BlockTheSpot compromised or false positive? (github.com)

submitted 2 weeks ago by DoctorButts@kbin.melroy.org to c/piracy@lemmy.dbzer0.com

13 comments fedilink hide all child comments

Seems strange that the dev seems to be keeping quiet on this, no? I'm not telling you to read every comment of every post, you can just skim the post titles. Then you'll see multiple open issues and a few closed issues too going back 5 days to the latest BtS update.

Though I haven't followed this project long enough to tell if this is just the way they normally behave.

Edit:

I'm back at my computer, so it's easier to edit and add info now.

Some key points that have stuck out to me:

Previous version released in July only triggers 2 detections on Windows defender versus 29 for the most recent version: https://i.imgur.com/GIoH7eG.png
Users getting constantly pestered to update to the latest version: https://i.imgur.com/Oege3kU.png
Yeah, naturally, the dev is going to say it's a false positive. Obviously. I've only mentioned that the dev has previously responded because some people barely skimmed through the issues and thought the dev simply hadn't seen the latest open issue from only a few hours ago, when that is not the case.

you are viewing a single comment's thread
view the rest of the comments

[-] ReversalHatchery@beehaw.org 18 points 2 weeks ago

Seems strange that the dev seems to be keeping quiet on this, no?

the issue was just posted 7 hours ago. maybe they just haven't seen it yet.

someone in issue #573 asked if the dpapi file is really needed, and by looking at the manual installation instructions, yes, because that contains all the code.

the developer loads custom code into the spotify process by using such an "override" dll file. it works because spotify is voluntarily loading a dll with this name, and if there's such a file in the directory besides the .exe file, it'll take precedence over the original file installed in the system.
the trojan warning is probably triggered because this technique is often used by malware to change the behaviour of your programs, but as with most technologies, it has good uses too

[-] DoctorButts@kbin.melroy.org 0 points 2 weeks ago

the issue was just posted 7 hours ago. maybe they just haven't seen it yet.

There are multiple posts going back 5 days of people asking about it. Check closed issues too, the dev even responded to some of them by saying it's only a false positive.

[+] lol@discuss.tchncs.de 19 points 2 weeks ago* (last edited 2 weeks ago)

[deleted]

[-] N0x0n@lemmy.ml 0 points 2 weeks ago* (last edited 2 weeks ago)

Not the whole code but only the part that triggers those flags. Not everyone is versed in C to "verify the code" himself... That's a stupid take, It's like saying to a toddler to change his diapers on his own when it's dirty.

Strangely enough It went from 1 trigger to 29 triggers after 1 update? Seems rather sketchy :/ In the past (pirated games/software) I would have ignored those warnings and add an exception into my firewall... But nowadays with all the crypto schemes and obfuscated code, I won't go near anything like that.

[-] DoctorButts@kbin.melroy.org -2 points 2 weeks ago

What else are you expecting them to do then if they already answered? Write an essay on DLL injection and walk everyone through the code line by line to convince them it's not malicious?

I said that to indicate that the dev had already responded to the posts, and they were not in a different time zone or on vacation, as you suggested in another comment.