Skip to main content

On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
(1 edit) (+1)

EDIT: Turns out that the issue was related to Itch.io App, not Tiled.

I've come across an unusual folder nestled in my HDD and upon further investigation, I discovered that Tiled was autonomously generating folders with nonsensical names on my drive, without my explicit permission. While browsing through various discussions, I've encountered numerous mentions of false positives, but perhaps there's more truth to them than initially presumed.

A staggering total of 44,140 folders have been generated, with 54 appearing just today, despite not actively engaging with the application; it seems to be operating surreptitiously in the background. I'm presently in the process of deleting the primary directory, which harbors over 132,000 files.

I'm hesitant to attribute malicious intent to the Tiled developers, but there's undoubtedly a significant issue at play here.

(+1)

Hmm, that’s worrying. However, it would be nice to know some details:

  • Why do you think Tiled is creating these folders?
  • Where did you download Tiled?
  • What are these folders named and what kind of files are created?
  • Since when is this problem occurring and did you try de-installing Tiled? Did that help?

If it is really the Tiled executable, it was probably infected after being installed. So far, there have only been false positives and no actual reports of Tiled doing something malicious. The executable is built in a clean environment and Windows builds are signed by the SignPath Foundation.

Hey Thorbjørn, I always downloaded Tiled from the official site. The folder spam started in 2022, altought I noticed there was already folder for 2021 (but a single one).

The folder names sounds like some linux codename releases. It seems to be a word generator that adds 3 words together;

"barely-viable-shiner"

"terminally-unique-dragon"

"randomly-careful-yeti"

and so on.

I'm led to think this is related with Tiled because of files content (see screenshots)

In most of the folders I checked, there was 2 JSONS Files:

operate-context.json

operate-log.json

Theres got to be more files generated but I don't know what (because 44,140 folders with 2 files in each does not reach the amount of files I had to delete)

Here's a link with a quick montage of everything I got (sorry no time to do something pretty): LINK TO IMAGE

(+2)

Hmm, while Tiled is mentioned in those files, they seem to be actually created by the itch.io app or some version of it. For whatever reason, it appears to be generating random target locations and then prints logs regarding the installation of Tiled. It seems to be like something in the itch.io app is malfunctioning, which you might want to consider reporting on their bug tracker: https://github.com/itchio/itch/issues (be sure to provide as many details as you did here).

(+2)

Very well! Apologies for implicating Tiled. I propose we remove the entire set of comments about this matter.

(1 edit) (+3)

I don’t think we need to pretend like it never happened, but feel free to edit your posts as appropriate. Even if Tiled isn’t writing those files, and even if it does not look malicious, it is still worth reporting.