My friend receive a message with heavily altered Steam URL to claim a gift and 10 dollars dissaperar from my account #3346
Replies: 5 comments 16 replies
-
Yes, sure, Archi made a program that works fine for 3 million users just to steal $10 from you. Why do you even assume that this happened because of ASF? |
Beta Was this translation helpful? Give feedback.
-
To give official statement, no, ASF is not a cause of your situation - this mostly happens when you put your details into a phishing site. It doesn't have to happen on the same day, scammers usually set up access to your account and wait for convenient moment to execute action - usually when you're away or likewise. See https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Extended-FAQ#right-after-launching-asf-ive-lost-all-my-accountsitemsfriends when I explain it in more detail, especially:
Completely irrelevant of the above, ask yourself how likely it is that out of 3+ million of accounts using ASF, with people having hundreds of thousands of dollars on them, I'd personally target you with my program to steal $10 out of your account. |
Beta Was this translation helpful? Give feedback.
-
I am merely reporting something that happened so the person in charge of this can rule out a potential vulnerability. That’s why I’ve communicated it only here. However, based on the response you’re giving, it says a lot about the kind of treatment you provide to your users. And yes, I did it after being told, but I had already removed it from my computer beforehand—there was no need for you to tell me. Oh, and I will inform others not to install it either, as the technical support has not been very friendly. Thank you. |
Beta Was this translation helpful? Give feedback.
-
Your "concern" is entirely invalid. First of all, that's not obfuscation, that's packing, something your own screenshot tells -
What you're asking for is impossible. In order to prove that software is responsible, you can point out exact code line, block of code, library or any other embedded resource that is causing your issue. You, instead, expect proof that software is not responsible, and the only way for proving that, is analyzing whole ASF source code and determining that based on lack of any evidence that points to such malicious behaviour, which I've already done as a maintainer and main contributor to the project, since as stated in the FAQ I already linked to you, ASF is free of malware and similar behaviour. That's not a statement made to dismiss the case, that's a statement made based on my technical knowledge and best intentions, a statement you're of course free to object to, but in order to prove it being invalid you are in charge of pointing out exact behaviour that leads to your malicious situation, not me making up some undeniable proof that it's truly the case - because such proof doesn't exist.
That's also entirely false. The license of ASF software clearly states that:
You're using this software at your own risk and you can't demand anything from anybody, especially contributors, maintainers and other people involved in the project.
Your concern was addressed fully, just because you don't agree with it doesn't change the fact that you got professional and concrete reply to your concerns, even though nobody here is obligated to give you that, since I could as well ignore your issue entirely and close it without a response. If you have actual reproduction steps or any meaningful input that could hint me or any other contributor into the loophole or other code misbehaviour that can be corrected, as stated in contributing guidelines, you're more than welcome to do so. Stating "ASF is malware", showing VT report that confirms OS-specific packages are packaged as single-file executables (because, guess what, that's their purpose, as explained in compatibility wiki section), without any additional input renders looking for your issue impossible, as you didn't even isolate the case properly, let alone found the exact misbehaviour that causes your issue. Also note that I'm in charge of the project, not other people you've been talking with above. Even despite of that, I didn't find their comments as violating ASF's code of conduct, nobody here attacks you personally, merely proving that you're wrong, and it's normal that people take it personally if you attack them or their work, which you do by accusing ASF of your loss. You're free to report your "concern" to GitHub if that makes your day any better, you're also welcome to refrain from using my software in the future if you believe it's malicious, and I'd suggest you doing that since you seem completely lost in terms of your account safety, so only losing your digital property again without using ASF can spark some idea in your head that perhaps your accusations were wrong to begin with. After all that seems to be the "proof" you're looking for. Further discussion is moot, there is nothing you neither me can add to this case, apart from personal attacks and repeating the same arguments again, which does not move this discussion any further. |
Beta Was this translation helpful? Give feedback.
-
I downloaded the program again from this repository. Everything was going fine, farming trading cards without any problems. Out of nowhere, my balance dropped to 1 cent overnight. I checked my purchases and transactions, and I saw sales and purchases of items in the market. I thought it might be due to the trading bot, and that seemed fine. However, yesterday, a friend of mine received a message from me with a suspicious link that had a heavily altered Steam URL to claim a gift. I hope this gets resolved soon. Someone unscrupulous is using this application for malicious purposes. I've lost $10 from my account and now have a program I can’t trust.
Beta Was this translation helpful? Give feedback.
All reactions