• Have you tried out dark mode?! Scroll to the bottom of any page to find a sun or moon icon to turn dark mode on or off!

diy solar

diy solar

EG4 MPPT100-48HV firmware has backdoor virus???

JWLV

-.-. --.-
Joined
May 27, 2020
Messages
732
I just downloaded the EG4 MPPT100-48HV firmware directly from eg4electronics.com.
After it downloaded, Chrome blocked the file and stated that it was a "dangerous file." It didn't give much details as to why. So I forced it to download the "dangerous file" again. Then I opened the .zip file and Microsoft Defender says the file contains a backdoor virus. See the screenshot below.

What's going on @EG4_Jarrett @SignatureSolarJess ?


backdoor-warning.png
 
Who knows .
Some idiote that like to harm te company and set this online.
Reason he is dismissed from the company.

Just wait and do not update it for a other update come out.

You can look for a old update from the website and see if that do the same.
 
Their firmware is such a disaster that I’m not surprised they were subject to a supply chain hack. Good catch!
 
Their firmware is such a disaster that I’m not surprised they were subject to a supply chain hack. Good catch!

They should send me a free EG4 MPPT Charge Controller for discovering this on their official site.
Hopefully not too many people were affected by it.
 
They should send me a free EG4 MPPT Charge Controller for discovering this on their official site.
Hopefully not too many people were affected by it.
"None that we know of" 8*)

Not that they shouldn't be scanning all their downloads, this stuff happens all the time lately, and their IT folks can't not know that, but again I'm not surprised given that they've apparently farmed out their firmware development to Elbonia.
 
I checked the download file a couple of days ago. it's still the same file with the backdoor malware.

No response from Signature Solar yet. @SignatureSolarJames @SignatureSolarJess @SignatureSolarPeyton
The fellow from EG4 @eg4_Jarret no longer has an account on here or changed his username or no longer works for EG4. @Jarrett_Mccool
@EG4TechSolutionsTeam

Also the firmware listed for the 6500EX is incorrect. It links to the 8KEXP firmware instead.

It doesn't give me a lot of confidence when a company that makes critical hardware can't even get their website straight. Feels like a one man show even though I know it's not. It just feels that way.

Since no one from either company is responding, I'm hoping @Will Prowse can use his contacts at the companies to alert them of these issues.
 
Last edited:
I checked the download file a couple of days ago. it's still the same file with the backdoor malware.

No response from Signature Solar yet. @SignatureSolarJames @SignatureSolarJess @SignatureSolarPeyton
The fellow from EG4 @eg4_Jarret no longer has an account on here or changed his username or no longer works for EG4. @Jarrett_Mccool
@EG4TechSolutionsTeam

Also the firmware listed for the 6500EX is incorrect. It links to the 8KEXP firmware instead.

It doesn't give me a lot of confidence when a company that makes critical hardware can't even get their website straight. Feels like a one man show even though I know it's not. It just feels that way.

Since no one from either company is responding, I'm hoping @Will Prowse can use his contacts at the companies to alert them of these issues.
I just tried to download https://eg4electronics.com/categories/inverters/eg4-3000ehv-48-all-in-one-off-grid-inverter official firmware and Firefox automatically blocked this download and flagged it as malware. Thats when I found your post.

Even their new software defaults to chinese, I tell you the guys at EG4 probably have 0 knowledge of what is in these apps, they are just a white label company. For the hardware this is acceptable as long as they test it and it works well enough, but for the software when connected to the internet, this becomes a whole other story.
 
Woah. Thank you for this. I sent my powerpro firmware through virustotal and got 21 detections. I've pulled my wifi modules from my inverter units for the time being as they can't be trusted anymore.
 
Woah. Thank you for this. I sent my powerpro firmware through virustotal and got 21 detections. I've pulled my wifi modules from my inverter units for the time being as they can't be trusted anymore.
Umm, it's not the battery firmware that can't be trusted, it's the Windows firmware-install programs that can't be trusted.

Reconnect your inverter and batteries, but run a good virus scanner on the Windows computer you used to update your batteries. MalwareBytes seems to do a good job, though everyone will have their favorite.
 
Umm, it's not the battery firmware that can't be trusted, it's the Windows firmware-install programs that can't be trusted.

Reconnect your inverter and batteries, but run a good virus scanner on the Windows computer you used to update your batteries. MalwareBytes seems to do a good job, though everyone will have their favorite.

"EG4 WALLMOUNT ALL WEATHER BATTERY – FIRMWARE – S02T11"
 
Last edited:
"EG4 WALLMOUNT ALL WEATHER BATTERY – FIRMWARE – S02T11"
Yes. Which is made up of a bunch of files. Many of those files are windows programs that are used to install the firmware into the battery. Those windows programs are the ones that are infected with windows viruses. Your battery does not have a virus, your inverter does not have a virus, the windows computer that you used to install the battery firmware has a virus.
 
Yes. Which is made up of a bunch of files. Many of those files are windows programs that are used to install the firmware into the battery. Those windows programs are the ones that are infected with windows viruses. Your battery does not have a virus, your inverter does not have a virus, the windows computer that you used to install the battery firmware has a virus.
I was under the impression they were scanning the firmware files downloaded directly from the website. Is that not the case?
 
I was under the impression they were scanning the firmware files downloaded directly from the website. Is that not the case?

It's not the actual firmware that has the virus. All of the downloads from EG4 are packaged files, which include the actual firmware file, the installation program, supporting files, documentation, and other stuff. It's the installation program that has the virus. The installation program only runs on Windows computers. If you downloaded the file on a Mac or Linux computer, it won't affect you because you can't run the installation program on a Mac/Linux. But you also won't be able to install the firmware to your EG4 device for the same reason. The firmware installation program only runs on a Windows computer.

As for the CrowdStrike problem that has made the news recently, I don't get why so many people are saying it's a Microsoft problem. That's like saying it's a Ford problem when you put water in the gas tank instead of gasoline. CrowdStrike makes a security program for Microsoft Windows. The CrowdStrike program updated itself and crashed. When you update a good working program with an update that isn't working, that might crash the computer. That is solely a CrowdStrike problem.

Note: The installation program was identied as containing a backdoor program. Technically it is not a virus since it does not spread or infect other computers on its own. But being a backdoor, it could allow an attacker to use the backdoor to install other programs that can be a virus or any number of malicious programs. I call it a virus for simplicity's sake.
 
Last edited:
The thing you download from the website is a .zip file.
Yes and inside that is the firmware file, most likely software and hopefully instructions.
I scanned the zip
Thanks for the clarity, that's what I assumed.
It's not the actual firmware that has the virus. All of the downloads from EG4 are packaged files, which include the actual firmware file, the installation program, supporting files, documentation, and other stuff. It's the installation program that has the virus. The installation program only runs on Windows computers. If you downloaded the file on a Mac or Linux computer, it won't affect you because you can't run the installation program on a Mac/Linux. But you also won't be able to install the firmware to your EG4 device for the same reason. The firmware installation program only runs on a Windows computer.

As for the CrowdStrike problem that has made the news recently, I don't get why so many people are saying it's a Microsoft problem. That's like saying it's a Ford problem when you put water in the gas tank instead of gasoline. CrowdStrike makes a security program for Microsoft Windows. The CrowdStrike program updated itself and crashed. When you update a good working program with an update that isn't working, that might crash the computer. That is solely a CrowdStrike problem.

Note: The installation program was identied as containing a backdoor program. Technically it is not a virus since it does not spread or infect other computers on its own. But being a backdoor, it could allow an attacker to use the backdoor to install other programs that can be a virus or any number of malicious programs. I call it a virus for simplicity's sake.
Thanks for the detailed reply.
Back in my tech days, 10+ years ago, I would have lots of software flagged as being potentially malicious or unsafe... I could see this being a false threat but feel like we would have seen more posts about earlier versions if that were the case; anyone who's been around here a while knows there have been lots of firmware updates for EG4 stuff ...
 

diy solar

diy solar
Back
Top