hydra icon indicating copy to clipboard operation
hydra copied to clipboard

Published 20 hours ago verified publisher icon hydralauncher

Trojan:Win32/Acll in the installation .exe

Open warstellar opened this issue 10 months ago • 7 comments

Windows Defender detects Trojan:Win32/Acll in the setup.exe. Any ideas why?

warstellar avatar Apr 22 '24 19:04 warstellar

Most likely due to low application score and lack of digital signature. Closing this since I can't see no further questions related to this topic.

hydralauncher avatar Apr 23 '24 02:04 hydralauncher

due to low application score and lack of digital signature

@hydralauncher I have no idea what you're talking about and frankly it sounds like nonsense excuse for a TROJAN being detected in thesetup.exe...

but if that's the issue then why don't you fix it?

zenflow avatar May 01 '24 05:05 zenflow

@zenflow

https://www.electronjs.org/docs/latest/tutorial/code-signing

If you're willing to lend me the 400€ for the digital license I can fix it without any issues. What do you think?

hydralauncher avatar May 01 '24 05:05 hydralauncher

@zenflow

Antiviruses detects not signed .exe files as maliciois frequently. The only known solution is to pay a 400$ license, what is 100% not viable.

If you have any specific question about the safety of the code, please show us and we will help you

zamitto avatar May 01 '24 05:05 zamitto

Windows Defender detects Trojan:Win32/Acll in the setup.exe. Any ideas why?

does it still do that if you build it yourself?

ArjixWasTaken avatar May 01 '24 08:05 ArjixWasTaken

For information, VirusTotal scoring the installer at 14/71 is not good look either, no matter the signature thing: https://www.virustotal.com/gui/file/541a1966114e166cc5807973c227ad72fea6d687ce7c2e70293f794751247427

Also the fact that the source code is available here is not a proof/garanty a toolchain-based attack is not there on the provided already-built installer

KokaKiwi avatar May 01 '24 09:05 KokaKiwi

@KokaKiwi I am completely aware of that, but you can imagine that simply pasting the VT link here is not even close to be helpful for us. It's not a bug and it's not something that I can even control, a game launcher is something that will require sole level of privilege and there's not much that I can do about it.

I'll reiterate that posting VT links won’t tell me much at all, since all the reported behaviours are expected and all the releases are built from the source using GitHub Actions.

And I don't know exactly which research you did it yourself, but some of those flags would indeed go away with code signing (specially Generic ones and NotAVirus).

hydralauncher avatar May 01 '24 12:05 hydralauncher

IMG_20240504_225811019 1 here is an alert about trojan.

davidied avatar May 05 '24 02:05 davidied

@davidied as already stated, this is a false positive. We have updated our build pipeline and it seems to have resolved a lot of false positives. If you feel unsafe, wait until we release the next update

zamitto avatar May 05 '24 02:05 zamitto

@davidied as already stated, this is a false positive. We have updated our build pipeline and it seems to have resolved a lot of false positives. If you feel unsafe, wait until we release the next update

I can confirm. The latest build does not trigger Windows Defender warning, and it did before.

warstellar avatar May 05 '24 09:05 warstellar