Skip to main content

Be careful: fake emails are circulating in the name of Free/Libre and Open Source projects. Below, an email received by @kdenlive that the official team does not recognize. Be vigilant, these are no doubt scams.

[edit: adding kdenlive hashtag, a request by the team]

#kdenlive

A screenshot of an email, with name blured: " Object: Advertising Offer From Kdenlive Hello! My name is xxxx and I'm the advertising manager of Kdenlive. We would like to offer you cooperation in the form of advertising our video editor in your YouTube video. About Kdenlive. Kdenlive is a powerful free and open source cross-platform video editing program made by the KDE community. Feature rich and production ready. Through the MLT framework, Kdenlive integrates many plugin effects for video and sound processing or creation. Furthermore Kdenlive brings a powerful titling tool, a DVD authoring (menus) solution, and can then be used as a complete studio for video creation. About Our Offer. We would love to have a promotional pre-roll at the beginning or middle of your video and a link to our website in the description below the video. As a Kdenlive affiliate, you will receive generous compensation for every new subscriber who signs up through your unique referral link. If you are interested in this offer, please let us know and we will be happy to discuss with you the details of our further cooperation such as the cost of advertising integration and deadlines. Xxxx Xxxxxx Kdenlive. The content of this email is proprietary and confidential and intended for the recipient(s) specified in this message only. It is strictly forbidden to share anypart of this message with any third party without the written consent of the sender. If you are not the intendedrecipient(s) [...] "
#kdenlive @Kdenlive
This entry was edited (8 months ago)
David Revoy
David Revoy  
@joepie91 I haven't thought about that, but that's maybe a good strategy to try to distribute a repackaged version of Kdenlive and hide in it a browser of my disk that upload on their server, for eg. my .Mozilla preferences to try to access my Ytb channel and take control of it and replace it with crypto/Nft/AI propaganda. Or other confidential info. That could be evil.
@Sven Slootweg
djsumdog
djsumdog  
I'm kinda curious what direction this scam goes in. Do they want your bank details to grab all your money? Are they trying to smirch the good name of kdenlive?
David Revoy
David Revoy  
@djsumdog I think if I reply I'm interested, they will ask me to install their "beta" package to test the future version. In this repackage, they can hide anything; ransom for my computer, take my .mozilla pref and take control of my channel or other websites auto logged, or other bad things...
@djsumdog
Baa
Baa  
Kdenlive would never claim their email is "proprietary".
Gonna add a signature to my emails now: "the contents of this email is FREE and OPEN SOURCE" ​:blobcatlaugh:​
David Revoy
David Revoy  
@Baa πŸ˜† πŸ˜† πŸ˜†
@Baa
Aleksandr Prokudin
Aleksandr Prokudin  
Oh, that bullshit is back? it's been a while πŸ˜€
David Revoy
David Revoy  
@prokoudine Oh yes. I'll reply with enthusiasm, and I'll explore where lead this rabbit hole. Certainly a repackaged version of Kdenlive with a malware. :blobglare:
@Aleksandr Prokudin
Halla Rempt
Halla Rempt  
@prokoudine Oh $DEITY, not _again_. (Though these days AI generated proposals for AI generated ad content for krita.org is even more obnoxious.)
@Aleksandr Prokudin
Bart Veldhuizen πŸš€
Bart Veldhuizen πŸš€  
I advise you not to respond and mess with such people. It’s tempting, but it will flag your email address as β€˜live’ and it will lead to more harassment. Delete and ignore.
Thomas Frans πŸ‡ΊπŸ‡¦
Thomas Frans πŸ‡ΊπŸ‡¦  
I love trolling scammers. Good to see others also share this passion for the "art" :blobcatgiggle:
The FlπŸ‘€f next door ...
The FlπŸ‘€f next door ...  
You should not answer or only if you are really knowing what you do. The domain is hosted by
kdenlivevideo.site mail is handled by 10 emx.mail.ru.
and a traceroute fails. Would be interesting whether it is flaged at senderscore.
David Revoy
David Revoy  
@me_the_fl00f Hey, thanks for the investigation. I replied ( https://www.peppercarrot.com/extras/temp/2024-03-05_screenshot_172610_net.jpg ) because I'm too curious to see where this thing is going and also I'm curious to see the type of malware they have if they repackage the app, to bisect this and see if a protection can be found (or report it to a database of malware).
Unfortunately, emx.mail.ru return a fail because Protonmail is banned on it. So I used another old email address to test if I can reach them. I'll keep informed.
@The FlπŸ‘€f next door ...
Manawyrm | Sarah
Manawyrm | Sarah  
This is exactly how https://www.youtube.com/@Matthiaswandel was recently hacked. They send you this, then they send you a .exe with that video editing software you should use. Next thing you know, your session tokens are stolen, your machine is infected and your account is gone.

MatthiasWandel

An Engineer's approach to woodworking
YouTube
Serge from Babka
Serge from Babka  
How dare they ask for exposure on my videos after I paid them that exorbitant licensing fee!
David Revoy
David Revoy  
@serge 🀣 🀣 🀣
@Serge from Babka
Vector Hugo
Vector Hugo  

WTF!? Who does things like that?

Asking Qui Bono here makes me suspicious if #Adobe #Premiere or #Apple #FinalCutPro are involved in bad business practices like these?

#apple #adobe #premiere #finalcutpro
David Revoy
David Revoy  
@gfkdsgn I don't think such big competitor have any interest to risk an inhouse quest to do that.
It's most likely only a group who wants to distribute a repackaged version of Kdenlive with a malware to steal my channel, my passwords, etc... I replied, I'll investigate where it leads.
@Vector Hugo
Vector Hugo
Vector Hugo  
Adobe used artworks of contributors in Adobe Stock as training data for their final #AI Solution to replace the artists in the first place. All done without consent of contributers. So, I'm quite convinced that they will do everything to fight their incorporated death.
#AI
Pheo :blobcat:
Pheo :blobcat:  
these scammers must've thought that kdenlive (a video editor program) sends you emails..?
David Revoy
David Revoy  
@DeltaWye @slash Probably not, I saw Sycra and LinusTechTips who got channel pirated in the past with a strategy like that. Even with a two-factor auth, it's easy to get inside the admin area with privileges if someone get your .mozilla pref with a website that keep the logged session open all the time.
I heard they started at Ytb/Google to re-ask password after sensitive changes, like changing the name of the channel or the main email or the password. That will probably limit the attacks.
@\\ @Delta Wye
Delta Wye
Delta Wye  
@slash Has YouTube not implemented any heightened security or system intelligence to detect and prevent that sort of account hijacking? 0.o
@\\
\\
\\  

Seems like a very likely attack vector, as the video sponsorship scam is so often used by fake VPN names that pass the β€˜product’ to a creator which promptly hijacks their session tokens and thus their youtube account.

What I’d like to know is if their poisoned pill is actually packaged for linux or if they’re just expecting whoever responds to have windows. How well have they actually done their research.

Mateusz Urbanowicz
Mateusz Urbanowicz  
DAMN! This got me about a year ago! Though I was lucky I guess because I just politely declined their offer (I did not notice it was fake, well written and all) because they were trying to match me with software I did not need Blackmagic Davinci Resolve. What do you think is their M.O.? How do they scam in the end? Like take YouTube credentials or just extort some β€œcooperation fee” etc?
UnixMan1230
UnixMan1230  
i've worked with AI long enough to be able to tell at a glance that this email is AI-generated. Not even a real person writing that. To me thats an immediate red flag
YoYunix
YoYunix  
FOSS software projects don’t normally need advertising departments. Stay safe out there, people.
David Revoy
David Revoy  

For the curious, here is a follow-up on the scammer who pretended to be from the Kdenlive team. (Email posted yesterday, I'm replying to it ↑).

Confirmed: it's a scam and their goal is to get the target to install malware.

Here's the whole discussion as screenshot, and it wasn't easy because I had to use an old inactive Gmail account 🀒. That's because Protonmail is banned from this impersonator's email address, kdenlivevideo.site (handled by emx.mail.ru).

I won't dig any further.

#kdenlive

David: Hey! Wow, your video editor looks incredible! And with ethic, I love it! I just tried it, and it is like a second skin, as if I used it over the last 10 years for all my videos! I'm sure my audience will enjoy segue/pre-roll or mid-roll of me doing demo about it. Your offer also sounds generous and promising. Thank you. Can you estimate an idea of a budget for a video that does 20K views? For how many seconds of adv? Let me know how to proceed to the next step! Can't wait to collaborate with such a cool project. Kdenlive: Thanks for the reply! We'd love to get a promotional pre-roll in your upcoming video. We have dubbed videos, and videos without voiceover. The duration of the pre-roll is 25 or 90 seconds. Can you please tell me what the price would be for each insert? David: 30 seconds looks to be the longer I can insert (I'm not ready for a 90 second). I propose 600€ (or 20€ per seconds if your clip is sized a bit differently). Let me know what you think about it. The PDF: Dear partner, Thank you for agreeing to promote Kdenlive on your YouTube channel. We're glad that you like our video editor and want to cooperate with us. We hope that this advertising will be starting point in our further cooperation! Please read the instruction manual: 1) You need to DOWNLOAD (click) promotional materials. 2) Open the downloaded archive and unpack it to any location. Password for the archive - kdenlive 3) Read promotional materials (videos, photos) and install or upgrade our video editor with Β«Kdenlive (version for YT partners)Β» file (Only for 4) Let us know about your experience with promotional materials so that we can send you a prepayment for the video Note from David: On the document I underline it is a Malware. And write the URL, but I'll not write it here in the alt text. I also reveal the adress, and invite poeple able to report the adress on the server and dropbox to do it, because it is fraudulent.
Kdenlive: We think it's a great price! I've attached a document with promotional materials and a special version of Shotcut for you. Also don't forget to ask your questions if you have any! Attachement: a PDF "kdenlive instruction" (tiny drawing I made in the margin: a big rabbit and small rabbit: "look son, a wild epic fail, right here" with "LOL" and a arrow) David: Hey, Sorry, I don't work this way, and your words confuse me: why would you like me to try ShotCut if you are the Kdenlive team? Isn't it a totally different project? Your last reply sounds super fishy and I'll also never open link sent in a PDF encrypted. You even didn't ask if I was on Mac, Linux or Windows. Sorry about that, but I start to sincerly doubt you really are part of the Kdenlive team... To authenticate you, can you upload the link on the dedicated https://kdenlive.org/ website? Or send a PM to me on social media using one of their official account? Thank you. We will continue after that.
#kdenlive
Ray Of Sunlight
Ray Of Sunlight  

Well now isn't this infuriating?

Edit: I typed "know" instead of "now"

This entry was edited (8 months ago)
Maquinas Linuxeras
Maquinas Linuxeras  
emx.mail.ru, .ru, .ru πŸ˜… πŸ€” πŸ˜† update kdenlive=yay -Syyu πŸ˜†
fedora
sud dnf upgrade
cymen
cymen  
Maybe report them: https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en

Google Safe Browsing: Report a Malware Page

safebrowsing.google.com
David Revoy
David Revoy  
@cymen Thanks for the link! I'll do it and I'm bookmarking this one in my toolset for the next scam of this nature. πŸ‘
@cymen
Haelwenn /элвэн/ :triskell:
Haelwenn /элвэн/ :triskell:  
Kind of interesting that they would put the URL inside of a PDF (preventing most anti-phishing/anti-spam email filters from working) but still something on dropbox (that apparently already got taken down).
David Revoy
David Revoy  
@lanodan Oh thanks for the two info: I had no idea why all the effort to put the link this way while they could paste it in the email. Now it makes sens.
Also, good to know the link is down. I haven't even tried to click on it. I even was affraid about copying the URL in my clipboard, that's why it's a screenshot of my bottom bar adress and the font is super ugly on the 3/3 screenshot xD
@Haelwenn /элвэн/ :triskell:
Anafabula
Anafabula  
I reported it on dropbox, but the link is still up for me
David Revoy
David Revoy  
@anafabula @lanodan Thank you for testing, for the update about this, and the report!
@Haelwenn /элвэн/ :triskell: @Anafabula
ElectroFetish
ElectroFetish  
I have long come to the conclusion that the main vulnerability of free software is that a person, after such dialogues, deliberately installs an infected program for which an exploit has already been prepared.
GunChleoc
GunChleoc  
The Shotcut bit is indeed lol 🀣
Martin Owens :inkscape:
Martin Owens :inkscape:  

@inkscape also had these attacks.

If someone comes in asking about #inkscape promotions and it didn't come from me or someone else well known at the project, be very skeptical. We don't send out emails from inkscape.org addresses for example.

I've had to reply to a bunch of people who were skeptical and emailed to inkscape webadmin to confirm (me) and this is a good thing to do! I don't mind your email confirming, really I don't.

#inkscape @Inkscape
Th3s3us
Th3s3us  
Always doubt. Cybersecurity awareness is crucial in these contexts. In this case, the attackers failed because they met an attentive and prepared user. but many Youtubers have fallen victim to account theft for the "version for YT partners". Always investigate, search whois at the domain and you have a lot of information that can save the victim from credential theft.
David Revoy
David Revoy  
@Th3s3us Thanks for the detailed screenshot; what service provide this detailed whois? I need to bookmark that!
@Th3s3us
frdbr πŸŽ₯🌳
frdbr πŸŽ₯🌳  
@Th3s3us Should this be reported to the abuse email contact? Will it make a difference?
@Th3s3us
David Revoy
David Revoy  

@frd Done! I emailed the 'abuse' link with links to this thread, and info , asking them to remove the account to protect future user of scam/malware. Not sure if it will have any effect, but at least, I tried.

@Th3s3us @kdenlive

@Kdenlive @frdbr πŸŽ₯🌳 @Th3s3us
Kdenlive
Kdenlive  
@frd @Th3s3us Thank you for all your effort David, we appreciate it. ❀
@frdbr πŸŽ₯🌳 @Th3s3us
Th3s3us
Th3s3us  

https://www.whois.com/whois/

https://whois.domaintools.com/

For more advanced users, it is also available from a terminal (Linux)
https://manpages.org/whois

Good for reporting, it's always a good practice.


Whois.com - Free Whois Lookup

Whois Domain Name & IP lookup service to search the whois database for verified registration information
www.whois.com
jojo
jojo  
classic textbook phishing
David Revoy
David Revoy  
@Reina :maybe_verified: @Kdenlive @Aleksandr Prokudin
⇧