Quote:
Originally Posted by asherkin
Official statement: This is a pretty typical false positive, report it to your AV vendor.
The build system is fully automated, all the changes are in the GitHub repos of SourceMod and its dependencies.
|
While I have full confidence that this is indeed a false positive, especially considering the resurface of an upgraded version of Grandoreiro (which targets critical infrastructure, I'm sure AV vendors were quick to update regardless of accuracy), it is important to still verify the changes in the GitHub repos and concerns are not unwarranted.
BetterMC was a large Minecraft modpack hosted on CurseForge. Recently, tens of thousands of users who downloaded the modpack from the official CurseForge listing, were infected with malware. This was not because of a rogue developer. It was a result of a developer being hacked, and the hacker using his authority to push an infected build to the public.
However, ultimately, the trojan that is being detected (Grandoreiro) is NOT something that a bad actor would use to target SourceMod users. It makes no sense and is definitely a false positive.