drafft

Plan your game. · By baj

Add to collection

game planner Community Devlog

drafft community

[Solved] Protestware in Drafft dependencies "es5-ext"

A topic by RRTj created 94 days ago Views: 112 Replies: 3

Viewing posts 1 to 2

RRTj94 days ago (5 edits)

As I understand it, this happens because the JS library used in the project contains text that talks about Ukraine and is probably not a real security threat.
It could be dangerous if your time zone is from (UTC +2) to (UTC +12).
Russian antiviruses as DR.web and Kasperski triggering on it.
The developer of Drafft is not to blame.

~~This is so stupid~~

----------------------------------------------------------------------------------
Original post
I want to share some observations about potential security risks related to recent Drafft installers. I am not an expert, but multiple antivirus alerts and suspicious behaviors have raised concerns. Below is a detailed breakdown for transparency. Please verify if others have experienced similar issues

1. Drafft v1.4.5 (Itch.io Installer)

Antivirus Alert (Dr.Web):
- Blocked during installation due to "Process Hollowing" (attempted modification of system files).
- Installer freezes, creating unresponsive processes.
Post-Scan Findings:
- Dr.Web flagged anomalies in System32\backgroundTaskHost.exe.
VirusTotal Results:
- Installer v1.4.5 Hash: b89ea9ddaa22f9fc7034762fca55573f28a8017ef761c909b301d4c742204497
- View Report

2. Windows Portable Version (Itch.io)

Antivirus Alerts:
- Both Windows Defender and Dr.Web triggered warnings during extraction.
VirusTotal Results:
- Portable ZIP Hash: a7ca47afe5f367ff593a3ac5be0265bc79ebcec3d0c4a8f94a531de616aebe59
- View Report

3. Drafft v2.0.21 (Drafft.dev → GitHub)

Installer: Drafft-2-Installer-2.0.21-win-x64.exe
- Flagged for JS.Siggen5.44590 (malicious JavaScript library).
VirusTotal Results:
- Installer v2.0.21 Hash: c6127bf4963ab7c5802cf9abb5d4a24c483221476a8fe1f6f5109c14c4840e2d
- View Report

Request to the Community

If you’ve installed recent Drafft versions, please:
- Run antivirus scans.
- Check for unusual system behavior.
Share your findings here to clarify if this is a false positive or a genuine threat.

P.S. to developer, It seems to me that the site https://drafft.dev/ is not the right setting, since without paying for a subscription you can easily get access to the installer download program (I realized this only after a while, when I saw that there are price lists). And also on the main page there are buttons "Download" at the top and a button "Download for windows" in the middle of the screen, I do not work, I just do nothing, a working link to download is only after going to "All downloads →"

bajDeveloper94 days ago

Hello thanks for the report! I’m not very knowledgeable about windows antiviruses, so can’t help you there unfortunately. I’d say that, in general, if in doubt, is probably is best to not install (the app is not even signed with windows store)

v2 was temporarily unavailable for a bit just recently but It should be online again.

About JS.Siggen5.44590 its seems to be related to https://github.com/medikoo/es5-ext package which is a dependency, of the app. check out this topic: https://github.com/medikoo/es5-ext/issues/186

RRTj94 days ago (2 edits) (+1)

Yes, apparently it is because of the "war in Ukrainian text" in the library code to which Russian antiviruses react. Because I saw in the reports on my PC during installation, the file _postinstall.js is marked there in exactly the same way, which contains the text about war...

I apologize to you if this post could offend...

bajDeveloper93 days ago

Yes finding about all of this was quite a ride tbh. Anyways, no offense at all! thanks for the report!!