Replies: 2 comments
-
There's nothing in the code remotely related to grabbing spotify authentication. Nothing setup to send data to an external server. Nothing compiled or obfuscated to hide anything. If this password change event is true, it's entirely coincidence that it happened after applying SpotX. The script/code is wide open for all to read and review. This statement assumes that SpotX code was run directly from this repo or the official githack mirror. Any code/script/etc that isn't sourced directly from either official git repo or official telegram channel/group may not be safe. |
Beta Was this translation helpful? Give feedback.
-
If you logged in on a session for a browser tab, chances are you got your token stolen depending on what was open in it. Malwarebytes flags this yes, but its a false positive |
Beta Was this translation helpful? Give feedback.
-
I received an email that my password was changed just 5 minutes after the installation, I thought it was safe because I used it before, I immediately recovered the account and uninstalled
Beta Was this translation helpful? Give feedback.
All reactions