Comments (6)
ArjixWasTaken
commented on May 28, 2024
what? (excuse my baffled response)
I am one of the contributors and I can assure you there is no malware in our code.
But I am going to give you the benefit of the doubt, since it is possible that an npm dependency is infected, or that the automated pipeline for the releases is infected (?).
But, even with those possibilities in mind, correlation does not imply causation, so w/o further information I can't do much.
How are you 100% sure that th-ch/youtube-music is responsible for the chrome extension being installed?
And did you test this in a sandboxed environment to reach such a conclusion?
from youtube-music.
ArjixWasTaken
commented on May 28, 2024
And also, where did you download th-ch/youtube-music from?
It is quite usual for people to create fake websites that claim to be the official website of the project, and provide a virus instead.
The only official website for this project is https://th-ch.github.io/youtube-music, any other site that claims to be official is lying to you.
from youtube-music.
ArjixWasTaken
commented on May 28, 2024
PS: If you don't mind, can you share the exe you used to install th-ch/youtube-music?
I'd like to give it a look myself
from youtube-music.
ArjixWasTaken
commented on May 28, 2024
PS2:
It is highly likely that you are talking about a similar project Youtube Music Desktop which was taken down from github because one of the maintainers got their account compromised.
Here is a statement from one of their maintainers, Alipoodle.
And here was their repository before it got deleted.
Chances are, you downloaded the infected release from that project.
from youtube-music.
ArjixWasTaken
commented on May 28, 2024
Are you aware if that infected release forcibly installed a chrome extension to steal user data?
Although, that doesn't really sound like a great move, since one can steal data w/o a chrome extension...so I am having my doubts
Also, I see you still haven't got the org and repos back 😔
from youtube-music.
Alipoodle
commented on May 28, 2024
Regarding the issue for YTM Desktop (ytmdesktop/ytmdesktop and not this project)
We can't sadly provide much information regarding the actual executable which was given as a replacement during the 7 possible hours of it being live... 😅
The information regarding it, and the 3 accounts we found associated with it all (Adler, and 2x accounts used for hosting said viruses) were all taken down prior to any of us having noticed. The project was as well taken down in this sweep.
We have obviously only just recently provided new versions of our one on a Fork, and until now we've specifically said we aren't providing a download except from KNOWN sources (GitHub from the org) and have been VERY clear with the Fork one about GPG signing and the GH Actions making the release.
from youtube-music.
Related Issues (20)
- [Bug]: Crossfade mutes song after 3 songs HOT 1
- [Feature Request]: Notification if adding to a playlist that exceeds the Youtube set maximum limit (5000)
- [Bug]: sponsors not being blocked HOT 7
- [Feature Request] Elgato Streamdeck Control HOT 4
- [Feature Request]: Twitch functionalities HOT 1
- [Feature Request]: if possibile, down app volume
- [Bug]: Playback speed slider is not visible HOT 1
- [Feature Request]: Lyrics V2 Plugin HOT 2
- Suggesting An End User Persona HOT 6
- [Bug]: App starts to lag when I select a playlist with alot of songs HOT 4
- [Bug]: Fullscreen cuts off large amount of video with a black bar ontop HOT 2
- [Feature Request]: Disable search suggestions HOT 1
- [Bug]: when in full screen there is a big gap in the top pushing part of the video to be cropped by the screen HOT 1
- [Feature Request]: Video delay for bluetooth audio
- [Feature Request]: Download Real Support
- [Feature Request]: plugin to always play songs from the start
- [Feature Request]: don't make ~/.config/YouTube\ Music/config.json world writable HOT 1
- [Bug]: A JavaScript error occured in the main process HOT 1
- [Bug]: Cache is stored in the `.config` folder HOT 2
- [Bug]: Shows Constantly Cannot load YT Music ... Internet disconnected HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from youtube-music.