[1.1.0] Malware after installation? Did anyone notice that?

what version of Sikuli?

did you download and run any scripts from the net, created by others?

Hi,

I have Sikuli 1.1.0.

I did initially try Sikuli Slides 1.5, but I have removed this.

Peter

Well, lets wait, wether anyone else noticed this.

IMHO: Just downloading the setup jar and then running it, to get the IDE and the API jar, should not lead to the problem, since non of the components used should be affected.

I can confirm this happens on Windows 10. I suspect it's a false positive, but am not keen on blindly ignoring this type of alert. The checksum on the file I downloaded matches what's on the site (a33616bac6d4f44785b89a02b110a0f8), but I'd rather wait until someone with access to source can validate checksum against source before I execute the jar.

(The linux mint iso hijackers updated the the binary AND checksum hash when they owned the distro and site this year...)

To clarify: when downloading the jar file Windows Defender flags and isolates it before it is ran. Alerts as Trojan:Win32/Spursint.A!lc

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FSpursint.A&ThreatID=-2147261593

If there is any telemetry data, updater, or other call home stuff in the package, I can see how it could trigger a false positive considering the nature of the software. I would be amazed if sikuli has never been found in a botnet framework.

I am getting this also, are there any updates?

To clarify: when downloading the jar file

What did you download from where?

I tried to download the jar file from the launchpad link https://launchpad.net/sikuli/sikulix/1.1.0/+download/sikulixsetup-1.1.0.jar

FYI, I was able to download the latest nightly build 1.1.1 without issue.

I just uploaded a new file sikulixsetup-1.1.0.jar (signed this time).

Could you just check the behavior?

I have downloaded it without any detection. Will try a couple of times more.

Peter

@Peter: thanks.