689

Someone purchased the old domain of a FOSS app, then it's using it to deceive users to download adware (feddit.it)

submitted 4 months ago by Moonrise2473@feddit.it to c/mildlyinfuriating@lemmy.world

45 comments fedilink hide all child comments

One of those two sites is distributing adware. Which of them?

File Converter (FOSS) by Adrien Allard was hosted on file-converter[.]org since a decade. Then someone a few weeks ago snatched that domain and it's now distributing adware. Almost identical design for the page, 100% designed to deceive users to download a different product, as it's called Zamzar.

all 46 comments

sorted by: hot top controversial new old

[-] slazer2au@lemmy.world 182 points 4 months ago

Report it to safe search so chrome starts blocking the page.

[-] Moonrise2473@feddit.it 138 points 4 months ago

In the github issues the dev is aware of this but he's not completely enraged, just mildly infuriated that the design is too similar and he's politely asking to have a different design.

From the history in the wayback machine i don't see any "parking" page between the switch, so my guesswork is that the dev has been approached with an offer like "we like that domain, we would like to buy it for $$$", unaware that they would copy the design like that in order to achieve maximum deception of users

[-] OsrsNeedsF2P@lemmy.ml 104 points 4 months ago

If you contact the .org registry they'll take it down. .org is for non-profits

[-] rob_t_firefly@lemmy.world 27 points 4 months ago

Is that really an enforced rule somewhere, or just one of those loose intentions from the early days of domain names?

[-] porksoda@lemmy.world 20 points 4 months ago

If it is, it's news to me. I co-owned an education data consultancy (before realizing there was no money in education) that used a .org; we were for-profit.

[-] Jimmycrackcrack@lemmy.ml 3 points 4 months ago

Sounds like you unintentionally fit the brief anyway.

[-] OsrsNeedsF2P@lemmy.ml 4 points 4 months ago

The people who maintain .org enforce it

[-] Naboo_calls_for_aid@sopuli.xyz 15 points 4 months ago

TIL

[-] trolololol@lemmy.world 4 points 4 months ago

Then they can just buy another domain under .Dev or .app

It's like playing whack a mole

[-] ozymandias117@lemmy.world 13 points 4 months ago

If it used to be a valid website, and is now a scam, that’s a mole worth whacking - even if they’ll try again with a previously unknown url

[-] jet@hackertalks.com 65 points 4 months ago

The benefit of using a package manager like Winget, brew, apt, snap, fdroid is that these attacks are less likely especially with doubly signed reproducible builds like fdroid

[-] Moonrise2473@feddit.it 43 points 4 months ago

i downloaded an old version from 2017 to see what happens when checking updates on the domain that's now distributing the scam. Luckily they're replying with a 404 and not with "install this new update, it's 100% safe"

[-] laura@lemmy.iys.io 9 points 4 months ago

you'd hope that the updater will at least check if the file is signed by the correct entity

[-] xnx@slrpnk.net 2 points 4 months ago

Couldn’t he have sold control of the repo attached to the package managers and this still would happen?

[-] mctoasterson@reddthat.com 48 points 4 months ago

Scummy practice by Zamzar. The actual FOSS app by Adrien Allard is awesome and very lightweight. https://file-converter.io is the correct FOSS version URL.

[-] possiblylinux127@lemmy.zip 40 points 4 months ago

Unfortunately this isn't uncommon. This us part of the reason I stopped using Google

[-] TheCheddarCheese@lemmy.world 24 points 4 months ago

Not to mention all the malware under the sponsored section

[-] YoorWeb@lemmy.world 5 points 4 months ago

Like Windows

[-] irotsoma@lemmy.world 30 points 4 months ago

It seems it's not so much they stole the domain, it's that they are using the same name with a different top-level domain. This is a common shady practice in malware. Most people can't afford to purchase every TLD or their domain and so just pick one or two. Problem is that search engines will find the bad TLDs and suggest them over the real TLD if the malware providers do proper SEO manipulation. A FOSS author is unlikely to be able to or afford the time and effort it takes to manipulate search results and most popular search engines are not doing much to fix the problem, and instead relying on "AI" to reduce the costs of maintaining their search results, which does a pretty bad job, IMHO.

[-] Moonrise2473@feddit.it 9 points 4 months ago

originally it was hosted in the .org domain, then somehow it changed hands and it was changed to .io

[-] irotsoma@lemmy.world 3 points 4 months ago

Ah, thanks for clarifying. I didn't see that mentioned anywhere and the git repo is showing .io

[-] trolololol@lemmy.world 5 points 4 months ago

Would fdroid be safe from this kind of practice? Of course there's no web domains involved but the exploit there is potentially the same

[-] ammonium@lemmy.world 2 points 4 months ago

Yes, Android apps are signed and Android refuses updates with a different signature.

[-] trolololol@lemmy.world 1 points 4 months ago

What I mean is fake apps with slightly different names, does fdroid have the potential to approve them? Even if it's open source, if someone intentionally adds malicious code it can take a couple months to spot, while the scan is going on.

[-] DudeDudenson@lemmings.world 29 points 4 months ago* (last edited 4 months ago)

The domain for my country is .ar and most sites that use said domain use .com.ar

Someone registered com under the .com.ar domain so if you add .com.ar to any url that ends in .com you get redirected to their adware site

[-] criticon@lemmy.ca 14 points 4 months ago

My last name ends with ar so I tried to get a .ar domain to setup a personalized email but it seems like they are reserved for government stuff, I was only allowed to get .com.ar (last time I checked this was about 4 years ago)

[-] tourist@lemmy.world 6 points 4 months ago

looked up the tld's again

your only choice is to get goofy

Could try .army, .red or .republican (who the fuck approved that lmao)

[-] TheIllustrativeMan@lemmy.world 2 points 4 months ago

Gotta get creative to get any decent addresses these days. I've been trying to establish a company name (with an available, short-ish, simple URL) and it's surprisingly difficult, even getting into weird TLDs. Really annoying, especially since a lot of them aren't actually being used.

Finally found a 9 character made-up word that I could get the .us TLD for, and I think that's about as good as it's going to get.

[-] HeartyBeast@kbin.social 11 points 4 months ago

That sounds as if the register for .ar should be out of a job

[-] psmgx@lemmy.world 20 points 4 months ago

Mildly infuriating? Sounds more like genuinely criminal

[-] Rengoku2@lemmynsfw.com 9 points 4 months ago

.io vs .org? Different website, old, legitimate domain still intact yes?

[-] Moonrise2473@feddit.it 4 points 4 months ago

legitimate domain changed from .org to .io on 1st feb according to this commit https://github.com/Tichau/FileConverter/commit/0645481801ccb8f46a8e0766e9edac9acf77f468

[-] andrew_s@piefed.social 7 points 4 months ago* (last edited 4 months ago)

There was a great windows app called 'dvdshrink' that let you rip commercial DVDs onto blank DVDs (shrinking them if necessary). It got taken down with a Cease & Desist, but the MPAA or whoever didn't worry about who took the domain. For a long time, the site was just filled with ads instead - now it's a bit more sophisticated: no real link to download the software, but lots of genuine-seeming donation requests.

The fake site is at the first search result for that software (edit: it's probably best not to link directly to it)

[-] Potatos_are_not_friends@lemmy.world 2 points 4 months ago

Makes sense.

Its literally a weekend job and a few bucks to quickly set up a fake site. Even with a single $20 donation are you already recouping your losses.

[-] entropicshart@sh.itjust.works 6 points 4 months ago

This is why I refuse to use any download buttons on websites for FOSS apps; if it’s FOSS, it has a link to the source, which has releases, and is the safest way to ensure you’re getting what you actually want.

[-] spez_@lemmy.world 5 points 4 months ago

Forked, malware added?

[-] Moonrise2473@feddit.it 4 points 4 months ago

No, I tried it in a VM and it's a completely different app. It seems like a shitty electron app that sits forever in the tray wasting ram just to upload files in their cloud for conversion instead of converting locally. And then it shows prompt to subscribe from the tray

[-] Ziglin@lemmy.world 5 points 4 months ago

I'm guessing it's the one on the left that's new.

[-] TrixxedHeart@lemmy.world 1 points 4 months ago

This is always what scares me about FOSS having their own websites like this. What happens when that domain runs out and this exact thing happens???

this post was submitted on 15 May 2024

689 points (98.7% liked)

Mildly Infuriating

35043 readers

416 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...

4. No Porn/Explicit

Content

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...

5. No Enciting Harassment,

Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

7. Content should match the theme of this community.

-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...

8. Reposting of Reddit content is permitted, try to credit the OC.

-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago

MODERATORS

LillianVS@lemmy.world

STRIKINGdebate2@lemmy.world

Tenthrow@lemmy.world