Wine 'stable' comes with a trojan - confirmed by VirusTotal #3255
Replies: 5 comments 5 replies
-
Sent using the mobile mail appOn 2022-05-10 at 10:15, Paul Hammant wrote:
From: "Paul Hammant" ***@***.***>Date: 10 May 2022To: "Homebrew/discussions" ***@***.***>Cc: "Subscribed" ***@***.***>Subject: [Homebrew] Wine 'stable' comes with a trojan - confirmed by VirusTotal (Discussion #3255)
Yesterday:
brew tap homebrew/cask-versions
brew install --cask --no-quarantine wine-stable
Avira caught a virus locally. VirusTotal confirmed:
Local verification of SHA256:
$ shasum -a 256 winedevice.exe
7073edb2bb06f9e914ebf28439c48fe99e1715d62690251e267110f3f6fb28c4 winedevice.exe
I looked at the hackerOne system for posting this, but figured that was for issues in Homebrew itself.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
This should be reported to wine and https://docs.brew.sh/Acceptable-Casks#apps-that-bundle-malware should be followed |
Beta Was this translation helpful? Give feedback.
-
Eight security vendors saying the same thing is still a false positive? |
Beta Was this translation helpful? Give feedback.
-
This is a pretty common occurrence in the Wine community - AV vendors flag Wine executables as some sort of "generic" malware. If you actually take a look at the names, notice that none of the AV engines are actually able to assign a virus strain other than something like "Trojan.Generic" or some ML-generated ID. I would also question the motive - if it were the maintainer's intent to infect people's Macs (this being a Homebrew package), why on earth would they bundle it as an easily detectable Win32 application? |
Beta Was this translation helpful? Give feedback.
-
I'd though to test if the newer binutils help much for https://www.virustotal.com/gui/file/16fa8aac3d3226e76e350a62e50354d482e58afa0854afd75e88101717723414 https://www.virustotal.com/gui/file/c49fb78b7994c52d241cb21fb22d41cd281696ea48271b01d4f6a8e898473b0c https://www.virustotal.com/gui/file/2ad4608d06244e2f39aa1804ad11b26d6ef5588ff1eb6b3eb2ade2032c18c62a this These AV vendors are really dam lazy. |
Beta Was this translation helpful? Give feedback.
-
Yesterday:
Avira caught a virus locally. VirusTotal confirmed:
Local verification of SHA256:
I looked at the hackerOne system for posting this, but figured that was for issues in Homebrew itself.
Beta Was this translation helpful? Give feedback.
All reactions