Here is Blitz's statement on the matter:
Recently there has been confusion about a potential crypto miner being installed with the Blitz.gg app. The issue appears to be related to ads hosted on it and other programs/sites. This thread can be used to discuss the issue as it may impact people within the community. Below I will be listing steps to take if you are impacted, and will be editing the post with more information as it comes out.
The first is simple. If you see any popup asking you to install/update electrum. Don't do it. Clicking that popup and installing anything is how you will get infected.
If you click on the popup and install what it asks you to, please run any virus scanning software you have. I also recommend running a malware scanner as well. If I am able to reproduce this issue, I will download the virus in a sandboxed environment and provide recommendations on what software can clean it. If anyone has downloaded this exe, I recommend uploading it to virustotal, seeing what scanners can identify it, and using that to clean it. If anyone wants any specific advice please feel free to ask with detail, that is much easier for me than trying to be vague and cover everything.
After attempting to reproduce this issue for a couple hours now, I have been unable to as I have not been served the ad in question. I however did find someone on the Blitz.gg Discord use any.run to run the file it downloads. The URL used to download the file is no longer active. However you can see the process of what the install looks like.
This is a site that creates and instance of Windows that users can view what happens when you run an executable. Mouse over the screenshot to see a timeline. If you did not go through the install process shown in those screenshots, electrum was not installed on your computer with this.
Writeup from a dev on the Blitz Discord. Includes links to a write up from a security researcher.
We just want to quickly elaborate what and how it happened.
- A malicious advertisement unit got added to Google's advertisement platform
- The malicious ad got delivered to millions of websites including Blitz, Reddit, The Verge…
- The advertisement created an alert box with a concerning message that would redirect and download a malicious executable once the user clicked on "OK"
The Blitz App is built in a sandbox so this kind of behavior can't really happen. Advertisements served by Google have no way of accessing the computers file system via our application.
We released an security update ~6:45 AM PST, that prevents any of those prompts in the future.
Reddit: https://www.reddit.com/comments/lplve0/ The Verge, PC Gamer, TechRader, etc.: https://www.reddit.com/comments/lpoo3d/ More detailed write up from a web security researcher: https://honk.camp/p/electrum-malware-campaign/
Source: Original link
© Post "Blitz.gg does not have a crypto miner." for game League of Legends.
Top 10 Most Anticipated Video Games of 2020
2020 will have something to satisfy classic and modern gamers alike. To be eligible for the list, the game must be confirmed for 2020, or there should be good reason to expect its release in that year. Therefore, upcoming games with a mere announcement and no discernible release date will not be included.
Top 15 NEW Games of 2020 [FIRST HALF]
2020 has a ton to look forward to...in the video gaming world. Here are fifteen games we're looking forward to in the first half of 2020.