Electrum has a backdoor in it I dont care what any of you idiots say.

stomachgrowls

hero member

Activity: 3010

Merit: 794

Quote from: NeuroticFish on May 29, 2019, 10:59:12 AM

Quote from: https://github.com/spesmilo/electrum/issues/3198#issuecomment-458949319

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.

Love that option 3 which would suit out for OP. Grin

Quote from: DireWolfM14 on May 30, 2019, 11:40:01 AM

Quote from: ThomasDavis2018 on May 29, 2019, 11:47:37 AM

Ok I'm uploading proof shortly.

24 hours later, and still nothing? What is your definition of "Shortly?"

This whole thread is a joke. Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.

Im little bit triggered on the topic title but it seems OP doesnt have the plan to make argumentation on this thread.

He do tries to prove something but eventually failed. Sad

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

It looks like he scanned a fake one and he scanned a standalone Executable which is electrum-3.3.6.exe

I already scan the standalone executable file and other installers the result is different from the original one.

Here's the result for standalone https://www.virustotal.com/gui/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection
For installer https://www.virustotal.com/gui/file/7bc45c53a0179f5889dd68c7f023c6b27e050bf73c84bcd854a6ffe3a83bdf1d/detection
For portable https://www.virustotal.com/gui/file/f46d34e29d148c1257183f12e1a1beee2ea31677c280e006f46d57261514d13e/detection

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Quote from: ThomasDavis2018 on May 29, 2019, 11:47:37 AM

Ok I'm uploading proof shortly.

24 hours later, and still nothing? What is your definition of "Shortly?"

This whole thread is a joke. Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: ThomasDavis2018 on May 29, 2019, 09:34:14 AM

The author himself or one of the contributors is infecting the shit out of people.

[...]

This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

If you don't know how AV engines work, please stay away from posting this nonsense.
Noone needs your brainless contribution here.

All of these AV's which flagged electrum work with heuristics, NOT runtime analysis. They are false positives.
If you don't understand that, its fine. But stop spreading your bullshit.

It is easy as hell to create malware which is NOT detected by AV's.
So.. please explain.. why should ThomasV (who is a very good developer) be stupid enough to get a potential malware flagged as malware ? Huh

This doesn't make any sense.
It takes less than 5 minutes to get malware obfuscated enough so that it won't be detected as malware anymore.

Quote from: ThomasDavis2018 on May 29, 2019, 11:47:37 AM

Quote from: TryNinja on May 29, 2019, 11:29:03 AM

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.

I think you misunderstood something.. Noone wants you to upload something.
Just tell us where in the source code the backdoor is.

Source code: https://github.com/spesmilo/electrum

We are waiting.

ThomasDavis2018

copper member

Activity: 21

Merit: 0

Non Serviam

Quote from: TryNinja on May 29, 2019, 11:29:03 AM

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.

TryNinja

legendary

Activity: 2758

Merit: 6830

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

BrewMaster

legendary

Activity: 2114

Merit: 1293

There is trouble abrewing

Quote from: ThomasDavis2018 on May 29, 2019, 09:34:14 AM

The author himself or one of the contributors is infecting the shit out of people.
https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection

you can't accuse people when you don't provide any proof.
this file you posted here is 5.23 MB while the Electrum installer for windows (.exe) is 35.28 MB. so obviously you have something else that only has the same name! the runner alone is also 6.01 MB!

Quote

This copy of electrum has been on my desktop for 1 week now,
This is the copy I just downloaded.
https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

how is it that you easily trust a closed source website with a bunch of closed source antiviruses that you don't even know what they do and you can't trust something that is open source?

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

We are talking about the proper Electrum here. And yes, it is flagged, in every version, by more or less antiviruses.
An antivirus is usually looking in the file for certain sequences of bytes (virus signatures). It's a method that can easily produce false positives.
Also, yeah, it's known that the Pyhon packer also produces false positives.
The binaries are not built by the one that writes the code, exactly for double checking and to avoid surprises.
Also, OP, don't rule out that maybe something else you have installed could have already damaged something.

The following words tell it all:

Quote from: https://github.com/spesmilo/electrum/issues/3198#issuecomment-458949319

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Someone has been spreading malware versions of Electrum for months now. Just this past Monday there was a newbie who posted a "plea for help" with a link to fake version of 3.3.6. These are common phishing attempts.

The real version of Electrum gets flagged by some antivirus suites as a false positive. This issue has been known and recognized for many years.

The only way to insure that you have the real version of the wallet software is download from (and only from) the official website, electrum.org, and check the PGP signature.

Don't be an idiot yourself and rely on what others say. Be diligent and you'll be safe.

ThomasDavis2018

copper member

Activity: 21

Merit: 0

Non Serviam

The author himself or one of the contributors is infecting the shit out of people.

https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection

This copy of electrum has been on my desktop for 1 week now,

This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

Topic: Electrum has a backdoor in it I dont care what any of you idiots say. (Read 260 times)