Ledger Nano X - The secure hardware wallet
SHARE
TWEET

BitTorrent Mac and Spigot adware

a guest Nov 18th, 2013 911 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Last login: Mon Nov 18 12:49:04 on ttys002
  2. [noar]-[mp]-[12:49:36]
  3. [~]$ cd /tmp/
  4. [noar]-[mp]-[12:49:43]
  5. [/tmp]$ openssl dgst -sha256 ~/Downloads/BitTorrent.dmg
  6. SHA256(/Users/noar/Downloads/BitTorrent.dmg)= 265126d82072b3cf917496943b5149c808006cc7b94c9d84b1e2ced88de01bf3
  7. [noar]-[mp]-[12:49:43]
  8. [/tmp]$ hdiutil attach ~/Downloads/BitTorrent.dmg
  9. /dev/disk4              GUID_partition_scheme          
  10. /dev/disk4s1            Apple_HFS                       /Volumes/BitTorrent-30291
  11. [noar]-[mp]-[12:49:44]
  12. [/tmp]$ cat /Volumes/BitTorrent-30291/BitTorrent-Installer.app/Contents/Resources/InstallerPreferences.plist
  13. <?xml version="1.0" encoding="UTF-8"?>
  14. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  15. <plist version="1.0">
  16. <dict>
  17.         <key>Window</key>
  18.         <dict>
  19.                 <key>Width</key>
  20.                 <integer>620</integer>
  21.                 <key>Height</key>
  22.                 <integer>450</integer>
  23.         </dict>
  24.         <key>Environment</key>
  25.         <dict/>
  26.         <key>Extensions</key>
  27.         <array>
  28.                 <dict>
  29.                         <key>URL</key>
  30.                         <string>http://download.mybrowserbar.com/kits/installers/967150/Welcome.zip</string>
  31.                         <key>Name</key>
  32.                         <string>Welcome</string>
  33.                 </dict>
  34.                 <dict>
  35.                         <key>URL</key>
  36.                         <string>http://download.mybrowserbar.com/kits/installers/967150/Offer.zip</string>
  37.                         <key>Name</key>
  38.                         <string>Offer</string>
  39.                 </dict>
  40.                 <dict>
  41.                         <key>URL</key>
  42.                         <string>http://download.mybrowserbar.com/kits/installers/967150/Installation.zip</string>
  43.                         <key>Name</key>
  44.                         <string>Installation</string>
  45.                 </dict>
  46.                 <dict>
  47.                         <key>URL</key>
  48.                         <string>http://download.mybrowserbar.com/kits/installers/967150/Finish.zip</string>
  49.                         <key>Name</key>
  50.                         <string>Finish</string>
  51.                 </dict>
  52.         </array>
  53. </dict>
  54. </plist>
  55. [noar]-[mp]-[12:49:44]
  56. [/tmp]$ curl -O http://download.mybrowserbar.com/kits/installers/967150/Installation.zip
  57.   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
  58.                                  Dload  Upload   Total   Spent    Left  Speed
  59. 100 71840  100 71840    0     0  68658      0  0:00:01  0:00:01 --:--:-- 78945
  60. [noar]-[mp]-[12:49:46]
  61. [/tmp]$ unzip Installation.zip
  62. Archive:  Installation.zip
  63.    creating: Installation/
  64.    creating: Installation/img/
  65.   inflating: Installation/img/bt_bg.jpg  
  66.   inflating: Installation/img/bt_bg_01.png  
  67.   inflating: Installation/img/bt_logo.png  
  68.   inflating: Installation/img/headline.png  
  69.   inflating: Installation/img/ut_logo.png  
  70.   inflating: Installation/index.html  
  71.   inflating: Installation/installer.css  
  72.   inflating: Installation/script.js  
  73.   inflating: Installation/styles.css  
  74. [noar]-[mp]-[12:49:46]
  75. [/tmp]$ head -n 10 Installation/script.js
  76. /**
  77.  *
  78.  */
  79.  
  80. var offerDownloadURL     = "http://download.mybrowserbar.com/kits/installers/967150/Payload.zip";
  81. var productDownloadURL   = "http://download-new.utorrent.com/uuid/ea36d9fa-29b8-4163-9456-c4c2b7b52c6e";
  82. var totalDownloadSize    = 0; // will store the total size of all objects to be downloaded
  83. var totalDownloadPercent = 0; // will store that total percent of all downloaded objects
  84.  
  85. var OFFER_WAS_ACCEPTED = 0;
  86. [noar]-[mp]-[12:49:46]
  87. [/tmp]$ curl -O http://download.mybrowserbar.com/kits/installers/967150/Payload.zip
  88.   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
  89.                                  Dload  Upload   Total   Spent    Left  Speed
  90. 100  124k  100  124k    0     0    98k      0  0:00:01  0:00:01 --:--:--  110k
  91. [noar]-[mp]-[12:49:47]
  92. [/tmp]$ unzip Payload.zip
  93. Archive:  Payload.zip
  94.    creating: Spigot/
  95.   inflating: Spigot/browserctl      
  96.   inflating: Spigot/postinstall.sh  
  97.   inflating: Spigot/Searchme.chromeextension.crx  
  98.  extracting: Spigot/Searchme.safariextz  
  99.   inflating: Spigot/searchme@mybrowserbar.com.xpi  
  100. [noar]-[mp]-[12:49:47]
  101. [/tmp]$ codesign -dvvv /Volumes/BitTorrent-30291/BitTorrent-Installer.app/
  102. Executable=/Volumes/BitTorrent-30291/BitTorrent-Installer.app/Contents/MacOS/BitTorrent-Installer
  103. Identifier=com.bittorrent.BitTorrent-Installer
  104. Format=bundle with Mach-O universal (i386 x86_64)
  105. CodeDirectory v=20100 size=744 flags=0x0(none) hashes=30+3 location=embedded
  106. Hash type=sha1 size=20
  107. CDHash=a876d194f2e83f5ce139c255728b4704f3ef18ff
  108. Signature size=8515
  109. Authority=Developer ID Application: BitTorrent, Inc
  110. Authority=Developer ID Certification Authority
  111. Authority=Apple Root CA
  112. Timestamp=1 nov. 2013 10:27:31
  113. Info.plist entries=23
  114. Sealed Resources rules=4 files=7
  115. Internal requirements count=1 size=196
  116. [noar]-[mp]-[12:49:47]
  117. [/tmp]$
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top