Blocked
old.reddit.com
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/piracy by /u/Majestic_Employer976 on 2026-05-31 17:23:24+00:00.

Hey everyone, I wanted to put out a warning regarding the VFXmed community and its coordinator Jack Sparrow. Despite being historically trusted, they are distributing highly suspicious, flagged installers and the coordinators are gaslighting anyone who asks questions.

I was downloading a 3D software from their community channel, but first I ran an advanced archive extraction and multi sandbox scan on the sub files inside the “Buriram” folder of the installer. The core payload binaries are heavily obfuscated using Themida packing to evade VM and sandbox detections.

When broken open, the heaviest hitters in enterprise cybersecurity all independently flagged the file as dangerous, showing a weaponized DLL Hijacking and Infostealer payload:

  • CrowdStrike Falcon ML: win/malicious_confidence_100
  • Kaspersky: Trojan.Win32.BSOD.and (Credential/Session Stealer)
  • ESET: a variant of Win64/Packed.Themida.L suspicious application
  • Bitdefender: Trojan.GenericKD.67337952
  • Fortinet / VIPRE: Malware
  • Sophos: Malicious
  • BitDefender / G-Data: Trojan.GenericKD / Malware
  • Kaspersky: HEUR:Trojan.Win64.DllHijack.gen
  • Antiy-AVL / Tencent: Trojan/Win64.DLLhijack / Win64.Trojan.Dllhijack
  • TrendMicro / ESET: Trojan.Win64.DEEFFACE.A / Win64/NukeSped

If you ask for support or clarification, they tell you to run it inside a virtual machine to give you “proof” that it is safe because they know the Trojan stays completely quiet inside basic testing boxes due to the anti VM packer. It only activates when you run it on your real machine. They get paid to bundle this garbage, that’s why the software is “free.”

When I brought this multiscan data to their chat to ask about it, Sparrow tried to brush it off as a harmless “false positive.” But when I pushed back and refused to buy his excuses, he immediately kicked and banned me from the community. He literally went from “it’s a false positive” to a defensive “I don’t know” . I dont know why their site is recommended in the megathread , it should be deleted from the list.

The average user doesn’t do deep scans. They just install the file, the software opens, and they say it’s “safe.” Meanwhile, the Trojan runs silently in the background, copying your passwords and stealing your data without you ever knowing.

EDIT: I forgot to mention that looking at the VirusTotal map, these files are also linked to the Discord scam 2026 so it proves they are targeting browser session tokens and Discord accounts.

Stay away from that community, don’t trust their staff, and scan your files piece by piece.