Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

opencv-4.0.1-vc14_vc15.exe on Sourceforge infected with malware #14127

Closed
mpsheppa opened this Issue Mar 22, 2019 · 1 comment

Comments

2 participants
@mpsheppa
Copy link

commented Mar 22, 2019

The file at https://sourceforge.net/projects/opencvlibrary/files/4.0.1/opencv-4.0.1-vc14_vc15.exe/download is not the same as at https://github.com/opencv/opencv/releases/download/4.0.1/opencv-4.0.1-vc14_vc15.exe. The sourceforge file has a fake google signature, was modified on the wrong date for the release (a couple of days ago_ and results in this malware file being dropped onto the system: https://www.virustotal.com/gui/file/1786FE752BEAD0F1B91732756DB73A32E135C0ED003A543B80846F53A91638F3/detection.

I assume someone has compromised the sourceforge credentials and replace the legitimate file with a fake one.

@alalek

This comment has been minimized.

Copy link
Contributor

commented Mar 22, 2019

Thank you for the report!

Mentioned file has been re-uploaded with original.

Two similar files have been found in "4.0.0-alpha" directory (directory has been removed completely).

Send request to SourceForge support with helping of this incident investigation.


Consider using GitHub releases in the meantime.

@alalek alalek closed this Mar 23, 2019

@opencv opencv deleted a comment from LDity Mar 25, 2019

@opencv opencv locked as resolved and limited conversation to collaborators Mar 25, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.