from Hacker News

Reverse Engineering an Eclipse Plugin

by RKoutnik on 10/12/17, 2:35 AM with 19 comments

  • by guildan on 10/12/17, 1:22 PM

    The plugin that is inspected in this article is now delisted in the Eclipse Marketplace. You can't download it from there anymore (Checked with STS 3.9.0.RELEASE). A new fork without the ad related code as been publish and you can inspect the code on https://github.com/ecd-plugin/ecd .

    It's nice to see the community stepping in to "fix" the situation.

  • by philbarr on 10/12/17, 8:40 AM

    Original author doing a pretty bad job of explaining himself [0]. Mainly:

    Anyone who does not like it, please uninstall this plugin.

    I will not explain it anymore.

    I'm not interested in stealing your privacy.

    [0] https://github.com/cnfree/Eclipse-Class-Decompiler/issues/30

  • by philbarr on 10/12/17, 10:48 AM

  • by hiram112 on 10/12/17, 7:04 AM

    Good writeup on the reverse engineering.

    I'm still a little confused as to what the code was doing, though. It gathers statistics about your user machine (none of which seemed too personal - basically IP, OS, country, etc).

    But then what is it doing? Opening a virtual browser or simulating clicks to some ad network?

  • by ramshanker on 10/12/17, 6:06 AM

    Guess author of the plugin is pretty smart but not smart enough to encrypt the traffic back home or obscure his/her nasty secrets.

    I guess it might be keeping the black stuff for some cool down time just after installation. Many malware seem to do there days. We might have got true clicks targeted.

  • by nallerooth on 10/12/17, 9:04 AM

    While this was a popular plugin for Eclipse - I'm sure there are plugins for other editors, IDEs and browsers which do the same (or worse). Yet, we often try a multitude of plugins without a single thought about any unwanted features bundled with the main features.

  • by moocowtruck on 10/12/17, 1:24 PM

    and so many people make fun of js/node... this dude made over 400k installs part of his personal ad clicking bot net..

  • by zaphirplane on 10/12/17, 8:34 AM

    Thank you for doing this, makes you think how many other highly rated/used s/w is malicious