search

brackets-cont / brackets

An open source code editor for the web, written in JavaScript, HTML and CSS.
http://brackets.io
Other
1.37k stars 182 forks source link

The macOS Brackets download dmg is being flagged on Virus Total. #261

Closed paul-cossey closed 1 year ago

paul-cossey commented 1 year ago

Prerequisites

For more information on how to write a good bug report read here For more information on how to contribute read here

Description

Hi,

This isn't really a bug, but the brackets.2.1.2.dmg has just started to be flagged by security vendors on virustotal.com: https://www.virustotal.com/gui/file/6399d43315e0c8921c11d27325b697d26d8a524bfc1455a83173a13a6c6048a2/detection

However if you upload the App itself it gets a clean bill of health: https://www.virustotal.com/gui/file/6d30fe8bdd411e00d4068d210e485160015af501ddf39cde05b6aa7d6e48a957?nocache=1

Looking into the behaviour analysis on Virus Total you can see

<a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0005" style="caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; box-sizing: border-box; color: var(--bs-link-color); text-decoration: none;">Defense Evasion<span class="Apple-converted-space"> </span></a><span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2" style="caret-color: rgb(0, 0, 0); color: var(--bs-tertiary-color) !important; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; box-sizing: border-box; cursor: pointer; --bs-badge-padding-x: 0.65em; --bs-badge-padding-y: 0.35em; --bs-badge-font-size: 0.75em; --bs-badge-font-weight: 300; --bs-badge-color: var(--bs-body-bg); --bs-badge-border-radius: 0.375rem; display: inline-block; padding: var(--bs-badge-padding-y) var(--bs-badge-padding-x); font-size: 11px; font-weight: var(--bs-badge-font-weight); line-height: 1; text-align: center; white-space: nowrap; vertical-align: baseline; background-color: rgba(var(--bs-tertiary-bg-rgb), var(--bs-bg-opacity, 1)); border-radius: var(--bs-border-radius-pill) !important; margin-left: 0.5rem !important;">TA0005<vt-ui-popover style="cursor: default; box-sizing: border-box; --vt-ui-popover-content-height: 100%; --vt-ui-popover-height: auto; --vt-ui-popover-width: 400px;"></vt-ui-popover></span>

  | Masquerading T1036App bundle contains hidden files/directories
-- | --
  | Code Signing T1553.002App bundle is code signed
  | Hidden Files and Directories T1564.001App bundle contains hidden files/directories

[Defense Evasion ](https://www.virustotal.com/gui/search/attack_tactic%253ATA0005)TA0005
[Masquerading ](https://www.virustotal.com/gui/search/attack_technique%253AT1036)T1036
App bundle contains hidden files/directories
[Code Signing ](https://www.virustotal.com/gui/search/attack_technique%253AT1553.002)T1553.002
App bundle is code signed
[Hidden Files and Directories ](https://www.virustotal.com/gui/search/attack_technique%253AT1564.001)T1564.001
App bundle contains hidden files/directories

I think the dmg is being flagged on account of the hidden within in it. 

ls /Volumes/Brackets\ 2.1.2 
.DS_Store       .background     Brackets.app
.VolumeIcon.icns    Applications

You may wish to work with the vendors in question to resolve this issue.

Steps to Reproduce

  1. Download brackets.2.1.2.dmg
  2. Upload brackets.2.1.2.dmg to virustotal.com

Expected behavior: [What you expected to happen] The security Vendors pass do not detect any thing

Actual behavior: [What actually happened] The Security Vendors are detecting:

Versions

2.1.2 Please include the OS and what version of the OS you're running. Please include the version of Brackets. You can find it under Help -> About Brackets (Windows and Linux) or Brackets -> About Brackets (macOS) macOS 13.2.1

charlypa commented 1 year ago

Hi @paul-cossey ,

Thanks for reporting the issue. We were aware of this issue, and we have fixed this issue in windows. How ever did not fix it in MAC as no one reported it. If its really hindering your work flow please share it we will prioritize the release on Mac as well.

some interesting reads

  1. https://www.reddit.com/r/brackets/comments/y9eqc4/just_installed_brackets_212_and_my_antivirus/
  2. https://github.com/brackets-cont/brackets/releases/tag/v2.1.3
paul-cossey commented 1 year ago

Thanks, @charlypa

It is Kinda hindering our workflow. We use a tool called AutoPkg to download the latest version of an App or installer pkg, and use virus total to make sure all the downloads are safe before we add to our Repo. If anything gets flagged by 2 or more vendors it stops the import and raises a support ticket.

This is the 1st time we've seen it, so probably only just being detected by more than Kaspersky?

Thanks

abose commented 1 year ago

@paul-cossey Thanks for reporting the issue. Brackets 2.1.3 patch release is now available fixing the issue. See: https://github.com/brackets-cont/brackets/releases/tag/v2.1.3

Please download from the above url or https://brackets.io

Closing as fixed. Please reopen if facing any issues.

paul-cossey commented 1 year ago

Thanks to all involved for a speedy fix! Very much appreciated 😄