gisto flagged as malware by VirusTotal #310
Comments
|
No idea. What file?
…On Fri, Apr 16, 2021 at 3:19 PM CoreCode ***@***.***> wrote:
https://www.virustotal.com/gui/file/40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e/detection/f-40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e-1617435735
any explanation for this?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#310>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRV2RGVSSA75BWILYELTJATNHANCNFSM43BNWERA>
.
|
|
|
|
Got it. I don't know for sure, but my guess would be that it is not signed
with an Apple dev account, we are not in the position to pay 100 bucks for
a certificate for non profit open source project. Zip is green for what is
worth.
…On Fri, Apr 16, 2021 at 4:21 PM CoreCode ***@***.***> wrote:
Gisto-1.13.4.dmg
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRVLTILS5TO3BIIMWDTTJA2VZANCNFSM43BNWERA>
.
|
|
weirdly if you upload the app inside the ZIP, its red again: |
|
It might still try to validate the signature I guess. I cannot think of any
other reason.
…On Sat, Apr 17, 2021, 12:15 AM CoreCode ***@***.***> wrote:
weirdly if you upload the app inside the ZIP, its red again:
https://www.virustotal.com/gui/file/2b09c14becdfb2011665e758149cd59bd570c628305d79e3bea9a5402ec9525c/detection
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRRLFA6IQMD5UE7UEJDTJCSGNANCNFSM43BNWERA>
.
|
|
don't think that could be the reason. i check thousands of apps every month with virustotal. about half of them are unsigned and its never been a problem. |
|
This is probably related to Electron being detected as malware incorrectly, you can see the following thread on atom with very similar issues: |
|
I just got an alert about this being potential malware as well, though it came out of Carbon Black. Here are the details that I have on the issue. The OS X version of the application has the following SHA256 hash: Per the following CISA report, this hash is a signature of known maleware. |
|
@coltjones thanks. |
|
@sanusart From https://www.gistoapp.com/ using the OS X DMG link: https://github.com/Gisto/Gisto/releases/download/v1.13.4/Gisto-1.13.4.dmg |
|
Still seems to be related to electron. Will try to update electron version. |
|
MacPaw's "Clean My Mac" app is identifying Gisto.app v1.13.4 as being infected with NukeSped Trojan. |
|
Thank you.
…On Mon, Mar 21, 2022, 8:44 PM Colt Jones ***@***.***> wrote:
@sanusart <https://github.com/sanusart> From https://www.gistoapp.com/
using the OS X DMG link:
https://github.com/Gisto/Gisto/releases/download/v1.13.4/Gisto-1.13.4.dmg
—
Reply to this email directly, view it on GitHub
<#310 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACBLRW2Y5WTPHZUYOS6M63VBC7PFANCNFSM43BNWERA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
My cyber security team identified a file within the Gisto package as known North Korean malware 😬 needless to say I had to remove it from my machine. I just wanted to note that installing gisto via homebrew will result in a package that still gets flagged in 2023. |
https://www.virustotal.com/gui/file/40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e/detection/f-40b8cb8654231af8550d0df76d39a8e69eb1e2fc909faba68882f2fe3576800e-1617435735
any explanation for this?
The text was updated successfully, but these errors were encountered: