webtorrent-desktop
webtorrent-desktop copied to clipboard
11 antivirus engines work on the installer.
v0.24.0
Windows 10
https://www.virustotal.com/gui/file/08b97a6a4b5999bd0f0c2f0eb368eb938a16c373999b672db24ea89664d35714
Expected virus-free software lol!
NO!
yes, I want to add this app to winget. But, it got flagged as a PUP. Is this false alarm?
Antivirus software works on heuristics -- it tries to identify malware based on patterns. For reasons you could probably divine, malware sometimes distributes payloads and updates through peer to peer means.
Webtorrent Desktop is open source, so if you have any hesitations, feel free to inspect the code it runs and verify the AV categorization. Unless you have a specific accuation, please close the issue.
Antivirus software works on heuristics -- it tries to identify malware based on patterns. For reasons you could probably divine, malware sometimes distributes payloads and updates through peer to peer means.
Webtorrent Desktop is open source, so if you have any hesitations, feel free to inspect the code it runs and verify the AV categorization. Unless you have a specific accuation, please close the issue.
I still have doubts about false positives because the last release v0.24.0 is virustotal clean https://www.virustotal.com/gui/file/4e908c53f6ffdd5b4dd9a92800816f7ab1cb20669aef17eca1041b87885f71c5
I still have doubts about false positives because the last release v0.24.0 is virustotal clean https://www.virustotal.com/gui/file/4e908c53f6ffdd5b4dd9a92800816f7ab1cb20669aef17eca1041b87885f71c5
I'm not an active developer of this repository but I've cloned the repo and will be inspecting it -- If you have evidence of malicious code then by all means, please submit it for review. This is a popular repo with dozens of contributors, so the likelihood of something being overtly malicious within the codebase is not impossible but at least unlikely, or highly conspiratorial.
If you don't have something to present other than the false positive, please close this issue until you do.
I did some testing on a clean Virtualbox VM and i cannot find any traces of Adware, however it might be blocked by a strict host system wide DNS or it did not run because it detected a VM.
- First of all WebTorrentSetup-v0.24.0.exe is the latest installer from https://github.com/webtorrent/webtorrent-desktop/releases/download/v0.24.0/WebTorrentSetup-v0.24.0.exe.
- WebTorrentSetup-v0.24.0.exe\Update.exe obv clean
- WebTorrentSetup-v0.24.0.exe\WebTorrent-0.24.0-full.nupkg is just flagged as PUA/PUP
-
WebTorrentSetup-v0.24.0.exe\WebTorrent-0.24.0-full.nupkg\lib\net45\WebTorrent.exe which can also be found at
%Localappdata%\WebTorrent\app-0.24.0\WebTorrent.exe
is mostly detected as PUP/PUA, however Malwarebytes blocked a connection to 213.34.163.254:50239 and 117.201.196.173:8080 -
WebTorrentSetup-v0.24.0.exe\WebTorrent-0.24.0-full.nupkg\lib\net45\WebTorrent_ExecutionStub.exe which is also found at
%Localappdata%\WebTorrent\WebTorrent.exe
is detected as Adware (Fake Popups)
- Secondly https://www.virustotal.com/gui/file/4e908c53f6ffdd5b4dd9a92800816f7ab1cb20669aef17eca1041b87885f71c5 is WebTorrentSetup-v0.22.0.exe
-
WebTorrentSetup-v0.23.0.exe from WebTorrentSetup-v0.23.0.exe is also clean
- WebTorrentSetup-v0.23.0.exe\Update.exe clean
- WebTorrentSetup-v0.23.0.exe\WebTorrent-0.23.0-full.nupkg clean
- WebTorrentSetup-v0.23.0.exe\WebTorrent-0.23.0-full.nupkg\lib\net45\WebTorrent.exe clean, however it does try to access 178.255.168.117:8621
- WebTorrentSetup-v0.24.0.exe\WebTorrent-0.24.0-full.nupkg\lib\net45\WebTorrent_ExecutionStub.exe clean
WinGet does not manually approve False Positives, contact the AV's to get it unflagged or remove the malicious code which might have gotten implemented in version 0.24.0.
Since its 2 years since the last release, would there be any changes in a new compile?
- 213.34.163.254:5023 *178.255.168.117:8621 https://www.abuseipdb.com/check/178.255.168.117 https://www.abuseipdb.com/check/213.34.163.254 Definitely bad ip.
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?