-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gisto flagged as malware by VirusTotal #310
Comments
No idea. What file?
…On Fri, Apr 16, 2021 at 3:19 PM CoreCode ***@***.***> wrote:
https://www.virustotal.com/gui/file/40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e/detection/f-40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e-1617435735
any explanation for this?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#310>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRV2RGVSSA75BWILYELTJATNHANCNFSM43BNWERA>
.
|
|
Got it. I don't know for sure, but my guess would be that it is not signed
with an Apple dev account, we are not in the position to pay 100 bucks for
a certificate for non profit open source project. Zip is green for what is
worth.
…On Fri, Apr 16, 2021 at 4:21 PM CoreCode ***@***.***> wrote:
Gisto-1.13.4.dmg
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRVLTILS5TO3BIIMWDTTJA2VZANCNFSM43BNWERA>
.
|
weirdly if you upload the app inside the ZIP, its red again: |
It might still try to validate the signature I guess. I cannot think of any
other reason.
…On Sat, Apr 17, 2021, 12:15 AM CoreCode ***@***.***> wrote:
weirdly if you upload the app inside the ZIP, its red again:
https://www.virustotal.com/gui/file/2b09c14becdfb2011665e758149cd59bd570c628305d79e3bea9a5402ec9525c/detection
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRRLFA6IQMD5UE7UEJDTJCSGNANCNFSM43BNWERA>
.
|
don't think that could be the reason. i check thousands of apps every month with virustotal. about half of them are unsigned and its never been a problem. |
This is probably related to Electron being detected as malware incorrectly, you can see the following thread on atom with very similar issues: |
I just got an alert about this being potential malware as well, though it came out of Carbon Black. Here are the details that I have on the issue. The OS X version of the application has the following SHA256 hash: Per the following CISA report, this hash is a signature of known maleware. |
@coltjones thanks. |
@sanusart From https://www.gistoapp.com/ using the OS X DMG link: https://github.com/Gisto/Gisto/releases/download/v1.13.4/Gisto-1.13.4.dmg |
Still seems to be related to electron. Will try to update electron version. |
MacPaw's "Clean My Mac" app is identifying Gisto.app v1.13.4 as being infected with NukeSped Trojan. |
Thank you.
…On Mon, Mar 21, 2022, 8:44 PM Colt Jones ***@***.***> wrote:
@sanusart <https://github.com/sanusart> From https://www.gistoapp.com/
using the OS X DMG link:
https://github.com/Gisto/Gisto/releases/download/v1.13.4/Gisto-1.13.4.dmg
—
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRW2Y5WTPHZUYOS6M63VBC7PFANCNFSM43BNWERA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
My cyber security team identified a file within the Gisto package as known North Korean malware 😬 needless to say I had to remove it from my machine. I just wanted to note that installing gisto via homebrew will result in a package that still gets flagged in 2023. |
https://www.virustotal.com/gui/file/40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e/detection/f-40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e-1617435735
any explanation for this?
The text was updated successfully, but these errors were encountered: