{"id":11575,"date":"2018-02-23T10:10:04","date_gmt":"2018-02-23T18:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/23\/news-5346\/"},"modified":"2018-02-23T10:10:04","modified_gmt":"2018-02-23T18:10:04","slug":"news-5346","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/02\/23\/news-5346\/","title":{"rendered":"Deepfakes FakeApp tool (briefly) includes cryptominer"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Fri, 23 Feb 2018 17:20:00 +0000<\/strong><\/p>\n

A few weeks ago, we took a look at a forum dedicated to Deepfake clips where the site was pushing Coinhive mining scripts<\/a> in the website’s HTML code.<\/p>\n

As it turns out, there’s been another mining blow-out in the form of one of the apps used to make the fakes. That’s right\u2014a tool designed to push CPU\/GPU hard in order to create movie files\u00a0also<\/em> wanted you to push the GPU that much further and do a spot of mining in the background at the same time.<\/p>\n

The developer of one of the most popular Deepfake movie makers, FakeApp (previously mentioned on Motherboard<\/a>\u00a0as a “user-friendly version” of the Deepfakes technology), decided to add an optional mining function into the latest release of their program. The reception to this was, to be fair, a complete disaster and it wasn’t long before said developer realised everything had gone a bit wrong and pulled the miner.<\/p>\n

The majority of the posts online made about this range from lengthy rants to angry swearing to the occasional passing insult and a lot of “download the old version or use something else.” If you want to foster a complete sense of mistrust in your app then this is definitely the way to do it:<\/p>\n

\"Mining?<\/a><\/p>\n

Click to enlarge<\/p>\n

\n

The Developer just announced he is removing the miner. I don’t know if that means you’ll have to wait for a new version or if it’s remotely disabled immediately.<\/em><\/h3>\n<\/blockquote>\n

According to the above poster, the mining free version was 100KB smaller than the previous file, so if you weighed in at 70.58MB you were fine, but if you tallied up at 70.68MB you might have wanted to abandon ship. Here’s a rather angry Reddit thread<\/a>\u00a0about it:<\/p>\n

\"A<\/a><\/p>\n

Click to enlarge<\/p>\n

On another popular Deepfake forum, they’re specifically highlighting the two different versions:<\/p>\n

\"miner<\/a><\/p>\n

Click to enlarge<\/p>\n

\n

Make sure you have the version without the cryptominer:<\/em><\/h3>\n

Download from – (may have miner):<\/em>
Download from – (no miner):<\/em><\/h3>\n<\/blockquote>\n

According to the Reddit post up above, the app only “mined when you were training” (training being the process of making the computer learn how to draw faces) so you “wouldn’t notice the extra load.” After the hostile reception to the mining, FakeApp v2.2 was taken down by the app developer after a day and re-uploaded sans miner:<\/p>\n

\"removed!\"<\/a><\/p>\n

Click to enlarge<\/p>\n

\n

The donation miner was introduced and removed in one day. The rest is totally clean as has been seen by everyone who’s used it. I’m not doing this to make money.<\/em><\/h3>\n<\/blockquote>\n

Regardless of the reasoning, it turns out people do not like miners on their computer\u2014especially when they’re already entrusting a good chunk of heavy duty usage to the app developer as it is. No amount of experiments in funding will make up for this kind of damage limitation exercise:<\/p>\n

\"accusations\"<\/a><\/p>\n

Click to enlarge<\/p>\n

\n

I am not counting on anyone accidentally mining $0.004 cents for me, this is an oversight that has happened for every setting since release. I’m not playing “innocent and transparent” I am trying to help people like I have since the beginning. In fact, I am in the process of putting in code to specially turn it off permanently after people have requested [to turn off the miner].<\/em><\/h3>\n<\/blockquote>\n

Miners are a touchy enough subject without additional controversy over the mining function springing back to life every time you restart the program. Worse still, users felt there were also disclosure issues regarding the miner being onboard. In the below screenshot, the developer is having to point out they included a non-skippable disclaimer in the app changelog while admitting they forgot to add it to the changelog on the website:<\/p>\n

\"I<\/a><\/p>\n

Click to enlarge<\/p>\n

Frankly, it’s all a bit of a mess in fake pornography movie land, and this developer is immediately reaping the whirlwind of “probably shouldn’t have gone with a miner after all.” As for what kind of mining was taking place, it was our old friend Coinhive<\/a>\u2014humorously, the exact type of mining we spotted being used on that Deepfake forum from a fortnight ago.<\/p>\n

As for the developer, they’re left firefighting and posting apologetic rambles<\/a> on Reddit:<\/p>\n

\"miner<\/a><\/p>\n

Click to enlarge<\/p>\n

\n

I didn’t do it in an attempt to secretly make a profit of users using FakeApp\u2014mining is neither secret nor profitable. I made an effort to be as upfront about it as I could possibly be, putting notices everywhere I could put them, and on the forum the reaction seemed to be mainly positive.<\/em><\/h3>\n

Making a voluntary $10\/week to help speed up development off willing donors is not a scam; this was a donation feature that many liked, many were politely uncomfortable with, and a handful seemed intent to read malicious intent into. I have been here since the beginning and anyone who knows my work knows I care about making this tool accessible not making a profit, and that’s why I’ve spent so much of my free time on it.<\/em><\/h3>\n<\/blockquote>\n

It is honestly surprising to me that, in the middle of news stories galore about mining being annoying<\/a>, someone thought squeezing extra juice out of an already<\/em> juice-squeezed PC for some digital coin generation couldn’t possibly go wrong. The Deepfakes industry has already branched out into multiple tools and programs, and there’s a fair bit of choice out there\u2014one mistake is all it takes, and the fanbase developers have built up will quickly disappear.<\/p>\n

One of the most well-known Deepfake programs around has (temporarily) succumbed to the lure of mining, and between this huge reputation blow to arguably the most popular DIY app out there, and the long list of supposed Deepfake sites pushing mining scripts and dubious adverts all over the place, it’s entirely possible that the fake pornography clip industry has started to show signs of a slow, relentless collapse into “We’re not really into this anymore.”<\/p>\n

The post Deepfakes FakeApp tool (briefly) includes cryptominer<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Fri, 23 Feb 2018 17:20:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
We take a look at what happens when one of the most popular DIY Deepfakes programs decides to monetise with a spot of coin mining. Surprise: it doesn’t end well.<\/p>\n

Categories: <\/p>\n