Closed Fra-nk closed 3 years ago
I'm also getting this
Uploaded the attempted update to VirusTotal. Getting a lot of positives:
It's present in the latest release on GitHub: https://github.com/FluffyMaguro/SC2_Coop_overlay/releases/download/2.40/SC2CoopOverlay.2.40.zip
I'd be curious to see the VirusTotal results of an independently built executable. I don't have a copy of the repository laying around locally. If this isn't a false positive, this is likely a maliciously uploaded release. This could be done by a few things ranging from a stolen personal access token or from complete account compromise. I don't see anything in this repository to suggest a service like Travis or CircleCI is being used; my guess is that Maguro's building/uploading off of their laptop.
For what it's worth, Windows Defender has largely ignored SCO; I'm a bit spooked that WD and other vendors have identified it as a trojan all of a sudden.
Just pointing out that version.txt
doesn't include a checksum for the uploaded archive:
{
"version" : 240,
"download_link_1" : "https://github.com/FluffyMaguro/SC2_Coop_overlay/releases/download/2.40/SC2CoopOverlay.2.40.zip"
}
It's possible that someone could have re-uploaded 2.40 after Maguro's initial release of it.
I will add hash checking in the next version.
I think it's just AV being jumpy with packaged Python apps. If anyone knows some solution, let me know.
For example I packaged the app anew and got 1/66 malicious, then added a commit with hashing, and got 10/66 score. It seems random.
Ugh, it looks like this is a pretty common issue with compiled Python apps. The only solutions seem to be either chasing down each AV and submitting false positives yourself (I found a list here) or signing it (which costs some money and time).
I submitted it to Microsoft for review. Thanks for the link.
I also recently added support for compiling the app with Nuitka, it got only 1/66 score, but it's not working 100% (particularly websockets package doesn't).
It's so frustrating that this is a problem. If you want someone to jump through these hoops for you, I don't mind doing it. I'm not sure what level of privilege I need to the repository for it, though.
It's fine. It should be whitelisted by Microsoft now.
Thanks!
Hi, I know that there is probably not so much that you can do and it is not necessarily a bug/issue of SCO itself, but I think this might still be the best place to register it - even if it is only for making it obvious to everyone.
I downloaded SCO directly from GitHub, extracted it and the newest Microsoft Defender raised an alert for
Trojan:Win32/Zpevdo.B
.