What is EssentialsBackup? And how did it turn on?
irsouryo opened this issue ยท 1 comments
Hello, I have the EssentialsX plugin on my server, for a long time already. I started looking at the source code in other plugins for updating, I see there are strange files, like o8b3ixyFFHIv612DrU0Xw.yml or UgA6N8n3ee7x1RTxEuzjy553.yml, I decided to rename them to .jar, found plugin.yml, opened and it had the following:
name: EssentialsBackup
version: 3.5.8
main: zq4wZG9uKY2hPxKgmWQWSJrtVxqEZadFXnr2twQK8UBNuHZxH77SfdvYyH3jDyk9B4YSaLPDx6zKKtgUtJgHqn4L5VuFxu9eDVZTqVdskWaWjDQZBMD2LBhxVkKRQRAaqwXYKANfXa4dbubLZ6X4bx3RD4bvw86BeDWWLDF8Usjebe3DY9XFayVhVCna2fKbzc23d5SLUuszzZAKmC6tJf2E86VU2bxasWZDZAHMGHnJwGnaKNW8Asz4WdBcUsARuCaDergPzjRuVzJZEKDanQD92vdVRVD3NPrVxZqDvvxNSPf7QRVWXRXSbtVEEr4paYMKK4KXBhcNmK3eqznb3KWkFDgguSCkf4DKC9FLxYcPfdFGSfqWKZbvwhFTmLWSQMtsPPca2eP4MMfCwdERH9UergkqUJDNNmL66HqHRnBWm6BQNKpvMtWA3vAzNA3xKzGbrceumhW7nk5tPNxq9PV3GzCRW3ZLpptMeKkt7BXeszubwGTdPxgrxwhhzpahPzJXekvY96QXjwVSUUS4mBbwNYJzVzfmsxg6nC9urQmuA3vkuMa3x2RJzKvqpZWfsYeh6rwf7SfMKPvsTagEaL3KUeQL5MLpr7a68LZvshkBHKrPDH8ma8x4PvwN86UTsVF9WBxR9ZRAscLQPycNCYDmg6zyAutVmPqKY8w63TgNRF7dEA552LjsRbMRabyNBMXQGhzhFPzvNP8ENhGKFdhYJKr8txcJ7XmrZ5H2k4FMpwLtFxRSdM5q8ZZtbH6Q6RmHzfNWPgctju4MtyAzG2MzumJL2ZCpnR8D5QHQRMPeVgLu4TLyWUuuJDRQkRxNeq3fykXuNRe4TMhddVNKBTBqSNpAVBq39ZHPYhbZ7V3Pyyx7qHc74kTVyThPhuhENuZV9deukAKmDpDyKmfeynD2xDSf4aUaaQbu2UUpHULbQXMBSvSCtfJZy2nLgtpYJ7DKLrPYJPApTJjhnpZSNXHvS4ctAqDM9a MXKKj3teahvFFXUnrFYgn6urFqXLpP
I looked for the name EssentialsBackup, I didn't find anything, looked in the EssentialsX updates, is it the same, or am I just blind, can you say it was done by malware or EssentialsX?
| Sorry for the mistakes in the text, I don't know English well.
EssentialsBackup isn't a plugin from the EssentialsX team, this is a known piece of malware. Near-duplicate of #2413 - see that issue for more information.