search

ThePacielloGroup / CCAe

The Colour Contrast Analyser (CCA) helps you determine the legibility of text and the contrast of visual elements, such as graphical controls and visual indicators.
http://www.paciellogroup.com/resources/contrastanalyser/
GNU General Public License v3.0
479 stars 107 forks source link

Need Supporting Documentation for CyberSecurity (Security Concerns with CCA) #354

Open its-robinhood opened 2 days ago

its-robinhood commented 2 days ago

Describe the bug Not necessarily a bug but we have security concerns here with CCA. I am corporate IT staff working with a municipality in Canada. Our security team has scanned the requested software and the verdict came back as highly suspicious as it detected possible Envyscout malware (in the main executable) used by the APT29 group by patterns already used in the past. Please see screenshot attached.

Perhaps anyone can confirm that this is a false positive provide us some supporting documents ?

Desktop (please complete the following information):

To Reproduce Steps to reproduce the behavior: Complete virus scan and provide submission report

Expected behavior Clear virus scan and reporting no suspicious components - or supporting documentation for false positives.

Screenshots Please see screenshot with the details of the findings. CCA-AssemblyLineVerdict

Additional context IT teams looking to roll out the tool for staff members but there is a security concern that's preventing approval.

ferllings commented 2 days ago

It's probably a false positive due to the electron framework nature. I tested with virus total: https://www.virustotal.com/gui/file/f966de78ccf6f32d7282a183f06738715f77b6dbe1037d965febae295a0ebce7

Btw I would also recommend to upgrade to 3.5.4

its-robinhood commented 2 days ago

It's probably a false positive due to the electron framework nature. I tested with virus total: https://www.virustotal.com/gui/file/f966de78ccf6f32d7282a183f06738715f77b6dbe1037d965febae295a0ebce7

Btw I would also recommend to upgrade to 3.5.4

Thanks for your help ferllings

its-robinhood commented 1 day ago

@ferllings Update from Cyber: rescanned the updated version of the CCA tool on our primary tool and it still seems to be highly suspicious. scanned it on another tool Hybrid analysis and it came back as malicious - However the detected malware from this scan appears to be an exploit for android devices.

The app also appears to send/receive data through the Internet but unable to find what this data is (assuming it looks for updates or device information). not confident in this app based on the detected yara rule found on the primary scan. image image