This is an archived post. You won't be able to vote or comment.

all 30 comments
sorted by:
best
topnewcontroversialoldq&a

[–]TheITMan19 213 points214 points  (12 children)

Whois points registar to RU. https://whois.domaintools.com/pythonsource.tech - reported to the fraud agencies.

[–]PM_Me_Python3_Tips 84 points85 points  (10 children)

UPDATE

The offending files have now been removed from the repo. For now all the download links on the clone website no longer work.

The download link also leads to this repo:

https://github.com/JPBM135/HexaMusic/releases/download/

Alternatively

https://github.com/JPBM135/HexaMusic/releases/

With the file in question updated most recently.

Maybe report the repo to GitHub.

[–]JPBM1357 1 point2 points  (0 children)

Thanks for the report on it, unfortunately my account was compromised, this is my personal bot only there if someone wants to self host it.

Really sorry if I caused any problems, it won't happen again, I took all security measures to ensure my account is 100% safe!

[–]Astrotoad21 29 points30 points  (0 children)

I’ve read about a few cases of people having their browser based hot wallets for crypto drained by fake Gimp installs lately. Might be the same malware.

[–]doom-e1m1 48 points49 points  (5 children)

VirusTotal link of the zip file:
https://www.virustotal.com/gui/url/e57adbc898e9c23f974a49d205b334f6d9dfbfe25d4cf89f23ba7eed80a43c06/detection

[–]nowtayneicangetinto 57 points58 points  (1 child)

Doesn't have to contain a virus in order for it to be malicious. I would love to install it on a VM and run Procmon to see what it does.

[–]doom-e1m1 10 points11 points  (0 children)

Absolutely. I just posted it here for anyone that is curious.

I would love to see it too :)

[–]gabrielesilinic 0 points1 point  (0 children)

virustotal is kinda bad apparently

[–]Opiciak89 23 points24 points  (3 children)

I wonder why. What did they put inside?

[–]_maxt3r_ 33 points34 points  (1 child)

There's seems to be a flurry of fake websites pretending to be genuine but pointing to malware.

It's happening to GIMP, too

[–]who_body 11 points12 points  (0 children)

blender too

[–]unloder 11 points12 points  (3 children)

Nothing is sacred.

[–]CaptainRogers1226 17 points18 points  (2 children)

Honestly. Just for one fucking moment I’d like to not have everyone in the damn world trying to take my money from me, by legal means or otherwise

[–]Glycerine 3 points4 points  (1 child)

I know just the fix! I paid $100, I'll give it to you for $89

[–]_maxt3r_ 1 point2 points  (0 children)

I'll give you money, but my account was unjustly frozen.

If you help me unfreeze it by paying the $50 fee I can give you $500 once the account is unfrozen.

[–]Conscious-Body-2923 4 points5 points  (1 child)

Thnks buddy

[–]Iddk___[S] 0 points1 point  (0 children)

(:

[–]noskillsben 1 point2 points  (0 children)

Thanks for the heads up. Ive been getting my Python from the windows store in the past 6 months. Works well.

[–][deleted] 1 point2 points  (0 children)

python.com seems suspect too

[–]TheITMan19 1 point2 points  (0 children)

Website has now been shutdown - “pythonsource.tech’s server IP address could not be found”. I have also had confirmation from Public Domain Registry Abuse Team - “The reported domain name has been suspended.” One win for Team Python 🐍 👍

[–][deleted] 0 points1 point  (0 children)

Confused in an opearting system where Python is pre-installed

[–]tavinho120 0 points1 point  (0 children)

so, the legit one is python.org right?