search

dortania / OpenCore-Legacy-Patcher

Experience macOS just like before
https://dortania.github.io/OpenCore-Legacy-Patcher/
Other
11.78k stars 1.12k forks source link

Malicious Site Representing OpenCore Legacy Patcher #1120

Closed khronokernel closed 7 months ago

khronokernel commented 7 months ago

It has come to our attention that a malicious site is attempting to impersonate OpenCore Legacy Patcher, and potentially harm users. As this site is becoming more aggressive in their attempts to spread their content, we unfortunately need to write this post warning users of this.

Before we begin, the only official links for OpenCore Legacy Patcher are:

We host no other websites, and no other distributions of OpenCore Legacy Patcher outside the ones listed on GitHub. If you do find rehosted copies of OpenCore Legacy Patcher, immediately report them to prevent potential harm.

Additionally neither Dortania nor OpenCore Legacy Patcher will email or contact anyone directly. Only developers such as DhinakG or myself, Mykola Grymalyuk (khronokernel), will ever email. Anyone else representing the organization, project or the team as a whole is malicious.

Malicious Site: opencorelegacypatcher.com

On November 21st, 2023, we were notified of a malicious site attempting to represent itself as OpenCore Legacy Patcher's official website:

Site-Blog

We originally believed it to be mostly harmless outside of a MEGA download that simply rehosted OpenCore Legacy Patcher:

However less than 2 weeks later, we were notified that this domain was attempting to act as OpenCore Legacy Patcher and coarse others into editing contents on other websites. The 2 we've caught in public:

We believe even more sites have been contacted, as the administrator of MacMeUp has notified us of a suspicious email they received.

If you wish to help us, please report this domain to the following:

At this time, we've been unable to remove the site. NameCheap has been known to ignore support requests. If you known someone who can help the process, we'd greatly appreciate the support.

Registar Information

Name        NAMECHEAP INC
Whois       Serverwhois.namecheap.com
Expires     2024-10-22
Registered  2023-10-22

Associated Websites and Accounts

We were able to track down a number of accounts for this user:

After tracking the Youtube channel down, we believe we found the original account who controls the domain:

Impersonation: Email

Email received by MacMeUp, towards their admin email address:

Subject: 

  Request to Add a Backlink to OpenCore Legacy Patcher's Listing on MacMeUp

Body:

  Dear MacMeUp Team,

  I hope this message finds you well. I am writing on behalf of the OpenCore Legacy Patcher team, regarding our software that is featured on your esteemed platform, MacMeUp. We appreciate your support in showcasing our tool and would like to discuss a potential enhancement to our listing on your site.

  Our official website, https://opencorelegacypatcher.com/, is the central hub for all updates, comprehensive information, and support related to OpenCore Legacy Patcher. We've noticed that our software's presence on MacMeUp does not currently include a direct link to our website. Establishing a backlink to our site would offer significant benefits, providing MacMeUp users with immediate access to the most current and detailed information about our software, thereby enhancing their user experience and engagement.

  We kindly request the inclusion of a link to our official website on the page where OpenCore Legacy Patcher is featured on MacMeUp. This addition would not only help keep your audience informed with the latest information but also assist us in reaching a wider user base who could benefit from our software.

  Here is the URL for the proposed backlink: https://opencorelegacypatcher.com/

  We greatly value the exposure and platform that MacMeUp has provided for OpenCore Legacy Patcher. We believe that this small yet impactful addition could further enhance your content and our mutual goals. Thank you for considering our request. We understand and respect any editorial policies you may have regarding this matter.

  Looking forward to the possibility of further collaboration with MacMeUp.

  Best regards,

  OpenCore Legacy Patcher Team
  admin@opencorelegacypatcher.com

  https://opencorelegacypatcher.com/

Impersonation: Youtube

Impersonation: Twitter

Impersonation: MacUpdate

admin-Opencore Legacy Patcher - Replied to Ean - Nov 30 2023

Hello, Thank you for bringing your concerns to our attention. We take the security and safety of our users very seriously. We want to clarify a few points to assure you of the integrity of our website OpenCoreLegacyPatcher.com: We have conducted thorough checks and can confirm that our website, https://www.opencorelegacypatcher.com/, is free from any malware. The security of our website is continually monitored, and we take immediate action if any issues are detected. ✅✅✅✅

Impersonation: MajorGeeks

OpenCore Legacy Patcher - 12 days ago

here you can visit our website OpenCore Legacy Patcher (link: https://disq.us/url?url=https%3A%2F%2Fopencorelegacypatcher.com%2F%3AIx1A7TKWpigXpTFL3D3w5edwCds&cuid=2068243)

Additional Resources

Final word to the malicious site author

Know that your work is what kills projects like OpenCore Legacy Patcher all the time online. We just turned 3 years old, and have now lived through Big Sur, Monterey, Ventura and Sonoma. However if we keep having to fight these horrid sites every day, we may not make it to 4 years old. We want to do what we love, keep old Macs running, but fighting this is not something we can keep doing.

khronokernel commented 7 months ago

Many thanks to NameCheap's Twitter team and those that reported along side us, this issue was resolved much quicker than we had expected 🎉