PSA: Malware detected from member's upload

[Checkmate]

日本語の翻訳は以下に記載されています。
中文翻译如下。

We have received a credible report from Huorong, a Chinese cybersecurity firm, regarding a potential CryptoMiner circulating within one of the uploads on Nyaa Torrents and the Anime-Sharing Community.

You can review the full report (in Chinese) here: Huorong Report.
The uploader suspected of intentionally spreading this malware is @jekson5865, who has been banned. We have removed all threads associated with this user.

Unfortunately, there is a possibility that other uploaders or contributors may have re-uploaded infected files from this individual or from compromised sources like Tokyo Toshokan and Nyaa Torrents.

If you have downloaded any releases from this uploader or any other, we recommend you delete the files or check for any abnormal activity. Below is a reference list of the uploads made by this user.

We sincerely apologize for any oversight in this matter. Please be cautious and always verify what you download, especially from unknown members, here or elsewhere. The ASF Community and its staff are committed to protecting the community from malware. We also extend our sincere gratitude to the Chinese community for sharing this valuable report with us.

Nyaa TorrentsおよびAnime-Sharing Communityのアップロードファイルの中に、CryptoMinerが拡散している可能性について、信頼できる報告を中国のセキュリティ企業Huorongから受け取りました。

報告書（中国語）はこちらからご確認いただけます：Huorongレポート。

このマルウェアを意図的に拡散していると考えられるアップローダーは@jekson5865で、すでにこのユーザーはBANされ、すべてのスレッドは削除されました。

しかし、残念ながら、他のアップローダーや貢献者がこのユーザーや、Tokyo ToshokanやNyaa Torrentsなどの感染したソースからファイルを再アップロードする可能性があります。

もし、このアップローダーや他の場所からファイルをダウンロードした場合は、直ちに削除するか、異常な活動がないか確認してください。以下はこのアップローダーが投稿したファイルのリストですので、参考にしてください。

この件についての見落としについてお詫び申し上げます。特に不明なメンバーからダウンロードする際は、常に確認を怠らないようご注意ください。ASFコミュニティおよびスタッフは、常にコミュニティをマルウェアから守るために最善を尽くします。また、この報告を共有してくださった中国のコミュニティに心より感謝申し上げます。

我们收到了来自中国安全公司Huorong的可靠报告，报告指出在Nyaa Torrents以及Anime-Sharing Community的一个上传文件中，可能存在一个加密矿工病毒。

您可以查看报告（中文）链接：Huorong报告。

我们认为，故意传播这个恶意软件的上传者是@jekson5865。此用户已被封禁，我们也已删除了所有与其相关的帖子。

然而，很遗憾，可能还有其他上传者或贡献者会重新上传来自该用户或其他受感染源（如Tokyo Toshokan和Nyaa Torrents）的文件。

如果您下载了该上传者的任何文件，或者从其他地方下载了类似文件，请立即删除这些文件，或者检查是否有任何异常活动。以下是该上传者发布的文件列表供您参考：

对于此事的疏忽，我们深感抱歉。请务必小心，特别是从未知成员那里下载文件时，务必核对清楚。ASF社区及其工作人员将始终竭尽全力保护社区免受恶意软件侵害。同时，我们也要衷心感谢中国社区向我们分享这一报告。

堕ちた女神リリスとサキュバス軍団 - RJ01536243 [2025/12/29]
売春バニーの快楽堕ちRPG 徐々に淫欲に堕ちるバニー - RJ01526539 [2025/12/30]
巨乳の女の子たちにひたすら種付けするだけのゲーム - RJ01537640 [2025/12/30]
僕の瑠璃子のバニー体験記 - RJ01534032 [2025/12/29]
性教育の実技教師 ～貞操逆転世界で初潮を迎えた女の子に種付けするお仕事～ - RJ01523403 [2025/12/27]
ONAGONO QUEST EVE - RJ01496131 [2025/12/28]
人妻剣士サツキの寝取られ売春記 - RJ01507389 [2025/12/28]
息子のあとしまつ～母さんとのエッチはすべてアニメ！簡単すぎる母子RPG！エッチイベント270個(搾乳差分多めです！)～ - RJ01475186 [2025/12/26]
マスターマインド Ver1.00 - RJ01476568 [2025/12/26]
インランカンパ～淫魔VS天使VSショタ～ - RJ01512978 [2025/12/27]
探偵騎士ダイアナ - RJ01521518 [2025/12/27]
格闘娘はお金が無い！Ver1.048 & 追加パッチ Ver1.04 - RJ01524667 [2025/12/27]
SweetLife 〜幸せな毎日が、寝取られに染まるまで〜 - RJ01416500 [2025/12/22]
ヨウセイ！ - RJ01533009 [2025/12/24]
おっぱい剣士がクエストしてたら魔王討伐してました[Episode 01] - RJ281539 [2025/12/23]
NTR物語2〜ダークウォーカーマストダイ〜 - RJ01450546 [2025/09/15]
Brainwashing with Tentacles R - RJ01519121 [2025/12/05]
箱入り娘と小旅行 - RJ01525428 [2025/12/23]
竿役おじさん、サキュバスハンターになる～サキュバスをセックスで倒していくバトルファックRPG～ - RJ01507660 [2025/11/28]
くノ一忍法帖 お千代 - RJ01511106 [2025/11/29]
さくらエグゼック特別救急警備部性処理課 - RJ01484777 [2025/12/21]
ミミズ井戸。 - RJ01526843 [2025/12/20]
NTRギャル -オタクに優しいギャルは寝取られる- - RJ01524136 [2025/12/20]
アンホーリーメイデン - Unholy maiden - RJ01412576 [2025/12/19]
魔法少女アスターリクス・監獄回廊からの脱出 - RJ01443794 [2025/12/19]
浣腸変身エネマリア - RJ01477834 [2025/12/19]
カーテンのむこう NTR - RJ01509772 [2025/12/19]
FGORPG ～ecstasy～ - RJ01501066 [2025/11/15]
魔王城再防衛戦記 - RJ01507212 [2025/12/01]
推しのVtuber箱に10憶投げ銭したら俺だけの中出しハーレムを手に入れた件 - RJ01473444 [2025/12/03]
幻境の蜜籠 - RJ01517680 [2025/12/06]
催○戦記〜異世界転生編〜 - RJ01522090 [2025/12/11]
Peeping MySchool 盗撮が救う未来もある！？ - RJ01509293 [2025/12/15]
足りない勇者とツイてる仲間たち - RJ01526574 [2025/12/15]
アルカワット聖訪記 製品版 - RJ01509975 [2025/12/10]
ボンバーRPG ～galaxy world～ - RJ01518767 [2025/12/13]
ダンジョン肉 - RJ01524502 [2025/12/13]
ボニー&トレイシー - RJ01511771 [2025/12/13]
獣退魔師 - RJ01208336 [2025/12/13]
エルフの戦士 アンジェラ - RJ01511100 [2025/12/13]

 

[nanasakinanaya]

This is shocking news at the end of the year.

If you have downloaded any of the games on the list, check "C:\Users\(username)\AppData\Local" and if the "syscacheapp" folder exists, you are infected. Empty the contents of the "syscacheapp" folder. You can identify infected games by monitoring the "syscacheapp" folder and checking if cacheapp64.exe is generated immediately after launching the game.

Additionally, the path to cacheapp64.exe will be added to the registry under "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", so please delete the string "C:\Users\(username)\AppData\Local\cacheapp64.exe".
※I'm sorry. Before editing, I wrote to delete Shell, but please do not delete the description of explorer.exe written in shell. I noticed this after checking the F95zone thread after writing my comment.

In my case, I was infected by "カーテンのむこう NTR", "NTRギャル -オタクに優しいギャルは寝取られる-" and "人妻剣士サツキの寝取られ売春記".

We recommend monitoring the "syscacheapp" folder for a while to check if any suspicious files have been created.

 

[selinee]

Shouldn't this topic be pinned or have a banner at the top?

Luckily nothing there is the genre I play at all. We at anime-sharing at least got a notice, but there are a bazillion sites out there that re-upload those H games from who-knows-where and there are many people downloading them. Really shows how you gotta be on your toes with piracy.

 

[Checkmate]

Shouldn't this topic be pinned or have a banner at the top?

It was late evening that we received the report, and it's the year's end party day as well, pretty rough timing. Anyhow, I've made the notice.

 

[Veshurik]

Is that possible to find out in Task Manager if I have that miner, just in case? Or where to locate it?

 

[nanasakinanaya]

The miner monitors the Task Manager process, so it will terminate if the Task Manager is running.

 

[Bryanis]

I'm shocked.
Not by the fact someone did this.
But the afct that after checking this new, I double check my computer to found myself infected. And I enver downloaded from this person. Only from a couple of uploader I trusted because I've been downloading from them for years without problem.

So, it turn out they uploaded someone else work (well, it's frequent), without checking the work for malware....

Gotta delete some more works in my wiating list just to be safe and run some more AV and anti malware run now :-(

 

[dmodwc]

If you downloaded [dHR研] さくらエグゼック特別救急警備部性処理課 - RJ01484777 , you're most likely infected because no one else uploaded it. (Confirmed that the copy I downloaded generated the virus file.)

I usually only download from trusted uploaders but was super bored the day it came out.

Edit: Going through all my recent games to see if anything else is infected that isn't on the above list and adding them to the list below.

[ラッキースケベ日記たかしくん@CFNM] 背徳射精 ドキドキ潜入調査〜あなたは一線を越えられるのか〜 - RJ01525446

 

[Checkmate]

Only from a couple of uploader I trusted because I've been downloading from them for years without problem.

Most uploaders and contributor check for malware when they upload. Unfortunately, this is a new variant, only a couple of AV reporting it as suspicious, non conclusive.

The Chinese community submitted a request to Huorong AV for conclusive report. The timing was also sensitive (around Christmas / New Year, people had already left for holidays)

We took action as fast as possible to prevent further damages, while being transparent about it.

 

[Bryanis]

Most uploaders and contributor check for malware when they upload. Unfortunately, this is a new variant, only a couple of AV reporting it as suspicious, non conclusive.

The Chinese community submitted a request to Huorong AV for conclusive report. The timing was also sensitive (around Christmas / New Year, people had already left for holidays)

We took action as fast as possible to prevent further damages, while being transparent about it.

It is true that my own AV didn't detect anything at the time.

It's just the human mind.
Even if it's "bad luck", in a way, you put the fault on the uploader and the trust is damaged for a while.
Even as you (I in this case) know it, the damage is still existant.

At least, it wasn't the worst type of malware / virus that got into my computer (still gonna check it out in cas of more trouble lurcking in wait).

 

[Checkmate]

Even if it's "bad luck", in a way, you put the fault on the uploader and the trust is damaged for a while.
Even as you (I in this case) know it, the damage is still existant.

I understand your frustration, and it's completely reasonable to feel that way after an experience like this. It's important to note, however, that neither ASF nor its staff can guarantee that all shared content is 100% safe. That said, we do take security very seriously and actively work to prevent bad actors from distributing malware within the community.

In this particular case, the malware was not detectable at the time by common antivirus software. It was only identified later after members of the Chinese community submitted it to Huorong AV for deeper analysis and confirmation. Unfortunately, situations like this can happen despite best efforts.

If your goal is to minimize risk as much as possible (though still never 100%), obtaining content directly from official sources such as DLsite is the safest option. You can also improve your personal security practices, for example, by running non official source on an isolated or older computer. This is something I personally do as an added precaution.

Ultimately, I want to make sure everyone clearly understands the risks involved. We're all adults here, and each person can decide for themselves how they want to proceed based on their own comfort level.

Again, we will do everything we can within our means to protect the community, and to stop the spread of malware, but even our best won't be enough.

Stay safe.