Effects of a malicious Definition?

clivecarter · July 10, 2024, 8:18pm

Screenshot 2024-07-10 at 20.20.39

I wonder if anyone recognizes the icons in this screenshot I’ve boxed in red that look like a recycling symbol?

They suddenly attached themselves to the left of multiple sliders in my Grasshopper Definition, after I pasted in a 25 kb definition ThickenMesh that I (unwisely) downloaded at 18:37 from elsewhere.

I now suspect it contained malware. My Rhino 7 was damaged and I reinstalled it (I suspect it’s currently damaged again). Large chunks of Grasshopper are currently missing. I don’t remember installing “Fologram” that appeared on Grasshopper Menu Bar.

Has anyone edited the contents of the Rhino Library folder?

The top four files stamped 18:39 are when the trouble started. The cloudzoo files were my reinstall and the last four files may be suspect.

I’m inclined to delete at least some of the files shown in the above screenshot but before doing so, would prefer comment please from someone more knowledgable.

In any event, a warning for the unwary.

Joseph_Oster · July 10, 2024, 8:31pm

We’ve seen these before, caused by Fologram? Or Centrapay?

clivecarter · July 13, 2024, 3:40pm

Joseph,

? FOLOGRAM

Thanks for the lead.

Certainly it provided Instant mixed reality experiences !

I cleared up the wreckage in the Library and User Objects and was up and running again quickly.

I’ve never encountered a problem with downloading a Definition from this forum.

I thought I’d be okay in downloading from a Next Lab Maker Space webpage and part of the University of Melbourne. But I was wrong.

My impression now, is that the Definition (to thicken an edge with Grasshopper) linked at the foot of a particular webpage has at some point been unwittingly or deliberately doctored in some way.

Once downloaded and attempting to use, then it must have generated a further, bigger download and an unexpected and unwanted install of Fologram. Which caused me a lot of mayhem. If it’s any kind of attempt at viral marketing, it’s not going to win friends. It also puts a question alongside Fologram in any event.

I can provide the link if anyone wants to try to analyze it, but they would do so at their own risk!

Joseph_Oster · July 13, 2024, 3:45pm

Reminds me of a GH file someone posted on the forum that included C# and Python bits to “permanently” modify GH settings to conform to their company’s standard practices So rude!