[Exploit Related] Add some sort of UI visibility for Autorun configuration #20385
Comments
They do exist in the UI,
That settings are designed to run arbitrary programs and scripts. There is no real way to distinguish between user's inteded and malicious scripts. |
|
Duplicate of #13833 https://www.qbittorrent.org/news#sun-oct-22th-2023---qbittorrent-v4.6.0-release
|
thalieht
added
Security
qBittorrent & operating system versions
4.5.2-4.6.3+
Windows 11
What is the problem?
Today I discovered a crypto miner on my machine. After some digging I discovered that it was started by qBittorrent.
My version of qBittorrent was 4.5.2.
About a year ago I was on version 4.5.1, which had a known exploit due to a flaw in the web UI (which is my current theory on how this exploit was loaded on my machine in the first place). I updated to 4.5.2 almost immediately after it was released having read about the exploit.
I decided to update and see if the same miner was loaded on my machine again.
It did, with the same issue for the current version (4.6.3).
The reason this issue persisted post updating was because at some point in the past, a powershell command had been added to my autorun block of my
qBittorrent.inifile. (see block below)I highly recommend either displaying autorun settings somewhere in the UI or sanitizing said chunk of settings on update.
The address in which it was delivering funds has 250+ compromised devices in the pool, many of which labeled something along the lines of "qbittorrent server" or "plex server".
Steps to reproduce
No response
Additional context
Log(s) & preferences file(s)
No response
The text was updated successfully, but these errors were encountered: