Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)

It looks like a bitcoin miner was included in the installer, and the admins on 1337x may or may not give a shit apparently. Scanned my pc and my wifes and found the same stuff the others mentioned.

According to the other comments, don’t feel the need to uninstall as the miner was installed separate to the game, just give a Malwarebytes scan to get rid of the junk.

    • MonkCanatella@sh.itjust.worksEnglish
      20·
      1 year ago

      Yeah the thing is it installs programs that then give themselves access. You can block install.exe all you like, they’re way more advanced than that.

      • src@lemmy.worldEnglish
        6·
        1 year ago

        If you have a firewall like Tinywall, you can set it to block all apps from accessing the Internet unless they’re explicitly allowed to. Problem solved?

    • mlg@lemmy.worldEnglish
      18·
      1 year ago

      I mean

      He said it installed separately

      So blocking the network for the game or the installer wouldn’t achieve anything lol

        • mlg@lemmy.worldEnglish
          1·
          1 year ago

          I don’t run a whole ass DPS firewall for my home network lmao.

          Firewall won’t do anything if the mining software was made decently well and just hides every connection through outgoing HTTPS.

          • AndrewZen@lemmy.dbzer0.comEnglish
            1·
            1 year ago

            Firewall won’t do anything if the mining software was made decently well and just hides every connection through outgoing HTTPS.

            explain please. How would an executable ‘hide’ from the host system?

            • mlg@lemmy.worldEnglish
              1·
              1 year ago

              I’m talking about the firewall which is network handling only.

              Most host firewalls only block incoming traffic.

              All you have to do is get all mining data by making outgoing web connections to some random proxy, which can optionally have a domain to look more legit.

              Firewall won’t care, and unless you’re pouring over the logs or looking at active connections, you won’t find it either.

              Since it’s mining software, the fastest giveaway would be high usage or running an anti-virus to find sketchy executables.

              I’m assuming OP is on windows which means the installer asked for admin perms to install to program files which is a really easy way to hide your mining executable assuming it hasn’t been fingerprinted by popular anti virus yet.

              • AndrewZen@lemmy.dbzer0.comEnglish
                2·
                1 year ago

                ah ok. I don’t install anything to a protected folder like program files and I do keep an eye on my task manager and network manager for wonky stuff.

                I can see how someone might not do that and end up with malware.