Skript

Skript

743k Downloads

Trojan Phonzy.B - last update | fake positive ???

yzz17 opened this issue ยท 3 comments

commented

Skript/Server Version

"https://objects.githubusercontent.com/github-production-release-asset-2e65be/53415151/00d373cd-cd80-4f32-a727-280185e46c16?X-Amz"

"Credential=AKIAVCODYLSA53PQK*ZA%*F*0**0*0*%*Fus-east-*%*Fs3%*Faws*_request&X-Amz-"

Date=*0**0*0*T**0***Z&X-Amz-Expires=300&X-Amz-
Signature=a**deea5eb5655*3a*9*90b958*50*396*d6*e*ccdaf*5bdf3a*6bdd*efea0*0&X-Amz-

SignedHeaders=host&actor_id=*****9*0&key_id=0&repo_id=53**5*5*&response-content-disposition=attachment%3B%*0filename%3DSkript.jar&response-content-type=application%*Foctet-stream|pid:****,ProcessStart:*3356********95**0

githubusercontent.com/github-production-release-asset-2e65be/53415151/00d373cd-cd80-4f32-a727-280185e46c16: This is the path to the file on the GitHub server?
X-Amz-Algorithm=AWS*-HMAC-SHA*56: This is the algorithm used for signing the AWS request?
X-Amz-Credential=AKIAVCODYLSA53PQK*ZA%*F*0**0*0*%*Fus-east-*%*Fs3%*Faws*_request: These are the credentials used to authenticate the request?
X-Amz-Date=*0**0*0*T**0***Z: This is the date and time of the request.
X-Amz-Expires=300: This is the time in seconds that the signed URL is valid after the time specified in /X-Amz-Date/?
X-Amz-Signature=a**deea5eb5655*3a*9*90b958*50*3968d6*e*ccdaf*5bdf3a*6bdd*efea0*0: This is the signature of the application?
response-content-disposition=attachment%3B%*0filename%3DSkript.jar: This suggests that the file will be downloaded with the name Skript.jar when the URL is accessed?
response-content-type=application%*Foctet-stream: This is the MIME type of the file, which in this case indicates that it is a binary data stream, which is common for downloadable files?
The final part of the text (pid:****,ProcessStart:**************) appears to be related to the process information of an operating system, where pid is the process ID and ProcessStart is the start time of the process?

Bug Description

.

Expected Behavior

.

Steps to Reproduce

.

Errors or Screenshots

.

Other

It's probably not important, simply to inform that it's detected as a Trojan

Agreement

  • I have read the guidelines above and affirm I am following them with this report.
commented

Thanks for the report, we'll disable the download while we investigate.

commented

It's likely it's the update checker, but I'm not certain.

commented

Looks like this is a simple case of a Windows Defender false positive, thankfully. We're putting the download back up (and being better safe than sorry and rebuilding it on a different PC that's also known to be safe). Apparently WD is flagging spigot plugins as Wacatac or Phonzy trojans misleadingly. See https://www.spigotmc.org/threads/windows-defender-false-positives.639507/.

Thanks for the report!