I have seen alot of weird messages like this…

SCRATCHERS BEWARE, A group of hackers has created malware that we have dubbed ‘the canvas’ virus. The ‘Canvas’ virus lurks inside of projects of the infected, it tells you to ‘see inside’ and open the backdrop editor. DO NOT DO THIS, You will receive a message alerting you that you've been hacked, and will be signed out of your account. Your projects will be replaced with the infection and your profile description change. Be safe, stay alert, and report. Copy and paste to spread the word!!!

Its on most Studios and featured games with the studios being in the popular Studios like Friendship, Sugary sweets and more

WHAT IS THIS CANVAS VIRUS????????????????

There is a vulnerability where if you click ‘see inside’ and then click on the costume/backdrop editor, then it can actually excecute Javascript and on the offline editor, it can even do things like running malicious shell programs!

So please be aware of people asking to see inside!

can it affect your projects?

DMRFan01 wrote:

can it affect your projects?

Yeah, it can delete your projects.

it would be good to stop calling it a virus since it isn't

So does it take over your entire profile or just your projects? and is it possible for it to get other information and get into your device?

ScodexPerson wrote:

There is a vulnerability where if you click ‘see inside’ and then click on the costume/backdrop editor, then it can actually excecute Javascript and on the offline editor, it can even do things like running malicious shell programs!

So please be aware of people asking to see inside!

On that note, do we have any examples of afflicted projects/accounts? Does this do the same thing when online/in-browser? What are the parameters as to when this is tripped? How would ScratchTeam fix this?

TimothyLawyer wrote:

it would be good to stop calling it a virus since it isn't

It behaves like one. It's transmitted when the “evil javascript” contacts your profile, and makes copies of the virus.

Is there a way to notice if a project is infected?

(excess characters removed by moderator - please don't spam)

I believe infected projects simply say “see inside and open backdrop”. Does anyone know if it has been fixed?

it's actually not a virus, but a vulnerability/exploit

coby316 wrote:

Does anyone know if it has been fixed?

someone reported getting their account back after the exploit

Dude they kept changing my bio and posting projects with images of dead deer on them. Just delete all the projects infected, change ur password, and reset cookies.

is there somewhere with an example of this “virus?” also, if i open the backdrop on an alt, will that have a risk of cross-contaminating my main account with the same email?

filimanatorx1 wrote:

Dude they kept changing my bio and posting projects with images of dead deer on them. Just delete all the projects infected, change ur password, and reset cookies.

No. Those projects were my greatest works. They can't be permanently gone.

its a xss script that in certain projects can hack you if you see inside, scratch is known to have vulnerabilities regarding things like this.
I don’t know if its patched yet or how much of it is true though.

AndPherbCodes wrote:

filimanatorx1 wrote:

Dude they kept changing my bio and posting projects with images of dead deer on them. Just delete all the projects infected, change ur password, and reset cookies.

No. Those projects were my greatest works. They can't be permanently gone.

Well, if you really wanted to you could request accsess to the backup files if you ask an ST member. It could take months to receive it back tho seeing as the entire community is asking for their backup files.

AndPherbCodes wrote:

filimanatorx1 wrote:

Dude they kept changing my bio and posting projects with images of dead deer on them. Just delete all the projects infected, change ur password, and reset cookies.

No. Those projects were my greatest works. They can't be permanently gone.

then just save them as backup files

This is so stupid bruh

I made a project saying what i know about it:
https://scratch.mit.edu/projects/1316145873/