启动时检测 Fractureiser 病毒 (#2270)

HMCL/src/main/java/org/jackhuang/hmcl/Main.java

@@ -20,6 +20,7 @@ package org.jackhuang.hmcl;
 import javafx.application.Platform;
 import javafx.scene.control.Alert;
 import org.jackhuang.hmcl.ui.AwtUtils;
+import org.jackhuang.hmcl.util.FractureiserDetector;
 import org.jackhuang.hmcl.util.Logging;
 import org.jackhuang.hmcl.util.SelfDependencyPatcher;
 import org.jackhuang.hmcl.ui.SwingUtils;
@@ -71,6 +72,7 @@ public final class Main {
         Logging.start(Metadata.HMCL_DIRECTORY.resolve("logs"));
 
         checkJavaFX();
+        detectFractureiser();
 
         Launcher.main(args);
     }
@@ -89,6 +91,13 @@ public final class Main {
         }
     }
 
+    private static void detectFractureiser() {
+        if (FractureiserDetector.detect()) {
+            LOG.log(Level.SEVERE, "Detected that this computer is infected by fractureiser");
+            showErrorAndExit(i18n("fatal.fractureiser"));
+        }
+    }
+
     private static void checkJavaFX() {
         try {
             SelfDependencyPatcher.patch();

HMCL/src/main/java/org/jackhuang/hmcl/util/FractureiserDetector.java

@@ -0,0 +1,55 @@
+package org.jackhuang.hmcl.util;
+
+import org.jackhuang.hmcl.util.platform.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+
+/**
+ * @see <a href="https://github.com/fractureiser-investigation/fractureiser">fractureiser-investigation/fractureiser</a>
+ * @see <a href="https://prismlauncher.org/news/cf-compromised-alert/#automated-script">[MALWARE WARNING] "fractureiser" malware in many popular Minecraft mods and modpacks</a>
+ */
+public final class FractureiserDetector {
+    private FractureiserDetector() {
+    }
+
+    public static boolean detect() {
+        try {
+            ArrayList<Path> badPaths = new ArrayList<>();
+
+            if (OperatingSystem.CURRENT_OS == OperatingSystem.WINDOWS) {
+                Path appdata = Paths.get(System.getProperty("user.home"), "AppData");
+                if (Files.isDirectory(appdata)) {
+                    badPaths.add(appdata.resolve("Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\run.bat"));
+
+                    Path falseEdgePath = appdata.resolve("Local\\Microsoft Edge");
+                    if (Files.exists(falseEdgePath)) {
+                        badPaths.add(falseEdgePath.resolve(".ref"));
+                        badPaths.add(falseEdgePath.resolve("client.jar"));
+                        badPaths.add(falseEdgePath.resolve("lib.dll"));
+                        badPaths.add(falseEdgePath.resolve("libWebGL64.jar"));
+                        badPaths.add(falseEdgePath.resolve("run.bat"));
+                    }
+                }
+            } else if (OperatingSystem.CURRENT_OS == OperatingSystem.LINUX) {
+                Path dataDir = Paths.get(System.getProperty("user.home"), ".config", ".data");
+                if (Files.exists(dataDir)) {
+                    badPaths.add(dataDir.resolve(".ref"));
+                    badPaths.add(dataDir.resolve("client.jar"));
+                    badPaths.add(dataDir.resolve("lib.jar"));
+                }
+            }
+
+            for (Path badPath : badPaths) {
+                if (Files.exists(badPath)) {
+                    return true;
+                }
+            }
+        } catch (Throwable ignored) {
+        }
+
+        return false;
+    }
+}

HMCL/src/main/resources/assets/lang/I18N.properties

@@ -343,6 +343,8 @@ extension.png=Image File
 extension.ps1=Windows PowerShell Cmdlet File
 extension.sh=Bash Shell Script
 
+fatal.fractureiser=Hello Minecraft! Launcher has detected that your computer has been infected with the Fraureiser, which poses a serious security issue.\n\
+Please use antivirus software to perform a full scan immediately, and then change the passwords of all accounts you have logged in on this computer.
 fatal.javafx.incompatible=Missing JavaFX environment.\n\
 HMCL cannot automatically install JavaFX under Java versions below 11.\n\
 Please update your Java to version 11 or higher.

HMCL/src/main/resources/assets/lang/I18N_zh.properties

@@ -348,6 +348,7 @@ extension.png=圖片檔案
 extension.ps1=PowerShell 指令碼
 extension.sh=Bash 指令碼
 
+fatal.fractureiser=Hello Minecraft! Launcher 檢測到你的電腦被 Fractureiser 病毒感染，存在嚴重安全問題。\n請立即使用殺毒軟體進行全盤查殺，隨後修改你在此電腦上登入過的所有帳號的密碼。
 fatal.javafx.incompatible=缺少 JavaFX 運行環境。\nHMCL 無法在低於 Java 11 的 Java 環境上自行補全 JavaFX 運行環境，請更新到 Java 11 或更高版本。
 fatal.javafx.incompatible.loongson=缺少 JavaFX 運行環境。\n請使龍芯 JDK 8 (http://www.loongnix.cn/zh/api/java/downloads-jdk8/index.html) 啟動 HMCL。
 fatal.javafx.missing=找不到 JavaFX，

HMCL/src/main/resources/assets/lang/I18N_zh_CN.properties

@@ -348,6 +348,7 @@ extension.png=图片文件
 extension.ps1=PowerShell 脚本
 extension.sh=Bash 脚本
 
+fatal.fractureiser=Hello Minecraft! Launcher 检测到你的电脑被 Fractureiser 病毒感染，存在严重安全问题。\n请立即使用杀毒软件进行全盘查杀，随后修改你在此电脑上登陆过的所有账号的密码。
 fatal.javafx.incompatible=缺少 JavaFX 运行环境。\nHello Minecraft! Launcher 无法在低于 Java 11 的 Java 环境上自行补全 JavaFX 运行环境，请更新到 Java 11 或更高版本。\n你可以访问 https://docs.hmcl.net/help.html 页面寻求帮助。
 fatal.javafx.incompatible.loongson=缺少 JavaFX 运行环境。\n请使用龙芯 JDK 8 (http://www.loongnix.cn/zh/api/java/downloads-jdk8/index.html) 启动 HMCL。\n你可以访问 https://docs.hmcl.net/help.html 页面寻求帮助。
 fatal.javafx.missing=缺少 JavaFX 运行环境，请使用包含 OpenJFX 的 Java 运行环境启动 Hello Minecraft! Launcher。\n你可以访问 https://docs.hmcl.net/help.html 页面寻求帮助。