Warning about Bato.to Malware from Clickjacking and Pop-up Ads

Manhwas

Administrator
Staff member
@everyone do note the current situation with batoto website atm. Sourced from Sawa Scans: I know people don't like everyone pings, but this is serious as serious gets for those who read manga consistently on popular MD alternative and official rip hoster bato.to. For your own online safety, I urge you to continue reading this. If you've been following the situation, bato.to has recently turned to hosting ads on their website, and users have discovered that these ads have been redirecting to actual MALWARE. That is not only the case, as it has also been discovered that these malware redirects are deliberate and baked into the website's coding - which means the devs are completely aware of it and that is IS INTENTIONAL despite what their mods have been saying. If you read on bato.to, I heavily suggest that you immediately stop using it right now. You can use apps such as Tachiyomi https://tachiyomi.org/ to grab from bato.to without going onto their website. For group leaders/members, I also suggest you immediately stop uploading onto that site and find alternatives. I don't like citing stuff from r/ScanlationDrama as resources, but I highly suggest you read through it. The second link is quite succinct and unbias on their analysis of the website. Discovery of malware: https://www.reddit.com/r/scanlationdrama/comments/q2c1dl View: https://www.reddit.com/r/scanlationdrama/comments/q2c1dl/batoto_skinsuit_owned_by_the_owner_of_other/
In-depth update: https://www.reddit.com/r/scanlationdrama/comments/q4et1p View: https://www.reddit.com/r/scanlationdrama/comments/q4et1p/rebatoto_click_jacking_indepth_post_update_to/
(edited)

Tachiyomi
Free and open source manga reader for Android

Q.) Is My Device At Risk? A1.) Possibly. I was unable to determine if the websites actually download anything directly, without input from the user. If it does, then theoretically your browser should protect you from it. If you feel concerned, and you have one already, run a malware check. I would not recommend grabbing a free malware scanner just for this, as those can be untrustworthy. What I CAN recommend, however, is running a scan if you already own one - or, paying for a good one and keeping it. It's never a terrible idea to buy a good, trustworthy anti-malware software for peace of mind and safety. A2.) This second answer is here in case you clicked on anything in those redirected sites. If you did, the answer is YES. If you got redirected to a login site, immediately change the password you used on that website, or contact them if they will help with being phished. If you got redirected to a site with any form of download and clicked on it, run a malware scan immediately. That is the best advice I can give you, as most people won't want to reformat their pc. Q.) I didn't see any ads, am I still at risk? A.) YES, most likely. I was unable to check if the redirect still happens if you are logged in - the login button itself is malicious. HOWEVER, this is my point. The malicious code is in the website itself, not any ads. As such, any button can be and most likely is malicious, and WILL redirect you to one of the sites in question. Q.) Do VPNs stop this? A.) NO.

Q.) Are the mirror sites safe?
A.) NO. Check ublockorigin, they connect to the same websites. (edited)


Q.) I Logged out, am I safe? A.) Possibly. The malware has, as far as I can tell, nothing to do with accounts. If you used the website since, by my best clue, early September, you might have been exponsed. If you got redirected to anything, or something weird happened when clicking buttons on the website, you got exposed and should follow the advice at the end of this. Q.) What is the malware? A.) I don't know. I was not willing to download malware onto my device intentionally, but I am looking into investigating this further in other ways. What I do know is that malware does exist as a threat, and that phishing attacks and info grabbers/trackers are the ones I was able to dsicern directly. Q.) How do I know if I have it? A.) If you used the site recently, just run a virus scan. If you didn't use the site in the past month or so, you are most likely fine. Q.) Does Adblocker stop this? Adblocker doesn't help or protect you in this situation because the redirects are embedded directly into the site itself, within the coding for the clicks, and since adblocker only disables ads, it doesn't protect you from redirects to malware. (edited)
Some extras to take note of by the people who discovered the malware: coding for cactil is hell — Yesterday at 4:07 PM So, because this still needs addressing it seems. This screenshot is a list of every website that is currently connecting to bato.to when you visit. Most of the red is something that I have personally been redirected to - jsdelivr is an exception, it has been pointed out to me that it is non-malicious, and unpkg is not related here. animemark is -supposedly- not malicious, and is their image hosting site. However, I have been redirected to random images via it. No clue there. Here are the virustotal links for the rest: https://www.virustotal.com/gui/domain/baidu.com/detection https://www.virustotal.com/gui/domain/denetsuk.com/detection https://www.virustotal.com/gui/domain/oackoubs.com/relations Batoto's response to the above: On Reddit and some Discord servers, some people with ulterior motives forged pictures of our website that were detected by virustotal.com as containing viruses. But these people dare not directly post up the virustotal.com detection url, but upload maliciously edited pictures. Such behavior exposed their ugly faces. The following is the real url of our website that passed the virus detection on virustotal.com: https://www.virustotal.com/gui/url/3b3453cccd087fd13e19d688d1f7da91b7fb781d3bd51561330c2a463c0bb884

Response to Batoto's "evidence": Kapuche | Kapuchersky — Yesterday at 4:00 PM also beware : batoto is saying that the website has no problem by showing a ss of the analysis of ONLY THE LITTERAL BATOTO LINK It means that instead of doing thorough analysis as Pickled did, they've only shown that only the front door is not infested. They hence claim that their website is free of risk. do not believe them with the proof of having sus tabs opened by ppl here

Also from Batoto:
Peppa_Larry — Today at 12:17 AM
Why and how visiting bato.to is safe? You don’t need to trust me, but I think most people will trust Google’s professionalism. 1) Google Chrome will automatically block insecure websites. https://support.google.com/chrome/answer/99020 We will not be so stupid as to put a virus on our website and cause our website to be blocked by Google Chrome. As a result, we lose the legendary advertising revenue of over one million dollars(Maybe Korean dollar) per month. 2) Google tells you how they deal with unsafe websites. https://safebrowsing.google.com/ 3) Our website completely passes Google's security check. https://transparencyreport.google.com/safe-browsing/search?url=bato.to Another thing that makes me feel weird is that if you read that person's post on Reddit, you will also find that he is trying his best to promote an app called Tac***. First of all, I want to declare that I have no prejudice against that app, I have never used that app, so I have no right to say whether that app is safe/good or not.


Manage warnings about unsafe sites - Computer - Google Chrome Help
You'll see a warning if the content you're trying to see is dangerous or deceptive. These sites are often called "phishing" or "malware" sites. Get warnings about dangerous & deceptive conte

Google Safe Browsing
Making the world’s information safely accessible.

TL;DR There are claims with evidence and a pretty technical and detailed analysis of Batoto redirecting their viewers to malware hosting websites for money. (You'd probably see this from clicking just anywhere on the website, and you're suddenly redirected to another website.) Batoto is refuting those claims with "evidence" of their own that their website is safe. Note that they're website is indeed safe just like the evidence they're showing us. But the sites that you're being redirected to isn't. There is a difference. My personal thoughts: Batoto isn't doing a very good job of convincing me to trust them if all they're doing is showing us an analysis of their site, rather than an analysis of the redirect-to sites which are being proven suspicious by the accusers. (edited)

More methods to keep yourself safe: Terricon — Yesterday at 3:18 PM Okay a couple things to know when learning about this: So basically, every website has scripts written in a programming language (JavaScript) that you attach to the HTML (the actual content and formatting) of the page. Some of those scripts can run automatically when the website is loaded in. These types of attacks are called cross-site scripting attacks (XSS). These types of scripts can either be stored in other assets like images (on the website that your browser loads in) or in requests to a different website from the webpage that you're on. These types of scripts can be very dangerous, and can also be added knowingly or unknowingly by developers. This isn't necessarily what is going on here, but it's what makes getting sent to other ad based websites dangerous. Just simply accessing a link can lead to your browser executing a malicious script that you don't know even exists. Most browsers do have protections against this. Many browsers block random websites from downloading content to your computer even when accessing a website, but that does not make them immune to these types of attacks. If you are at all concerned about malicious software or viruses I would suggest not using bato.to or any other website that opens suspicious links (of course if you find a sketchy enough website, you won't even have to open another page for the script to execute.) Either way, it is a failure on the part of the Bato.to development team to allow suspicious ads and scripts to run on their page and the fact that there are so many concerns regarding some of the scripts that are running on their page is enough for me to advise, again, do not use bato.to if you are concerned about malicious software.

I'm concerned that I may have downloaded malware, what do I do? It's important for you to get your computer checked immediately. Malware bytes offers free security scans, make sure you have your computer updated to the latest version, and keep an eye out for suspicious processes when you check what your computer is running. What about my phone? Phones are not my area of expertise so I can't give much advice for people that are worried about their phones getting infected. I'll update this post when I do some more research, but you should be fine for now if you haven't noticed anything out of the ordinary. Please do not visit bato.to if you are concerned about the health of your system and the possibility of installing malware

Once again, do note that adblockers aren't full proof since the redirects aren't based on ads alone.

coding for cactil is hell — Yesterday at 2:50 PM
SO. I'm the person who made the in-depth post. I will answer some questions, but pls only ping me if you have some important questions. It is not in ads. ANY element in the website redirects to malware, there are no actual ads on it - I use an adblocker anyways. The links on batoto themselves are malicious, caused by a script included in the /index file code. THIS INCLUDES THE LOGIN BUTTON. Due to the fact that literally every button and element in the website is malicious, I was unable to test if the redirects disappear when logged in.

Long story short, if you've ever visited a website where if you just accidentally click on the background of the site and it redirects you somewhere... that's scary stuff.
 

Manhwas

Administrator
Staff member
Solistia — Today at 11:06 PM
I'm sure those of you in various scan group servers have seen something to this effect but it basically boils down to Batoto is scum that doesn't care about your internet safety and blames you if you get malware while browsing their site that is serving you malicious ads
Also let's not forget, baidu has an open invitation to batoto's backdoor, so CCP thanks you for your info.
And anything I don't like violates computer science (like no really wtf)
@everyone (edited)
unknown.png


tldr:
image0.png



for more juicy info and drama: https://www.reddit.com/r/scanlationdrama/comments/q4et1p View: https://www.reddit.com/r/scanlationdrama/comments/q4et1p/rebatoto_click_jacking_indepth_post_update_to/



Solistia — Today at 11:11 PM
I got banned sticking up for you so you don't have to :eyy:
oh also MD allows new series uploading again, so dump bato like a hot potato and run back to the devs that actually care about you
you can report a certain website serving malicious ads here: https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en
:awesomeface:
 

Manhwas

Administrator
Staff member
Solistia- Final Scans Boss — Yesterday at 11:35 PM
@everyone So user internet safety has won the day!
Although I will not personally be using the site anymore, batoto has kept their promise to remove the malicious ads from their website, so I have taken down the announcement (other than that screenshot, that shit is priceless :kek: ). There are no longer any clickjack ads (redirect from clicking anywhere on the page), and the ads they do have, the x's work to close them (and are not just clickbait like some ads's x's are).
I would deem batoto safe enough to return to should youdesire to, but as always, practice internet safety the best you can with the best tools you can.

Should batoto reneg on their changed ad ways, the announcement and reporting resources will go right back up :3
 
Top