Closed DonFlymoor closed 1 year ago
Thanks for the analysis, I will check the vendor that's supposed to be dangerous.
So I checked forums, and did a few scans.. seems to be a false positive. I will try to implement a security scan but having 1 detection on all scans is often seen as a false positive.
The old version of the app seemed more dangerous, today it's a 2% probability. None of the behaviors are intentional, I try to audit Tauri/rust packages and will see how it goes.
What matters in your scan is this : 1 security vendor and no sandboxes flagged this file as malicious
Apparently, new malware can have a score of 0 so I will add a note to the readme but know that security scan are already running.
https://github.com/crazy-max/ghaction-virustotal
Virus scan is now executed at release, a report link will be added. I wish total transparency for this project, feel free to reopen if this still seem an issue to you.
According to Virus Total The mod manager :
- Installs a raw input device (often for capturing keystrokes)
- Queries the volume information (name, serial number etc) of a device
- Reads software policies
- Sample has functionality to log and monitor keystrokes
- Looks at way too much of the registry
This Must be fixed, as is looks exactly like a virus would and could potentially be used for malicious purposes
More info from tauri staff.
Installs a raw input device (often for capturing keystrokes)
Hmm, maybe they mean winit/tao that indeed listens for all os events including keyboard events? 🤔 I doubt that the scans know about the stuff the webview does which ig does do something similar but only when the window is focused.
Sample has functionality to log and monitor keystrokes
Sounds like the same thing as the first one to me.
Reads software policies Looks at way too much of the registry
These ones are weird, i don't think we do that in the exe itself, only in the installer to check for webview2 installations. Actually, we only check the registry, no idea what they mean with software policies.
Queries the volume information (name, serial number etc) of a device
This one i'm not sure about, can't remember seeing us do that though.
According to Virus Total The mod manager :
This Must be fixed, as is looks exactly like a virus would and could potentially be used for malicious purposes