mickelus / tetra

🔶- Source and issue tracker for tetra
https://minecraft.curseforge.com/projects/tetra
MIT License
182 stars 80 forks source link

Your mod has been laced with malware! [Bug] #833

Open McWendigoes opened 4 months ago

McWendigoes commented 4 months ago

Observed behaviour

I didn't know how else I could've gotten in contact with you but I decided to go here as my anti-virus program has flagged a script running in the background within your mod, the script is called "Script/Wacatac.B!ml", i've found it in your latest 1.20.1 6.4.0 release and downloaded it from modrinth, microsoft deems it as a critical threat, who knows what could've happened if I didn't update my anti-virus protection, you should probably take immediate action or steps to removing it from your mod, and should also remove your latest release until you have done so. Screenshot (72)

Expected behaviour

Not injecting malware.

Steps to reproduce

  1. Check all inner working of the mod isn't infectious 2. Once found, delete the script. 3. upload mod back up again :D.

Crashlog

No response

Tetra version

6.4.0

mutil/mGui version

6.1.1

Forge version

1.20.1

Other mods

No response

mickelus commented 4 months ago

This file? https://www.virustotal.com/gui/url/31835dc70beb5cc87f456367dd6df801e112d4287be93b6957be8b6f08187bce?nocache=1

ocram9 commented 4 months ago

I have the same issue. I used the mod fine for weeks but it seems to detect it as malware now. Maybe windows defender got an update and doesn't like something the mod is doing.

McWendigoes commented 4 months ago

I have the same issue. I used the mod fine for weeks but it seems to detect it as malware now. Maybe windows defender got an update and doesn't like something the mod is doing. Could be, as my anti-virus automatically updates without the need of notifying me or permission. I suspect this has a possibility because of teh fact i had the mod for quite while until now it has been deemed malware.

McWendigoes commented 4 months ago

This file? https://www.virustotal.com/gui/url/31835dc70beb5cc87f456367dd6df801e112d4287be93b6957be8b6f08187bce?nocache=1 Oops misread what you just said, yeah that file.

Barerock commented 3 months ago

https://www.virustotal.com/gui/file/23a6d12e05e1bf91f57be0d859a2afc9f2a12db87e1ba2c8bb7cd8f386eac363

Just because Curseforge accounts have been hacked in the past, I checked the Curseforge version as well

mickelus commented 3 months ago

I submitted it for analysis a week ago but it's still listed as "in progress", has anyone gotten any warnings recently?

IThundxr commented 3 months ago

This is caused by windows defender using machine learning which marks mod files as malware randomly, you can report it as a false positive by going here, clicking the software developer button and then filling it out to the best you can, Had this issue with zeta for a while but after reporting it as a false positive twice they stopped marking it as malware

ocram9 commented 3 months ago

I submitted it for analysis a week ago but it's still listed as "in progress", has anyone gotten any warnings recently?

Missed your reply but I can't replicate it anymore now. Can download it fine without any warnings but I also already told windows defender it was fine the first time so I'm not sure if it remembers the file somehow.