MALWARE

[daniel19256]

Installs a chrome add-on that can't be removed via conventional means (added by your "administrator") in attempts to steal data. The add-on had access to valuable data such as financial information and I would not have realised if it wasn't for the person who made this not realising that it changes your search engine to bing. Please educate me on how to report a github project.

[ArjixWasTaken]

what? (excuse my baffled response)

I am one of the contributors and I can assure you there is no malware in our code.
But I am going to give you the benefit of the doubt, since it is possible that an npm dependency is infected, or that the automated pipeline for the releases is infected (?).

But, even with those possibilities in mind, correlation does not imply causation, so w/o further information I can't do much.
How are you 100% sure that th-ch/youtube-music is responsible for the chrome extension being installed?
And did you test this in a sandboxed environment to reach such a conclusion?

[ArjixWasTaken]

And also, where did you download th-ch/youtube-music from?
It is quite usual for people to create fake websites that claim to be the official website of the project, and provide a virus instead.

The only official website for this project is https://th-ch.github.io/youtube-music, any other site that claims to be official is lying to you.

[ArjixWasTaken]

PS: If you don't mind, can you share the exe you used to install th-ch/youtube-music?
I'd like to give it a look myself

[ArjixWasTaken]

PS2:

It is highly likely that you are talking about a similar project Youtube Music Desktop which was taken down from github because one of the maintainers got their account compromised.

Here is a statement from one of their maintainers, Alipoodle.
And here was their repository before it got deleted.

Chances are, you downloaded the infected release from that project.

[ArjixWasTaken]

@Alipoodle

Are you aware if that infected release forcibly installed a chrome extension to steal user data?
Although, that doesn't really sound like a great move, since one can steal data w/o a chrome extension...so I am having my doubts

Also, I see you still haven't got the org and repos back 😔

[Alipoodle]

Regarding the issue for YTM Desktop (ytmdesktop/ytmdesktop and not this project)
We can't sadly provide much information regarding the actual executable which was given as a replacement during the 7 possible hours of it being live... 😅

The information regarding it, and the 3 accounts we found associated with it all (Adler, and 2x accounts used for hosting said viruses) were all taken down prior to any of us having noticed. The project was as well taken down in this sweep.

We have obviously only just recently provided new versions of our one on a Fork, and until now we've specifically said we aren't providing a download except from KNOWN sources (GitHub from the org) and have been VERY clear with the Fork one about GPG signing and the GH Actions making the release.