[Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Having trouble installing or compiling FreeCAD? Get help here.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
User avatar
adrianinsaval
Veteran
Posts: 5541
Joined: Thu Apr 05, 2018 5:15 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by adrianinsaval »

uwestoehr wrote: Tue Jan 17, 2023 1:04 am Having the installer also directly at freecad.org could help here. However, this will create many GB of traffic and thus costs for FreeCAD.
With this background, I don't see the benefit.
I'm not saying to self host the installer, I know this can have a high cost, I mean putting the sha256 checksum of our release assets so that one can confirm to have downloaded the intended file, this is pretty standard practice on many download sites. And yes, the checksum is available at github, but here the user was afraid of the github page being compromised so that is not a reassurance, if the hash is hosted in an independent site this makes it a lot more reliable.
User avatar
onekk
Veteran
Posts: 6144
Joined: Sat Jan 17, 2015 7:48 am
Contact:

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by onekk »

adrianinsaval wrote: Tue Jan 17, 2023 5:22 pm ...
I'm not saying to self host the installer, I know this can have a high cost, I mean putting the sha256 checksum of our release assets
...
if the hash is hosted in an independent site this makes it a lot more reliable.
I could confirm that is usually a thing done by most developers to host the sha256 checksum on some other place other than github or other "file servers", it is common as example with Linux distribution where the sha256 is hosted on the official page but you usually download the iso image (the USB image) form some other host.

Regards

Carlo D.
GitHub page: https://github.com/onekk/freecad-doc.
- In deep articles on FreeCAD.
- Learning how to model with scripting.
- Various other stuffs.

Blog: https://okkmkblog.wordpress.com/
wrastle123
Posts: 2
Joined: Sat Feb 03, 2024 2:27 pm

Re: [Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by wrastle123 »

I just wanted to come here and let everyone know that there likely is a legit malware package masquerading as FreeCAD, and I fell for it. I believe the package was being distributed through an "Ad" on Google for FreeCAD and not through the legitimate FreeCAD package.

First, I've been a computer engineer for 45 years, so I'm a little surprised and disappointed I fell for it.

I had FreeCAD installed on my system, so I was familiar with the download process and what the website looks like - but I went to go re-download the app - you know how it goes, just putting in "FreeCAD" into Google and being quick and sloppy - but instead of clicking on the official site, I ended up clicking on an ad that looked just like the FreeCAD site, icons, layout and all. I did notice that when I went to download the install package, it didn't present me with the OS selection screen, it just assumed that I wanted Windows. Red flag #1, but I was in a hurry and just wanted to install the software, so I shrugged it off. I double-clicked on the downloaded installer, got a weird error message right away, and then saw a ton of command windows opening up. I knew immediately "that's not good" and went and powered off my computer, but it was too late. The malware managed to grab access to all of my passwords and accessed an eBay account and my PayPal account and bought some electronics with it the same day I had fallen for the trap. The first one was an iPhone and the other two were an iPad and a PS5. Had them shipped to a shady looking warehouse in Delaware. I managed to stop the second two because they were still in shipping transit, but the iPhone had already been delivered.

They were deliberate enough to go in and hide the transactions on eBay and PayPal once they were complete.

I'm dealing with the nightmarish aftermath, and lesson learned for not having 2FA on the eBay account. Regardless, beware... someone's definitely capitalizing on the process.

EDIT: The malware was downloaded from the domain parsecworks dot net. The executable was digitally signed with something other than the correct one, DM me and I'll send you the details so that I'm not sharing it in public. The digital cert for the malware was created on January 19th, and this all happened to me on the 29th, so its relatively recent.
Last edited by wrastle123 on Sat Feb 03, 2024 4:31 pm, edited 3 times in total.
chrisb
Veteran
Posts: 53919
Joined: Tue Mar 17, 2015 9:14 am

Re: [Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by chrisb »

Hi and welcome to the forum, and sorry for the enourmous hassle!

I tried to go the same path as you and only got the official site. Would you mind trying again (without downloading anythiung, of course?

@yorik, can we ask google to not accept such payed ads?
A Sketcher Lecture with in-depth information is available in English, auf Deutsch, en français, en español.
wrastle123
Posts: 2
Joined: Sat Feb 03, 2024 2:27 pm

Re: [Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by wrastle123 »

I looked yesterday and the ad had been removed, I'm sure they knew it would be a short-lived endeavor and have moved on to something else.
Post Reply