Malware "Trojan.Win32.Redline" in IDEA plugin (Virustotal analysis) #592
Comments
|
This is probably due to the EmmyLua remote debugger. We have removed the attach debugger from EmmyLua in 2020 due to virus reports. If you are concerned about virus issues, you can choose not to use the EmmyLua plugin. The source code of the EmmyLua debugger is fully open, and you can review the code yourself or compile the debugger. see: https://github.com/EmmyLua/EmmyLuaDebugger |
First of all: I always check the source code of extensions from unknown developers and also do a virus scan. It's the first time that virus scanners detected "likely malicious" behaviour, but this could be a false positive. This is why opened an issue in your repository to inform you and ask for details. By checking MetaDefender sandbox results, I noticed that it's marked as "likely malicious" mostly because of VM environment detection and the usage of Windows' socket API, which seems legit and necessary for the remote debugger functionality. Maybe you could release a "EmmyLua lite" version that only comes with static analysis and syntax highlighting without the remote debugger? Btw: Open source doesn't necessarily mean that the extension was compiled from the source code. |
I actually can't decide on the release of this plugin, but if you want to use a plugin without the debugger, you can use Sumneko Lua, which is also a plugin I released. |
|
Thank you for your help. I'll consider your suggested extension. |
Environment(环境)
What are the steps to reproduce this issue?(重现步骤?)
What happens?(出现什么问题?)
Trojan.Win32.Redline warning
What were you expecting to happen?(期望?)
No warnings
The text was updated successfully, but these errors were encountered: