[PSA] KRELAY SELF UPDATER FIXED!

[[MPGH]Ahl]

Greetings MPGH Users,

Approximately 14 hours ago the attachment from the thread KRELAY SELF UPDATER FIXED! was approved and we've discovered it contained a .sol stealer within /Data/Updater.exe


The following people have downloaded the program:

@ @Ponyash
@ @savel21
@ @proplayers1
@ @tidalwaves2345
@ @kaasca
@ @KyleHacksxd
@ @Ellebora
@ @Bleyatero
@ @Danypoop
@ @-eXtremeX-
@ @miho1
@ @Freddebola
@ @omarsweiss0111
@ @SammytheBEAST
@ @ILikeToHackjOnROTMG
@ @olssonftw
@ @mralex87
@ @kaisad
@ @poc123


If you're one of the people who downloaded this program, please delete it immediately and secure your account. If you have emails or other accounts that have shared the same password as your RotMG account, please change them immediately.

From what we've found, the information stolen are from rotmg.sol stored in both your Macromedia and Chrome folder directories, account.js stored within your computer account.

If you have any other questions, please post them below.

We're sorry we let through this file and see to regain your trust within this section and on this site.

- MPGH Staff

[KyleHacksxd]

Great... XD

- - - Updated - - -

So what's the best way to make sure everything is gone from my pc?

[MikeRaarupBirk]

This is the second .sol stealer thats been approved within a month i believe, do you guys even check the files anymore?

[[MPGH]Ahl]

Great... XD

- - - Updated - - -

So what's the best way to make sure everything is gone from my pc?

When I went through the files, it seems like it only uploads your information to this person.

The best thing you could do is removing the files from your computer.

This is the second .sol stealer thats been approved within a month i believe, do you guys even check the files anymore?

We do check files thoroughly. Seems like both of these .sol stealers were overlooked as I found the .sol stealer code pretty quickly in both cases.

Safest thing to do with downloading in this section is to download from someone who has been contributing safe clients for a long time now rather than downloading from people who don't have many posts or contributions. The thread shouldn't have been approved since the user didn't meet the 125 post requirement.

[AllYourX]

we've discovered it contained a .sol stealer within /Data/Updater.exe

Is this a "Columbus discovering America" type deal going on here? My guess is that 059 or another n̶o̶n̶-̶s̶t̶a̶f̶f̶ experienced forum member did a cursory inspection, noticed the malicious code, quelled their surprise with practiced skill, and brought their findings to your attention.

 

I love MPGH as a community. It's a great idea and is generally well moderated. The file checking though, at least on the RotMG forum, is subpar. It's honestly bad enough that it is causing harm by giving the average user the illusion of security. At this point it seems like MPGH is only useful as a resource for long time users who have learned not to trust the approved files and want to learn how to check and or make tools themselves.

For the uninitiated user, MPGH is a reverse lottery. It is mostly filled with amazing, generously shared gems like K-Relay, 059 client, and KBK's famebot and NRelay, but if you happen to be one of the monthly winners, you wake up, not to untold riches, but instead rather harshly, to your RotMG accounts trashed and subsequently the dangers of hacking.

People like to give MPGH hard time (see above, very satisfying), but nobody can realistically expect them to do a perfect job. My biggest gripe is with MPGH's response to malware getting past their checks. Since the CrazyClient account stealer, submission rules have become noticeably more restrictive. There are members who graciously want to contribute but can't, and yet somehow it seems like the number of malicious programs that have escaped detection has only increased. Maybe it's a terrible idea, but I think MPGH would be better served opening submission rights to more people, and in exchange, more loudly and explicitly outlining the inherent risks of executing third party programs to prospective downloaders.

[[MPGH]T-800]

Yea that was my bad, i completely missed a file. Not like i didn't analyzed but i missed a file to check that i saw just after it got reported.

I'm very sorry guys .

[[MPGH]Ahl]

Is this a "Columbus discovering America" type deal going on here? My guess is that 059 or another n̶o̶n̶-̶s̶t̶a̶f̶f̶ experienced forum member did a cursory inspection, noticed the malicious code, quelled their surprise with practiced skill, and brought their findings to your attention.

 

I love MPGH as a community. It's a great idea and is generally well moderated. The file checking though, at least on the RotMG forum, is subpar. It's honestly bad enough that it is causing harm by giving the average user the illusion of security. At this point it seems like MPGH is only useful as a resource for long time users who have learned not to trust the approved files and want to learn how to check and or make tools themselves.

For the uninitiated user, MPGH is a reverse lottery. It is mostly filled with amazing, generously shared gems like K-Relay, 059 client, and KBK's famebot and NRelay, but if you happen to be one of the monthly winners, you wake up, not to untold riches, but instead rather harshly, to your RotMG accounts trashed and subsequently the dangers of hacking.

People like to give MPGH hard time (see above, very satisfying), but nobody can realistically expect them to do a perfect job. My biggest gripe is with MPGH's response to malware getting past their checks. Since the CrazyClient account stealer, submission rules have become noticeably more restrictive. There are members who graciously want to contribute but can't, and yet somehow it seems like the number of malicious programs that have escaped detection has only increased. Maybe it's a terrible idea, but I think MPGH would be better served opening submission rights to more people, and in exchange, more loudly and explicitly outlining the inherent risks of executing third party programs to prospective downloaders.

I did checks myself after 2 people reported they had their accounts hacked within that thread.

[Ponyash]

Good thing i saw the stealer report once downloaded.
Didn't even open it tho.

[tidalwaves2345]

Thanks, should I be concern if I haven't extracted it yet?

[[MPGH]T-800]

Thanks, should I be concern if I haven't extracted it yet?

No, but make sure you delete it so nothing bad happens.

[Akira Mado]

There already is a self updating K-Relay. Why was another one approved? I thought posting duplicate hacks is not allowed?

[SammytheBEAST]

There already is a self updating K-Relay. Why was another one approved? I thought posting duplicate hacks is not allowed?

The one posted doesn't work for a lot of people for some reason (myself included), I've tried a lot of things to fix it but nothing has worked so far.

Sad my account got hacked but he only deleted my characters and took my tradeable items so as long as Deca can undelete my characters I can recover. Hopefully, this makes mods more careful when searching files, I love this community but if it happens a third time I don't think I can stay much longer.

[Royce]

This is the second .sol stealer thats been approved within a month i believe, do you guys even check the files anymore?

I'm sorry for my absence. I'll make sure all files are okay before being approved.

[Plus22]

I've been on this section for years and sincerely it has never been this bad, ever. How many .sol stealers were approved within a year until now, like 4 or 5? Or more? That's insane.

[SammytheBEAST]

Well my account was hacked again after I changed my password and deleted the bad KRelay, any chance this downloaded something to my computer to gain persistance? Also on my realmeye it had the message "Bert was here."