Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
opencv-4.0.1-vc14_vc15.exe on Sourceforge infected with malware #14127
The file at https://sourceforge.net/projects/opencvlibrary/files/4.0.1/opencv-4.0.1-vc14_vc15.exe/download is not the same as at https://github.com/opencv/opencv/releases/download/4.0.1/opencv-4.0.1-vc14_vc15.exe. The sourceforge file has a fake google signature, was modified on the wrong date for the release (a couple of days ago_ and results in this malware file being dropped onto the system: https://www.virustotal.com/gui/file/1786FE752BEAD0F1B91732756DB73A32E135C0ED003A543B80846F53A91638F3/detection.
I assume someone has compromised the sourceforge credentials and replace the legitimate file with a fake one.
Thank you for the report!
Mentioned file has been re-uploaded with original.
Two similar files have been found in "4.0.0-alpha" directory (directory has been removed completely).
Send request to SourceForge support with helping of this incident investigation.
Consider using GitHub releases in the meantime.