90% chance it's yours/their AV just throwing out a false positive, as that's what most AV's do.. especially if you don't use an installed program regularly. Your AV will also flag programs as a PUP too usually. What AV are you using? This would be helpful information to the Devs too.

It's "360 total security". It immediately quarantined the game.exe when I tried to start it.

Originally posted by sylardean:

90% chance it's yours/their AV just throwing out a false positive, as that's what most AV's do.. especially if you don't use an installed program regularly. Your AV will also flag programs as a PUP too usually. What AV are you using? This would be helpful information to the Devs too.

Originally posted by revenant_k:

It's "360 total security". It immediately quarantined the game.exe when I tried to start it.

Security nut here:
False positives tend to be fixed very quickly. If ever a game "just does that" for a very long time, on most AVs, there's likely some sort of malicious component. Do note that spyware, which is common today and usually not directly harmful, may still be flagged as malicious, since different people have different levels of tolerance when it comes to privacy.

That said, I am wholly unfamiliar with this AV. It's possible they're not as great as others at ridding false positives. It is also odd that it only flags exported projects, and not the engine. Even if the engine only injected malicious code on export, that would usually be caught by AVs.

There's a free site that you can use to check the exported file against several of the top AVs; it's called Virustotal. If your project is still throwing flags across the board when checking it there, it's worth further questioning.

I just think if the exported game.exe keep trigger false positives, it could be bad for business. If I want to sell the game.

11 / 26 / 23 EDIT: Removed an edit containing video with an analysis showing a potential trojan; most of the results have been suitably explained, and I believe the video to be incorrect. It has been unlisted for archival purposes.

ANALYSIS:

Upon testing an exported project in virustotal, 2 of the 72 vendors flagged it as malicious. When testing the behavior, no sandboxes found malicious behavior (though it is still testing in 2 sandboxes, possibly stuck, will say why later).

When testing behavior, it tests against common exploitation methods called the "MITRE ATT&CK Framework", which is separated into different categories. There were some behaviors found that are common here.

-Discovery:

System Information Discovery
T1082
Get OS version in .NET

File and Directory Discovery
T1083
Get common file path
Check if file exists
Check if directory exists

This is common in C# downloads; the system version is necessary to properly understand how to download and compile the file. That said, I don't quite understand why the files needed for downloading are still here.

- Defense Evasion:

Deobfuscate/Decode Files or Information
T1140
Extract zip archive in .NET

Again, common in downloading files; it extracts the program to the computer, and in doing so, it is no longer contained in a .zip, so it was flagged as a misdirection.

Execution:

Command and Scripting Interpreter
T1059
Accept command line arguments

Most programs accept arguments from the command line; the biggest question is, from who is it accepting the arguments. This alone does not state anything, but can be a concern when paired with other issues.

Those are all of the behaviors listed, though it does have some ip traffic:
5 TCP connections
1 UDP connection
(I can see each IP connection, but because of what my conclusion is, I'll keep them hidden for privacy for now.)

CONCLUSION:
Upon exporting, the Bakin Engine incorrectly places the download files and instructions inside the game itself, rather than in an installer. Due to the calls for a download to take place, and maintained IP connections, this appears to be malicious.

In fact, due to the unnecessary maintained IP connections, it is possible for a rouge employee to connect to someone's device through this game. As it gives permission to execute, serious damage could potentially be done.

Risk evaluation:
Risk cause: accidental / incidental
Risk likelihood: low - medium -- dependant on Smilebloom internals
Potential impact: High - Critical -- Rouge execution on computer

Possible side effects on normal, non explotative runtime:

Constant downloading, or an constant attempt at downloading the same game files, causing serious runtime issues (likely the cause for the stuck sandboxes)
Downloading the game everytime from launch (even if dropped)

SOLUTION:

Bakin needs to fix the export game feature to no longer place download calls in the game files, and not have maintained IP connections. If this is a struggle, perhaps the basic export function could give the downloader, which THEN downloads the game, so that the game will not have the downloader inside it.

Oh cool, kind of flew over my head though. I hope devs can make good use of that. On a side note: I do not find out how to make a game installer using the engine. Is it possible?

Originally posted by revenant_k:

Oh cool, kind of flew over my head though. I hope devs can make good use of that. On a side note: I do not find out how to make a game installer using the engine. Is it possible?

Absolutely no worries, it was mostly for the SB devs. All you really need to know is that it seems to be accidental, and just a bug for them to fix.

As for the installer, it depends. I think most people will just use steam, or console (if/when unity export is available), so it's not really necessary for you. I was just saying that SB could export the game to an installer -- if they cannot figure out how to install the exe without the downloader in it. If you wanted to you could, but you don't need to.

Originally posted by revenant_k:

It's "360 total security". It immediately quarantined the game.exe when I tried to start it.

*epic facepalm* you're using norton the skitsofrantic paranoid anti-virus. That thing will flag anything and everything as "malware" and getting it to stop flagging and quarteening crap is nightmare, I did away with that anti-virus years ago.

11 / 26 / 23 EDIT: Most of the results of the analysis of the video have been suitably explained, and I no longer believe there to be a trojan; this comment and the rest are kept for archival purposes.

Correction: after a further analysis brought on by odd behavior, it seems Bakin contains the "Cobalt Strike" Trojan. It'd be best if you deleted it and restored your PC

Explanation and Analysis: https://youtu.be/VvoGVqKuthM?feature=shared

I highly apologize; I assumed Bakin was clean since steam usually has really good checks, but they've been able to avoid detection from a lot it seems. I should have had less bias from the start

Originally posted by Drusyc:

Correction: after a further analysis brought on by odd behavior, it seems Bakin contains the "Cobalt Strike" Trojan. It'd be best if you deleted it and restored your PC

Explanation and Analysis: https://youtu.be/VvoGVqKuthM?feature=shared

I highly apologize; I assumed Bakin was clean since steam usually has really good checks, but they've been able to avoid detection from a lot it seems. I should have had less bias from the start

What!!!??? Now it is turning from false positive into real ♥♥♥♥??!!! Should I not use this engine anymore??? Should I ask for a refund???
Anyways, thanks for looking into this, Drusyc.
Also, will just delete the game.exe be enough?

Originally posted by revenant_k:

Originally posted by Drusyc:

Correction: after a further analysis brought on by odd behavior, it seems Bakin contains the "Cobalt Strike" Trojan. It'd be best if you deleted it and restored your PC

Explanation and Analysis: https://youtu.be/VvoGVqKuthM?feature=shared

I highly apologize; I assumed Bakin was clean since steam usually has really good checks, but they've been able to avoid detection from a lot it seems. I should have had less bias from the start

What!!!??? Now it is turning from false positive into real ♥♥♥♥??!!! Should I not use this engine anymore??? Should I ask for a refund???
Anyways, thanks for looking into this, Drusyc.
Also, will just delete the game.exe be enough?

I know it can be scary; I'm sorry I didn't catch it earlier.
The best thing you can do is what's called a system restore. If you're on a windows computer, you can type in "reset my PC" at the bottom left.

If you have any critical things that you need to back up, like important documents or work, you can upload them to Google drive, or something similar, as a backup.

After restoring your PC, I'd recommend changing the password to the backups if you have any. Or perhaps change the password on your phone after backing things up, just in case.

Make sure you put things that are actually useful and needed in there. Sentimentality is fine, but don't let it cause you to backup every bit of your storage when your PC is likely infected

Also, sorry I skipped some of your questions; yes, it seems the engine is the issue, and you should try to get in touch with steam support. Getting a refund will be difficult, since they use AI and don't actually check it themselves, but i reported it on the store page. Try to get in touch as best you can; though it doesn't seem they have many ways at all.
Be sure to find the report button on the store page, it'll be the Flag icon.

Originally posted by Drusyc:

Correction: after a further analysis brought on by odd behavior, it seems Bakin contains the "Cobalt Strike" Trojan. It'd be best if you deleted it and restored your PC

Explanation and Analysis: https://youtu.be/VvoGVqKuthM?feature=shared

I highly apologize; I assumed Bakin was clean since steam usually has really good checks, but they've been able to avoid detection from a lot it seems. I should have had less bias from the start

WOW! This is something i'm really interested in, Japanese programs being released as Trojans to gain access to people's personal systems and such. I've done a lot of research on this topic over the past 10/11 month, the TIK TOK thing blew my mind.
.
SO! I just watched that vid and left a comment on that YT BUT the fact you've marked comments for you to read first before allowing them.. you're screening for comments and holding them back sucks.
.
Any hows, It's great you want to bring such things to light but honestly, after watching it, you don't present much of anything (evidence wise), it comes across as you're just jaded for not having more of a reaction from the developers, over your concern(s) on the discord group and the fact you asked them for "Bug Bounty" REALLY has me questioning you're motives here. You DO realise it's in BETA? It's released to the public, any reports of bugs or issues are NEVER paid in bounty unless you are employed by the company specifically to find them.. LOL!
.
All I seen you had done was a scan using a 2nd rate virus checker that's online that only pulls OLD information from databases from scans that people have done in the past using their OWN real virus checkers on their devices, this is how TotalVirus works. Then you went instantly to the bad one then did a check on what Cobolt Trojan is and then jumped to the conclusion that THIS is what Bakin is absolutely infected with. I'm sorry but you come across as an rpg maker fanboy trying to take down Bakin and in the mean time expect compensation for your time..? that's just laughable.
.
I'm sorry but coupled with the poor sound, bad evidence presented, and how jaded you are against SmileBOOM I find that video laughable at best, immaterial if it IS indeed infected with this claimed Trojan or not. And quite frankly, telling people to report this to VALVE and get a refund also tells me all I need to know about your motives and hidden agenda here.

I just rechecked it. Looks like it got fixed in the latest update so all is okay now.

Originally posted by revenant_k:

I just rechecked it. Looks like it got fixed in the latest update so all is okay now.

Well that's good news, so anyone worried about this video don't need to worry anymore !! Thanks for letting people know.