting. I’d like to see how they’re tracking stuff

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
!piracy@lemmy.dbzer0.com
Create a post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

  • 1 user online
  • 121 users / day
  • 372 users / week
  • 861 users / month
  • 3.42K users / 6 months
  • 1 subscriber
  • 3.48K Posts
  • 83.3K Comments
  • Modlog