Malware detected from ESET Antivirus

wakatime / wakatime-cli

Command line interface used by all WakaTime text editor plugins

https://wakatime.com/plugins

BSD 3-Clause "New" or "Revised" License

262 stars 40 forks source link

Malware detected from ESET Antivirus #1031

Closed mack0196 closed 5 months ago

mack0196 commented 5 months ago

Malware scanning found a trojan in wakatime extension files and disabled the extension.

Real-time file system protection;file;C:\Users\XXX\.wakatime\wakatime-cli-windows-amd64.exe;a variant of WinGo/Agent_AGen.AN trojan;cleaned by deleting;

Event occurred during an attempt to run the file by the application: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe

Could a security audit be performed to verify and clean if found?

alanhamlett commented 5 months ago

This started happening after we upgraded Go in the wakatime-cli part of the extension. I used this guide to report the false positive to Trend Micro.

mack0196 commented 5 months ago

Thanks. I originally said trend micro but we are using eset. Have you filed similar report https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?

alanhamlett commented 5 months ago

Thanks. I originally said trend micro but we are using eset. Have you filed similar report https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?

I also sent it to ESET and received this response:

Hello,

Thank you for your submission.
It was a false positive which was fixed yesterday.

Regards,

ESET Malware Response Team