Last release is marked with a Trojan Wacatac.B!ml

[confibox]

The laste release MacType v1.2024.9.14 is marked by NordVPN and MS Security Defender with the troyan:

Trojan:Win32/Wacatac.B!ml

Any idea?

[snowie2000]

As long as you got the file from GitHub,it should be fine.

[confibox]

Hi Snowie2000, thanks in advance, yes, I got the file from GitHub, I wonder why, two engines refuse to deal with it, NordVPN, blocks the download, I turn off the protection and later, whe run the instalation, MS Security Defender refuse to run the instalation process, which or what component is identify as a Trojan?

[ssssssbbb]

ESET did the same thing, the problem is not about whether it is trojan or not, the file just vapoured as soon as the downloading is completed, it's so annoying to turn off the protection before using it.

This prevents the soft from popularizing.

[snowie2000]

Because of the nature of the MacType, it can cause false positive for many AV softwares, bacause:

1. It hook many APIs and hooks into almost all the processes.
2. It alters the way processes launches and changes code of the target processes
3. It has easyhook and detours builtin and they are widely found in malwares

I think why it is more common to be mistakenly detected if because this is the first version that has easyhook/detours statically linked which is more like a malware behavior while previously they were distributed separately as DLLs.

[wmjordan]

I've been using MacType for more than a decade. It is solidly stable and never connects to the Internet without your explicit permission. I've even installed it onto my Windows servers. No crash or security warning have ever been caused by it.