Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Virustotal says that linux version of youtube-dl needlessly contacts certain ip/domains while .exe version doesn't #22151
Comments
|
Bother to even read what does Execution Parents in Relations does mean. |
|
@dstftw Execution parents doesn't matter because those are only files that include/execute youtube-dl for their own purposes like say packing an open-source program into a much bigger program. What do you need from me to make this more "acceptable" for your examination? This is a serious case with a possibility that your linux binaries are poisoned. |
|
This portion is the one that matters. |
|
youtube-dl does not connect to these locations on its own. These are standard macOS call homes. |
|
Oh I see, upon noticing that I could view the whole report I can see that it was indeed executed in macOS |
Checklist
Citings and Remarks
Latest youtube-dl binary for Linux. Click Relations tab for reference on what I am saying
Malicious domain being contacted by the binary as said by VirusTotal. Note that I haven't personally tested it as I do not have a test lab in place just yet. Click Relations tab for a look at the graphs that include this domain in their analysis.
Latest youtube-dl binary for Windows. Click Relations tab to see just how clean this is compared to the binary for Linux.
Description
While I know there is a possibility that the connections in the linux binary is just a false positive due to flawed linux binary testing of VirusTotal, I'd prefer to be really sure anyways given the fact that a supply-chain attack is certainly not an impossible feat.