Devoratus wrote:

HollyEuca wrote:

StrongestFishEver8 wrote:

Scratch_Cat_Coder8 wrote:

dec 7th did end up happening, albiet on a smaller, smaller scale

Let me guess they spammed grifftopia, other popular Chatrooms and a st member profile. They nearly do that every month

Not even that. I think they spammed Grifftopia once for five minutes and that was it.

i saw this happening on different by design too and i got curious and eventually hacked on my main
some might say…my compass is curiosity /j /ref

Oh no! That must be terrible.

KING OF THE PAGE!

Matikiscool wrote:

ReallySopa wrote:

Oh finally… The so-called “Canvas Virus” is getting fixed, Thank the Scratch Team.

Honestly, the people that spammed a lot of “Canvas Virus” comments everywhere on Scratch don't know what they're doing, I know they want to “help” other people, but just send the message to their relatives, not to random or unrelated projects…

And also, I'm glad that this is sticked, because they were a lot of people who was panicking about the issue, they even didn't know the Scratch Team was fixing it and yet… they complained about the Scratch Team. So hey Scratchers, the Scratch Team is not actually THAT bad, they were actually aware of this and fixing it. Respect them please.

Anyway, I hope the Scratch Team can keep going on Scratch. Also, if you can, then try tell your relatives that the issue is getting fixed by the Scratch Team (just don't spam it).

You heard that, the ST is not THAT bad after all. I just wonder why this happened in the first place.

You're on my side, Scratcher.

CSS exploit isnt fixed, as all of my custom styles projects still have the styles.

FriskVRYT wrote:

CSS exploit isnt fixed, as all of my custom styles projects still have the styles.

The CSS exploit is not what the virus used. The virus used a bug in the costume editor, which has been fixed since then (in the online editor)

The CSS exploit doesn't need that you see inside the project, and it can't run JavaScript so it can't take over your account

well hopefully my account is recovered

A Youtube video sumarising most of the information regarding this attack will be posted tomorrow morning (where i live, GMT+8), hopefully……

What i'm mainly concerned about are scratch “influencers” hitching a ride off of this incident & sensationalizing it to oblivion with MrBeast style editing & everything, i made sure my video has minimal editing

I included some “advice” for dealing with this incident while it's ongoing but aaaagh thag part is mostly outdated by now
Excluding the “not opening random sb3 files” part, as far as i know the fixes are only limited to the website at the moment

can anybody explain what this is

dKng_4725 wrote:

can anybody explain what this is

This is a forum post by @SushiCat_75 discussing the problem with the Canvas Virus, which is deleting people's projects, changing their descriptions, etc.

Matikiscool wrote:

Devoratus wrote:

HollyEuca wrote:

StrongestFishEver8 wrote:

Scratch_Cat_Coder8 wrote:

dec 7th did end up happening, albiet on a smaller, smaller scale

Let me guess they spammed grifftopia, other popular Chatrooms and a st member profile. They nearly do that every month

Not even that. I think they spammed Grifftopia once for five minutes and that was it.

i saw this happening on different by design too and i got curious and eventually hacked on my main
some might say…my compass is curiosity /j /ref

Oh no! That must be terrible.

KING OF THE PAGE!

Canvas isnt real most of the time, just trolls, although it is occasionally real. Theres not much of a point to hack a moneyless website for kids though. It's kind of like stealing candy from the baby when all the baby has is a twig.
Also, grifftopia already gets massed spammed.

Please tell me it’s finally fully resolved

sup3r_r0ck wrote:

Please tell me it’s finally fully resolved

The Canvas Virus did, in fact, get resolved, and the Scratch Team is working on getting people's accounts back.

I know there's at least one more major vulnerability that allows bad actors to cause significant harm to the platform; I suggest ST review the code for the website. The offline editor is less of a concern, but it should still be reviewed.

Tsarjosh wrote:

Matikiscool wrote:

Devoratus wrote:

HollyEuca wrote:

StrongestFishEver8 wrote:

Scratch_Cat_Coder8 wrote:

dec 7th did end up happening, albiet on a smaller, smaller scale

Let me guess they spammed grifftopia, other popular Chatrooms and a st member profile. They nearly do that every month

Not even that. I think they spammed Grifftopia once for five minutes and that was it.

i saw this happening on different by design too and i got curious and eventually hacked on my main
some might say…my compass is curiosity /j /ref

Oh no! That must be terrible.

KING OF THE PAGE!

Canvas isnt real most of the time, just trolls, although it is occasionally real. Theres not much of a point to hack a moneyless website for kids though. It's kind of like stealing candy from the baby when all the baby has is a twig.
Also, grifftopia already gets massed spammed.

Some people report that the email associated with their account would get uploaded to the hacker when their account became compromised, supposedly. An email doesn't seem like much, but it's still technically valuable.

Also, it invites you to an outside server? I wonder if that's where the real scam is.

Take this with a grain of salt, this is only a theory. Don't go testing it for your safety please. I am only guessing. Do not take me super seriously. I am reasoning the theoretical in this case.

STebBerry wrote:

the css exploit is not fixed, since my chatroom still has styling

so you're telling me that that project is affected
edit: I've heard words off the virus also was spread through popular chatrooms. I remember seeing reports of not clicking links on griffpatch's comments. Is this related at all?

PrettyCoolStuffs wrote:

STebBerry wrote:

the css exploit is not fixed, since my chatroom still has styling

so you're telling me that that project is affected
edit: I've heard words off the virus also was spread through popular chatrooms. I remember seeing reports of not clicking links on griffpatch's comments. Is this related at all?

The CSS glitch is unrelated

MIT will surely fix it

when green flag clicked
say [Virus fixed !]

AtEnds wrote:

I know there's at least one more major vulnerability that allows bad actors to cause significant harm to the platform; I suggest ST review the code for the website. The offline editor is less of a concern, but it should still be reviewed.

whut

They have already fixed the bug, they are now just getting people's accounts back.

It is very difficult to prevent exploitation of the website via an image file code, or anything else, and the scratch team at MIT is doing a good job (which is to be expected, because most of them are coding nerds at MIT who live to solve these problems). Mass hysteria has been caused by the copy/paste messages people continue to use. The bad news is there will always be another way to hack into it… the good news, there's not much you can do with a hacked account, besides trolling, falsifying information, bot farming, and spreading information. The only major thing a hacker can find is your email address, which, from experience, I can say they can hack into an email address pretty easily, considering they have done it to me outside of scratch. This CAN be dangerous, but is out of scratch's control, so you have to figure it out yourself.
Everyone who will heed warnings has been warned. The projects that are hacked can be found easily, although most of them aren't actually hacked, they are just published by trolls. I have made a test account and not been hacked by the so-called “Canva Virus”. A lot of people publishing messages are just; A. Misinformed but unwilling to change their views, B. Trying to become popular/accepted or C. Attempting to spread arson. There are legitimate viruses that have not been resolved, but I guarantee virtually none of them are heard of or known by the great public masses of scratch. It also doesn't help that both Gaehive and DBD, two popular megastudios known for misinformation and evading the Scratch Team, have at the top of their description's warnings that their obsessed followers eagerly spread. DBD literally has a whole page on the bans.
Tell me if I missed anything on situation, and remember not to discourage the Hysteria which has engulfed the website. Don't click on suspicious links (although the links above are safe), but please skim through the two studio pages' tops and read the messages causing this confusion. Have a nice day!

Tsarjosh wrote:

I have made a test account and not been hacked by the so-called “Canva Virus”.

The Scratch Team has fixed the exploit that the virus was using yesterday: https://github.com/scratchfoundation/scratch-paint/pull/3536
It used to infect accounts before that

Also, the ST deleted the infected costume from their servers, so if you clear the cache then infected projects will just show a question mark instead of asking to see inside