Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
Tags

One could read your statement in three ways.  ;-)

1. You do not recognise the scams.

2. Where you look, there are no scams.

3. You look where used to be scams but are not any longer.

My list grew by 7 reports since your posting. Some were obvious malware, but sadly the scanner on my system would not have detected it. virustotal also only had a few that saw through the obfuscation. It is a variant of a known trojan. The sandbox method might have protected at least the data of the user. But I am not sure about that, because the infection method seems to exploit the update mechanism of Chrome to infect your system the next time you start. So you will not be immediatly hacked and may be not sure what infected you, afterwards.

To clarify: there is uploaded malware daily on itch. Malware that is indexed. Developers are not verified. And the scammers work very hard to overcome any obstacles like automated scans. They have a very short feedback cycle. It is trivial if you think about it. Upload malware, see if it is indexed or at least not banned. Yes, continue. No, try a different approach to hide the payload of the malware.

Itch is a honey pot for them. Lots of people trying out executeables from unknown developers. Some of the legit developers even telling the users about false positive warnings of antivirus apps. It is a minefield for users. And the scammers do experiement with AI on occasion. As long as it pays off, they will continue.

Since I doubt that itch will introduce a paywall for developers anytime soon, it might only dry out, if there are too little scam victims to justify the effort.

They kinda did dry out a certain method of scams that involved fake download buttons. Never saw one of those, after itch introduced special markings for external links (but the three reasons above apply here too ;-)

Yeah. I meant as in wherever I look there are no scams.

The sad truth is, all the people that did get infected and hacked did not recognise those scams. Obviously.

I don't blame them. Itch is a legit site. One would not expect malware here.

I do not know what can be done about it. On the cheap, that is. But I would start with better account protection, like detecting the hijack.

On client side, people can be more careful and mistrusting. But for that they have to be aware of certain facts. Really aware. Like people being too lazy to report scams and scammers being able to upload them, because developers are not verified and automated scans can only detect so much.

So my best advice is the title of this thread. Do not download things. If you are aware, you will be more sceptical about any gifted horses, there might be trojans hiding inside.

(1 edit)

I must agree. Anyways, I have something you might like.