Malware detected in compiled CLI tool

Question

Malware detected in compiled CLI tool

akiesskp opened this issue 3 years ago · 5 comments

I compiled the CLI tool today, and in the process of copying it to another machine discovered it is flagged as containing malware.

GoogleDrive/Gmail will not allow downloading the exe due to detected malware, and both VirusTotal and MetaDefender have flagged it as containing trojans.

Are these known issues?
https://www.virustotal.com/gui/file/c18eaf796e07c4789f45bb3f4601d1ff8b2b35d849ce722995c42dd14134ba8d/detection
https://metadefender.opswat.com/results/file/31c4028bc46766d02bfb19607a6bc276/hash/multiscan?lang=en

I have confirmed that compiling the exe on a different, isolated machine produced the same thing.

Answer 1 · 2021-05-07T17:57:28.000Z

We certainly did not have any problems like this before. What branch from this repo and what Dart SDK version were used?

Answer 2 · 2021-05-07T18:01:48.000Z

I used the tip of master, and Dart 2.12.4. If you upload the generated CLI exe and check it against those scanners do you see the same issue?

Answer 3 · 2021-05-07T18:25:54.000Z

Yeah, I see similar results with 2.12.4. Compiling with beta SDK (2.13) doesn't trigger those detections, though.

Answer 4 · 2021-05-10T16:03:14.000Z

I can try that, thanks.

edit
That works for me too.

Answer 5 · 2021-06-23T20:44:41.000Z

The issue seems to be resolved with SDK 2.13.