Malware?
Hi,
Today noticed that quite a number of people uploaded models on Printables in ZPR and other stange formats, like this: https://www.printables.com/model/1662579-tricky-kittens/files
When fetching the .zip file there are some instructions to use the online service to convert the file to a printable format like stl, step, of 3mf.
The conversion fails always (for me at least) and instead it wants you to download a new .zip which looks like the conversion tool.
The tool however is AutoHotKey and a script the wants to access some odd looking urls encoded in base 64 like:
- https://spring-wave-37da.sskandi1945.workers.dev/get-link
- https://spring-wave-37da.jeffreyepstein2.workers.dev/get-link
- https://spring-wave-37da.diatentcourno1981.workers.dev/get-link
I did not try to run any of that and i did also not had any luck in downloading the payload manually for inspection.
- Why is the creator not uploading the stl, step or 3mf file also
- Why all that conversion? (is this just a way to make you download some malware on your windows machine??)
- Accounts uploading these files usually always have a year suffix.
Anyhow, all of this is very smelly.
What do you think?
RE: Malware?
Lots snd lots of malware on Printables these days. They can't keep up with it.
Formerly known on this forum as @fuchsr -- https://foxrun3d.com/
RE: Malware?
See my GitHub and printables.com for some 3d stuff that you may like.