search

jonnymaserati / welleng

A collection of Wells/Drilling Engineering tools, focused on well trajectory planning for the time being.
Apache License 2.0
113 stars 31 forks source link

is karma.js malware? #143

Open sensebur opened 1 year ago

sensebur commented 1 year ago

Is this real malware or a false detected?

docs/source/_static/js/karma.js

www.virustotal.com https://www.virustotal.com/gui/file/d86bccdf80bcc25af3967c678ff6738bb30752371c8c874b1f46fd66db819785/detection

17 security vendors and no sandboxes flagged this file as malicious. Security Vendors' Analysis Ad-Aware JS:Trojan.Cryxos.7406

ALYac JS:Trojan.Cryxos.7406

Arcabit JS:Trojan.Cryxos.D1CEE

Avast Script:SNH-gen [Drp]

AVG Script:SNH-gen [Drp]

BitDefender JS:Trojan.Cryxos.7406

Emsisoft JS:Trojan.Cryxos.7406 (B)

eScan JS:Trojan.Cryxos.7406

GData JS:Trojan.Cryxos.7406

Google Detected

Ikarus Trojan.JS.Cryxos

Kaspersky HEUR:Trojan.Script.Miner.gen

MAX Malware (ai Score=80)

McAfee-GW-Edition BehavesLike.JS.CoinMiner.cm

Sangfor Engine Zero Miner.Generic-JS.Save.lifeisall

Trellix (FireEye) JS:Trojan.Cryxos.7406

VIPRE JS:Trojan.Cryxos.7406

jonnymaserati commented 1 year ago

Yes and no... the point is that the documentation shouldn't be part of the distribution, so I'll get that fixed. Then you won't get this triggered on your local machine.

The code does some low level browser mining when people use the documentation online - I'm trying this out as a less obtrusive way of generating revenue versus advertising, but it makes so little money that I'll likely just remove it.