It has come to our attention that a malicious site is attempting to impersonate OpenCore Legacy Patcher, and potentially harm users. As this site is becoming more aggressive in their attempts to spread their content, we unfortunately need to write this post warning users of this.
Before we begin, the only official links for OpenCore Legacy Patcher are:
We host no other websites, and no other distributions of OpenCore Legacy Patcher outside the ones listed on GitHub. If you do find rehosted copies of OpenCore Legacy Patcher, immediately report them to prevent potential harm.
Additionally neither Dortania nor OpenCore Legacy Patcher will email or contact anyone directly. Only developers such as DhinakG or myself, Mykola Grymalyuk (khronokernel), will ever email. Anyone else representing the organization, project or the team as a whole is malicious.
Malicious Site: opencorelegacypatcher.com
On November 21st, 2023, we were notified of a malicious site attempting to represent itself as OpenCore Legacy Patcher's official website:
www.opencorelegacypatcher.com
We originally believed it to be mostly harmless outside of a MEGA download that simply rehosted OpenCore Legacy Patcher:
Code signature was validated and looks to an unmodified copy of OpenCore Legacy Patcher from GitHub.
Since this initial discovery, they seem to have switched to GitHub binaries directly.
However less than 2 weeks later, we were notified that this domain was attempting to act as OpenCore Legacy Patcher and coarse others into editing contents on other websites. The 2 we've caught in public:
We believe even more sites have been contacted, as the administrator of MacMeUp has notified us of a suspicious email they received.
We'd also like to clarify we don't support MajorGeeks or MacUpdate. Unfortunately others keep posting our work online, and we cannot keep removing them. MacUpdates for example ignored our removal request months ago.
If you wish to help us, please report this domain to the following:
At this time, we've been unable to remove the site. NameCheap has been known to ignore support requests. If you known someone who can help the process, we'd greatly appreciate the support.
Additionally multiple videos have the same dock, wallpaper and menubar setup while using an iMac17,1.
Impersonation: Email
Email received by MacMeUp, towards their admin email address:
Subject:
Request to Add a Backlink to OpenCore Legacy Patcher's Listing on MacMeUp
Body:
Dear MacMeUp Team,
I hope this message finds you well. I am writing on behalf of the OpenCore Legacy Patcher team, regarding our software that is featured on your esteemed platform, MacMeUp. We appreciate your support in showcasing our tool and would like to discuss a potential enhancement to our listing on your site.
Our official website, https://opencorelegacypatcher.com/, is the central hub for all updates, comprehensive information, and support related to OpenCore Legacy Patcher. We've noticed that our software's presence on MacMeUp does not currently include a direct link to our website. Establishing a backlink to our site would offer significant benefits, providing MacMeUp users with immediate access to the most current and detailed information about our software, thereby enhancing their user experience and engagement.
We kindly request the inclusion of a link to our official website on the page where OpenCore Legacy Patcher is featured on MacMeUp. This addition would not only help keep your audience informed with the latest information but also assist us in reaching a wider user base who could benefit from our software.
Here is the URL for the proposed backlink: https://opencorelegacypatcher.com/
We greatly value the exposure and platform that MacMeUp has provided for OpenCore Legacy Patcher. We believe that this small yet impactful addition could further enhance your content and our mutual goals. Thank you for considering our request. We understand and respect any editorial policies you may have regarding this matter.
Looking forward to the possibility of further collaboration with MacMeUp.
Best regards,
OpenCore Legacy Patcher Team
admin@opencorelegacypatcher.com
https://opencorelegacypatcher.com/
admin-Opencore Legacy Patcher - Replied to Ean - Nov 30 2023
Hello, Thank you for bringing your concerns to our attention. We take the security and safety of our users very seriously. We want to clarify a few points to assure you of the integrity of our website OpenCoreLegacyPatcher.com: We have conducted thorough checks and can confirm that our website, https://www.opencorelegacypatcher.com/, is free from any malware. The security of our website is continually monitored, and we take immediate action if any issues are detected. ✅✅✅✅
OpenCore Legacy Patcher - 12 days ago
here you can visit our website OpenCore Legacy Patcher (link: https://disq.us/url?url=https%3A%2F%2Fopencorelegacypatcher.com%2F%3AIx1A7TKWpigXpTFL3D3w5edwCds&cuid=2068243)
Know that your work is what kills projects like OpenCore Legacy Patcher all the time online. We just turned 3 years old, and have now lived through Big Sur, Monterey, Ventura and Sonoma. However if we keep having to fight these horrid sites every day, we may not make it to 4 years old. We want to do what we love, keep old Macs running, but fighting this is not something we can keep doing.
It has come to our attention that a malicious site is attempting to impersonate OpenCore Legacy Patcher, and potentially harm users. As this site is becoming more aggressive in their attempts to spread their content, we unfortunately need to write this post warning users of this.
Before we begin, the only official links for OpenCore Legacy Patcher are:
We host no other websites, and no other distributions of OpenCore Legacy Patcher outside the ones listed on GitHub. If you do find rehosted copies of OpenCore Legacy Patcher, immediately report them to prevent potential harm.
Additionally neither Dortania nor OpenCore Legacy Patcher will email or contact anyone directly. Only developers such as DhinakG or myself, Mykola Grymalyuk (khronokernel), will ever email. Anyone else representing the organization, project or the team as a whole is malicious.
Malicious Site: opencorelegacypatcher.com
On November 21st, 2023, we were notified of a malicious site attempting to represent itself as OpenCore Legacy Patcher's official website:
We originally believed it to be mostly harmless outside of a MEGA download that simply rehosted OpenCore Legacy Patcher:
However less than 2 weeks later, we were notified that this domain was attempting to act as OpenCore Legacy Patcher and coarse others into editing contents on other websites. The 2 we've caught in public:
Author: Dortania
changed to malicious site.Developer’s website
changed to show malicious site.We believe even more sites have been contacted, as the administrator of MacMeUp has notified us of a suspicious email they received.
If you wish to help us, please report this domain to the following:
At this time, we've been unable to remove the site. NameCheap has been known to ignore support requests. If you known someone who can help the process, we'd greatly appreciate the support.
Registar Information
Associated Websites and Accounts
We were able to track down a number of accounts for this user:
After tracking the Youtube channel down, we believe we found the original account who controls the domain:
Impersonation: Email
Email received by MacMeUp, towards their admin email address:
Impersonation: Youtube
Impersonation: Twitter
Impersonation: MacUpdate
Impersonation: MajorGeeks
Additional Resources
Final word to the malicious site author
Know that your work is what kills projects like OpenCore Legacy Patcher all the time online. We just turned 3 years old, and have now lived through Big Sur, Monterey, Ventura and Sonoma. However if we keep having to fight these horrid sites every day, we may not make it to 4 years old. We want to do what we love, keep old Macs running, but fighting this is not something we can keep doing.