Guild icon
S3Drive
Community / support / Virus/troyano
Avatar
Alberto 4/5/2024 1:03 PM
I installed yesterday the program and my antivirus detect it at a virus, but i ignore him. Today at the morning a had see that my gmail account wihich i used to login in the app had been hacked. I don't know it was the app but i didn't install another apps in my phone and PC So been careful
Avatar
Avatar
Alberto
I installed yesterday the program and my antivirus detect it at a virus, but i ignore him. Today at the morning a had see that my gmail account wihich i used to login in the app had been hacked. I don't know it was the app but i didn't install another apps in my phone and PC So been careful
Tom 4/5/2024 1:53 PM
Hi @Alberto, I am sorry to hear that. Can you please share a report from your antivirus? What antivirus software is that?
I don't know it was the app but i didn't install another apps in my phone and PC
Are you saying that S3Drive was the only app installed on your mobile and PC? How about any other software? It's hard for me to believe that S3Drive was the only software that you've had installed on your devices. You've said:
my gmail account wihich i used to login in the app had been hacked
However, since we don't offer Gmail login and it seems to me that you've reused your Gmail credentials (including password) with S3Drive. That would be fine with us, but in general that's a bad security practice. I can only assume that you've did the same - that is reused your password on other websites, which is likely the cause of your security incident. Even if S3Drive was really flagged by your anti-virus it's a false positive and unrelated to your Gmail account being compromised. I can recommend changing your Gmail password and setting up proper 2FA on your account using clean device and then scanning your affected devices for viruses or even reinstalling the operating system to be on the safe side. On top of the .exe release, we also have official Microsoft Store release: https://apps.microsoft.com/store/detail/s3drive-cloud-storage/9NX2DN9Q37NS which is unlikely to be flagged by your antivirus if that's causing any concern. Tom from S3Drive (edited)
Avatar
Alberto 4/5/2024 5:14 PM
Hi @Tom Yea I only installed S3Drive yesterday in both devices. At first I don't know at 100% if the cause was that app but i know that i only installed that the last 7 days in my devices, so is strange. I created a new account using my email and other new password than i created witch a random generator. In my pc i have installed Panda Dome with a license and when I intalled the app from de oficial web he advice me that some files were not to be trusted... The attack than I have suffred was a XSS, the hacker take a token and was able to enter through the back door.
5:15 PM
I have 2FA authentication with Phone, NumerPhone, Google Authenticator, other email and backups codes
5:15 PM
But I didn't received nothing because they suplanted my session I don't know how
5:17 PM
Maybe was caused by other software that I installed other week but just after downloading this app, the next day I suffer from it.
5:17 PM
Attached is a screenshot of my antivirus after performing an in-depth scan and finding three viruses.
5:18 PM
I am a "friki" of the security, I like it and I try to be as the safe I can. That is from my PC, in my phone I uninstall the app and released a scan but didn't find anything
5:20 PM
Image attachment
5:26 PM
BTW i could recover my account fast becasue as I said a have other 2FA methods... I don't know if was S3Drive app or maybe other app than i installed a few weeks ago, it was sleeping and they decide to attack me now, but at i said before it was strange (edited)
Avatar
Avatar
Alberto
Click to see attachment 🖼️
Tom 4/5/2024 5:38 PM
It seems that libgcrypt-20.dll file contained some Trojan horse, but that's not the file we supply with the app. Here is the list of DLL we supply (part 1/2): app_links_plugin.dll battery_plus_plugin.dll concrt140.dll connectivity_plus_plugin.dll d3dcompiler_47.dll desktop_drop_plugin.dll file_selector_windows_plugin.dll flutter_secure_storage_windows_plugin.dll flutter_windows.dll image_compression_flutter_plugin.dll isar.dll isar_flutter_libs_plugin.dll just_audio_windows_plugin.dll libc++.dll libEGL.dll libGLESv2.dll libmpv-2.dll librclone.dll libsodium.dll media_kit_libs_windows_video_plugin.dll media_kit_native_event_loop.dll media_kit_video_plugin.dll msvcp140.dll msvcp140_1.dll msvcp140_2.dll msvcp140_atomic_wait.dll msvcp140_codecvt_ids.dll pdfium.dll pdfx_plugin.dll permission_handler_windows_plugin.dll screen_brightness_windows_plugin.dll sentry_flutter_plugin.dll share_plus_plugin.dll sodium_libs_plugin.dll sqlite3.dll sqlite3_flutter_libs_plugin.dll system_tray_plugin.dll ucrtbase.dll ucrtbased.dll uri_content_plugin.dll url_launcher_windows_plugin.dll vccorlib140.dll vccorlib140d.dll vcruntime140.dll vcruntime140d.dll vcruntime140_1.dll vcruntime140_1d.dll vk_swiftshader.dll vulkan-1.dll webcrypto.dll webcrypto_plugin.dll zlib.dll
5:38 PM
Part 2/2 api-ms-win-core-console-l1-1-0.dll api-ms-win-core-console-l1-2-0.dll api-ms-win-core-datetime-l1-1-0.dll api-ms-win-core-debug-l1-1-0.dll api-ms-win-core-errorhandling-l1-1-0.dll api-ms-win-core-fibers-l1-1-0.dll api-ms-win-core-file-l1-1-0.dll api-ms-win-core-file-l1-2-0.dll api-ms-win-core-file-l2-1-0.dll api-ms-win-core-handle-l1-1-0.dll api-ms-win-core-heap-l1-1-0.dll api-ms-win-core-interlocked-l1-1-0.dll api-ms-win-core-libraryloader-l1-1-0.dll api-ms-win-core-localization-l1-2-0.dll api-ms-win-core-memory-l1-1-0.dll api-ms-win-core-namedpipe-l1-1-0.dll api-ms-win-core-processenvironment-l1-1-0.dll api-ms-win-core-processthreads-l1-1-0.dll api-ms-win-core-processthreads-l1-1-1.dll api-ms-win-core-profile-l1-1-0.dll api-ms-win-core-rtlsupport-l1-1-0.dll api-ms-win-core-string-l1-1-0.dll api-ms-win-core-synch-l1-1-0.dll api-ms-win-core-synch-l1-2-0.dll api-ms-win-core-sysinfo-l1-1-0.dll api-ms-win-core-timezone-l1-1-0.dll api-ms-win-core-util-l1-1-0.dll api-ms-win-crt-conio-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-multibyte-l1-1-0.dll api-ms-win-crt-private-l1-1-0.dll api-ms-win-crt-process-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-time-l1-1-0.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-downlevel-kernel32-l2-1-0.dll api-ms-win-eventing-provider-l1-1-0.dll Encryption related webcrypto.dll webcrypto_plugin.dll libsodium.dll
Avatar
Avatar
Alberto
But I didn't received nothing because they suplanted my session I don't know how
Tom 4/5/2024 5:41 PM
I am not an expert here, but if you have a trojan horse, then it can read files on disk, including browser DB with sessions, cookies, tokens etc.
Avatar
Alberto 4/5/2024 5:46 PM
Yes, he can fuck my ass literal
Exported 14 message(s)
Timezone: UTC+0