Serious warning trojan horse
Closed this issue · 9 comments
What's up with the Trojan horse warning???
It's in Dutch. It says serious danger Trojan horse
(Bearfoos Trojan can steal data)
When I opened xtbox it prompted me to update.
After update I did get this Trojan injection... If dev can't prove it's a fake positive it's probably not and dev should be banned from GitHub.
Trojan:Win32/Bearfoos.A!ml
It's because the program is packed using UPX, UPX will always introduce some detections.
- The program is compiled using my own custom modified version of PyInstaller, here are the modifications:
if upx:
if strip:
fnm = checkCache(
fnm,
strip=True,
upx=False,
dist_nm=dist_nm,
target_arch=target_arch,
codesign_identity=codesign_identity,
entitlements_file=entitlements_file,
strict_arch_validation=strict_arch_validation,
)
# We need to avoid using UPX with Windows DLLs that have Control Flow Guard enabled, as it breaks them.
if is_win and versioninfo.pefile_check_control_flow_guard(fnm):
logger.info('Disabling UPX for %s due to CFG!', fnm)
elif misc.is_file_qt_plugin(fnm):
logger.info('Disabling UPX for %s due to it being a Qt plugin!', fnm)
else:
option0 = '-9'
option1 = '--ultra-brute'
option2 = '--overlay=strip'
option3 = '--compress-icons=3'
upx_executable = "upx"
if CONF.get('upx_dir'):
upx_executable = os.path.join(CONF['upx_dir'], upx_executable)
cmd = [upx_executable, option0, option1, option2, option3, " -q", cachedfile]The modified code is in
Lib/site-packages/PyInstaller/building/utils.py line 257
triage report
As you didn't respond for 2 days, I will mark this issue as complete.
https://www.virustotal.com/gui/file/a7809486fcfd5d0540f8b4a995dc415cce3bfc282eac9da583a79c166f2d245f
XToolBox uses the compiler called Nuitka that compiles it into C code and then into an ede files. The program is also packed using UPX to save space. You can look into the source code and compile it yourself. It downloads and executes files.