SERIOUS! infected binary for windows found on the setup tab of next dns dashboard
Hi all,
Im using nextdns for a while now and was thinking of getting my game pc up and running with next dns, then, when i log in and download the offical signed binary from the setup tab, i found out that it was infected by a threat actor from the middle east.
this file lacks meta information, has been signed and counter signed by next dns and is as of now 4 months old. Virustotal confirmed it that it was a serious payload
Just a heads up for ya all :)
the hash on virustotal:
eac1fddb908b01808edb39588616ff78ceb33dc3bfeb5cdbc1d29a04f873160e
12 replies
-
False positive?
VirusTotal now reports zero detections for the Windows executable with the same SHA-256 hash.
-
Do we have any follow up on this from @NextDNS ?
-
OP clearly does not know how to use, nor interpret, the results of Virustotal. Any file you upload to Virustotal will have similar behaviors to known malware. In the end, its all about context.
The keylogging capabilities does not mean it actually logs keystrokes, infact, all programs have that capability, including your web browser
Scanning for AV software might be for compatibility reasons.
Again, it's all about context.
-
submitted the file to kaspersky for analysis and they said its safe:
No malicious software was found in the attached file.
Best regards, Anastasiya Makarova, Malware Analyst 39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names
Content aside
- 1 yr agoLast active
- 12Replies
- 455Views
-
6
Following