alexzorin
commented
3 years ago It's a false positive.
The binary was built and uploaded by Travis CI from the source code in this repository (https://travis-ci.org/github/alexzorin/authy/builds/737211656).
I'm not going to put effort into working around crappy antivirus heuristics, nor buy a code-signing certificate, for an operating system I don't even use.
The Windows binaries are published as a convenience for whoever wants it, if you don't trust it, then run the program from source using the instructions in the README.
If you feel the need to rotate your TOTP keys, I understand, but I'm 100% sure there's nothing wrong with the binary.
nitz
raverecursion
Hi, Windows defender just detected Trojan:Win32/Ymacco.AA22 inside the
authy-export-windows-amd64.exebinary. What's going on here?More info about this trojan here: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fYmacco.AA22&threatid=2147757354 and https://howtofix.guide/trojanwin32-ymacco-aa22/. According to the second URL the Trojan "Attempts to connect to a dead IP:Port" and "Performs some HTTP requests" along with other things.
I suppose I will delete the tool and start changing all my TFA secrets everywhere :(.