FMHYedit/posts/filecr-malware.md

49 lines
2.0 KiB
Markdown

---
title: We Removed FileCR as we Found Malware
description: Update on FileCR
date: 2023-08-14
next: false
aside: left
prev: false
sidebar: false
footer: true
---
<Post authors="['nbats']"></Post>
# FileCR Malware
Note: The malware is not exclusive to FileCR, and we don't have proof FileCR is
intentionally hosting it, but they haven't removed it. Possible sources of the
malware include some uploaders on sanet, but it seems to be coming from multiple
sources.
Since the malware has been found coming from multiple sources, info about the
malware itself has moved to [here](https://rentry.co/big_load_malware). Check
there for technical info or to check if you've been infected.
So far, malware has been found in the following cracks, but it is likely it is
undiscovered in many more downloads because of how large their catalog is.
- https://filecr.com/windows/kms-matrix
- https://filecr.com/windows/windows-activator-by-goddy
- https://filecr.com/windows/stardock-start11
- https://filecr.com/windows/malwarebytes-premium
- https://filecr.com/windows/navicat-premium (Navicat Premium 16.2.3)
- https://filecr.com/windows/outbyte-driver-updater
- https://filecr.com/windows/jetbrains-pycharm (Premium release, you need
https://greasyfork.org/scripts/403170-bypass-filecrypt to access)
- https://filecr.com/windows/avast-premier-antivirus
So far, FileCR has not responded at all, which is unusual as they're usually
very active and have removed malware in the past as quickly as 6 hours. Because
the malware is included in multiple unrelated cracks and because they haven't
responded at all to reports, they're likely to be in some way involved in
spreading or creating the malware. Also, some malware had descriptions
written just for FileCR, which is unusual, and the description for KMS matrix
contains lies about the activation given by the software.
## [Samples](https://rentry.co/big_load_malware#samples)
## [Am I infected?](https://rentry.co/big_load_malware#am-i-infected)