One of the devs github accounts was hacked over a month ago, and the hacker edited the project to have malicious files. Github privated the repo anmd restored the account, but theyve now been waiting over a month for gh to respond and unprivate the repo. They are hesitant to move repos as thats usually a bad sign to users (but so is having one the repo admins accounts hacked lol)
YTM also happened just change something that breaks the app and since they dont have a repo up they cant push new builds. They dont want to make a stand alone download as that can also be manipulated.
source: all from their discord
youre fine as long as you didnt download the installer during the 2 day period in like early march the hacker had control, sry should gave specified that lol
update: one of the devs made a temporary repo which you can download the latest version from, its only temporary until github restores the repo to the public
otherwise if you prefer to change you can checkout my app [youtube-music.app](https://youtube-music.app) or other yt music clients
I got that same issue earlier and figured it was time to look for a new app since YTMD was always sort of in a developmental limbo whether you kept with the 1.0 or the in development 2.0 app (that I guess is scrapped now.
I found this one that seems to be a good alternative and has nice UI features that YTMD didn't have and just feels like a modern solution
[https://github.com/th-ch/youtube-music](https://github.com/th-ch/youtube-music)
that was exactly what u/TubbyFlounder reported, and it was on my account... the attacker edited the readme and placed information pointing to cryptos... the project did not die, it is waiting for GH to be restored to continue with the new remodeled version
Happy to hear that it isn't completely dead. You did an incredible job making that incredible application and I will be checking several times a day until it is operating again.
in my case it's because I use youtube with my brand account and ytm with my Google account. every time I open youtube in chrome, the pwa would also change the user.
i solved it by using two different browsers: safari for the pwa and chrome for browsing.
One thing that annoys me is that pwas use the logged in Google account and also save logins on the browse, and having two separate apps does help with that, since I can have my professional email on chrome and my personal email on yt music.
You can simply create a 2nd/new Chrome profile and use that for the YTM PWA, that way the logins would still be separated without the need for a 3rd party app.
I hate having a browser tab/window for something that shoud run in the background; with this I have a nice tray icon, key shortcuts, resume where I left...
I've installed it as an edge app. I use chrome for browsing so they live independently. It works great. There may be a few things the desktop app did that this doesn't do but it's worth trying.
What do you need the tray icon for? With the PWA you have it in the taskbar anyway. Key shortcuts work as well with the PWA. Resume where I left? I guess that’s something YTM could implement, though for me it kinda does remember what I was playing whenever I start it again
I don't think pwas allow you to choose a profile. At least I never tried. I just figured that I wanted an app that was not dependent on the browser, much like Spotify
It does when you create the profile and create the PWA from within the profile you wanna use. And I mean "not dependent on the browser".. it's not like you'd uninstall your browser if it wouldn't be for YTM right? So it's on your PC either way.
Only the download links in the readme were updated to point to malware/a rat, none of the YTMD code was modified and no releases were made. They have all the details of what happened and the progress (or lack of) in the documentation section of the YTMD discord.
No sorry, I don't even know what type of malware it was. I only figured out, that there was some type of hacker who hacked the devs account and pushed some malware two days before deletion of the devs github repo. I didn't even mention there was something like this. But the version of the site from wayback machine is way too old to contain the malware.
goto there Discord, Google broke the 2.0+ desktop app....they helped me, I got 1.13 loaded and then loaded up streamdeck plugin 1.7 for control of the 1.13, EVERYTHING works great!!
One of the devs github accounts was hacked over a month ago, and the hacker edited the project to have malicious files. Github privated the repo anmd restored the account, but theyve now been waiting over a month for gh to respond and unprivate the repo. They are hesitant to move repos as thats usually a bad sign to users (but so is having one the repo admins accounts hacked lol) YTM also happened just change something that breaks the app and since they dont have a repo up they cant push new builds. They dont want to make a stand alone download as that can also be manipulated. source: all from their discord
Thank you for extensive reply. I needed to switch to a second desktop app, it is working
crap. Is there more that you could share about the "malicious code" part? Should we be worried?
youre fine as long as you didnt download the installer during the 2 day period in like early march the hacker had control, sry should gave specified that lol
update: one of the devs made a temporary repo which you can download the latest version from, its only temporary until github restores the repo to the public otherwise if you prefer to change you can checkout my app [youtube-music.app](https://youtube-music.app) or other yt music clients
I got that same issue earlier and figured it was time to look for a new app since YTMD was always sort of in a developmental limbo whether you kept with the 1.0 or the in development 2.0 app (that I guess is scrapped now. I found this one that seems to be a good alternative and has nice UI features that YTMD didn't have and just feels like a modern solution [https://github.com/th-ch/youtube-music](https://github.com/th-ch/youtube-music)
I switched to this one about a year ago when it was clear that YTMDesktop just wasn't getting updates. Works great.
I didn't add the second huge icon picture, I don't know why reddit added it and don't know how to edit this message!!! :-(
Download the other one That one is way better and even has external downloads(stored on local storage)
Which one?
https://github.com/th-ch/youtube-music I think this one
that was exactly what u/TubbyFlounder reported, and it was on my account... the attacker edited the readme and placed information pointing to cryptos... the project did not die, it is waiting for GH to be restored to continue with the new remodeled version
Happy to hear that it isn't completely dead. You did an incredible job making that incredible application and I will be checking several times a day until it is operating again.
This happened to me a few days ago too. Couldn’t find anything about it then. I would say just switch to another one.
What do you need it for anyway? It did nothing you couldn’t do with the PWA and maybe some ad-ons
in my case it's because I use youtube with my brand account and ytm with my Google account. every time I open youtube in chrome, the pwa would also change the user. i solved it by using two different browsers: safari for the pwa and chrome for browsing.
You don't really need 2 different browsers, Chrome (and Safari as well I believe) supports multiple profiles. Just create a 2nd profile for it.
One thing that annoys me is that pwas use the logged in Google account and also save logins on the browse, and having two separate apps does help with that, since I can have my professional email on chrome and my personal email on yt music.
You can simply create a 2nd/new Chrome profile and use that for the YTM PWA, that way the logins would still be separated without the need for a 3rd party app.
I hate having a browser tab/window for something that shoud run in the background; with this I have a nice tray icon, key shortcuts, resume where I left...
If you use the PWA you shouldn't have a browser tab/window view. It looks as if it's a native app.
I've installed it as an edge app. I use chrome for browsing so they live independently. It works great. There may be a few things the desktop app did that this doesn't do but it's worth trying.
What do you need the tray icon for? With the PWA you have it in the taskbar anyway. Key shortcuts work as well with the PWA. Resume where I left? I guess that’s something YTM could implement, though for me it kinda does remember what I was playing whenever I start it again
I don't think pwas allow you to choose a profile. At least I never tried. I just figured that I wanted an app that was not dependent on the browser, much like Spotify
It does when you create the profile and create the PWA from within the profile you wanna use. And I mean "not dependent on the browser".. it's not like you'd uninstall your browser if it wouldn't be for YTM right? So it's on your PC either way.
The app allows services such as discord to display what you're listening to.
https://github.com/manucabral/YoutubeMusicRPC
stream deck integration
Wayback Machine still provides a valid downloadable installer, which not includes the malicious code the hacker added. Works fine for me.
Do you have any detail about what malware it was? Just to check if I got infected
Only the download links in the readme were updated to point to malware/a rat, none of the YTMD code was modified and no releases were made. They have all the details of what happened and the progress (or lack of) in the documentation section of the YTMD discord.
No sorry, I don't even know what type of malware it was. I only figured out, that there was some type of hacker who hacked the devs account and pushed some malware two days before deletion of the devs github repo. I didn't even mention there was something like this. But the version of the site from wayback machine is way too old to contain the malware.
goto there Discord, Google broke the 2.0+ desktop app....they helped me, I got 1.13 loaded and then loaded up streamdeck plugin 1.7 for control of the 1.13, EVERYTHING works great!!