search

junderw / hibp_downloader

A CLI tool for downloading and writing the HaveIBeenPwned password hashes to disk with optional sorting.
MIT License
2 stars 0 forks source link

Latest windows release is labeled by defender as a threat Trojan:Win32/Wacatac.H!ml #1

Closed lexeyOK closed 3 months ago

lexeyOK commented 3 months ago

then trying to download prebuilt package, the zip archive got deleted due to it being labeled as containing a trojan. I looked at the code base a little but couldn't find any suspicious things. The cargo build is actually installed though.

junderw commented 3 months ago

hmmmm...... I'll have to look into this.

Thanks for the report.

junderw commented 3 months ago

https://www.virustotal.com/gui/file/0e1722083c2f52c6bffe40e6fd6ee071e5bcc4b72beb0348e89a21892580827b/detection

Virus Total says 0 detected.

Can you get the sha256 hash of the exe you downloaded?

It should be 0e1722083c2f52c6bffe40e6fd6ee071e5bcc4b72beb0348e89a21892580827b

junderw commented 3 months ago

Looks like it was updated. Microsoft now says Program:Win32/Wacapew.C!ml which is different from OP's result...

Perhaps this is an issue with the build action...

junderw commented 3 months ago

Related: https://github.com/rust-build/rust-build.action/issues/89

junderw commented 3 months ago

Seems like an issue with windows binaries cross compiled on alpine linux...

Some malware groups are probably using a similar build process and causing it to throw false positives for us.

...... Closing: If you're worried about this, build it yourself using cargo.