f10abe9816
Closes WEB-15
34 lines
2.0 KiB
Markdown
34 lines
2.0 KiB
Markdown
---
|
|
title: We Removed FileCR as we Found Malware
|
|
description: Update on FileCR
|
|
date: 2023-08-14
|
|
next: false
|
|
aside: left
|
|
prev: false
|
|
sidebar: false
|
|
footer: true
|
|
---
|
|
<Post authors="['nbats']" />
|
|
|
|
# FileCR Malware
|
|
|
|
Note: The malware is not exclusive to FileCR and we don't have proof FileCR is intentionally hosting it, but they haven't removed it. Possible sources of the malware include some uploaders on sanet, but it seems to be coming from multiple sources.
|
|
|
|
Since the malware has been found coming from multiple sources, info about the malware itself has moved to [here](https://rentry.co/big_load_malware). Check there for technical info or to check if you've been infected.
|
|
|
|
So far, malware has been found in the following cracks, but it is likely it is undiscovered in many more downloads because of how large their catalog is.
|
|
* https://filecr.com/windows/kms-matrix/
|
|
* https://filecr.com/windows/windows-activator-by-goddy/
|
|
* https://filecr.com/windows/stardock-start11
|
|
* https://filecr.com/windows/malwarebytes-premium
|
|
* https://filecr.com/windows/navicat-premium (Navicat Premium 16.2.3)
|
|
* https://filecr.com/windows/outbyte-driver-updater
|
|
* https://filecr.com/windows/jetbrains-pycharm (Premium release, you need https://greasyfork.org/en/scripts/403170-bypass-filecrypt to access)
|
|
* https://filecr.com/windows/avast-premier-antivirus
|
|
|
|
So far FileCR has not responded at all, which is unusual as they are usually very active and have removed malware in the past as quickly as 6 hours. Because the malware is included in multiple unrelated cracks and because they have not responded at all to reports, they are likely to be in some way involved in spreading or creating the malware. Also, some of the malware had descriptions written just for FileCR, which is unusual, and the description for KMS matrix contains lies about the activation given by the software.
|
|
|
|
## [Samples](https://rentry.co/big_load_malware#samples)
|
|
|
|
## [Am I infected?](https://rentry.co/big_load_malware#am-i-infected)
|