XCSSET malware infection in 2.0.0-beta2?
I was trying to install the 2.0.0-beta2 on my MacBook Pro. My antivirus software interfered (Intego) telling me there is an infection of XCSSET malware in /Applications/astropixelprocessor.app/Contents/MacOS/universalJavaApplicationStub and it quarantined the file.
After this I deleted the installation files and went back to the 1.083. I have not tested the 2.0.0-beta1.
Hi Virjonen @virjonen,
Thank you very much for reporting this. I will investigate this of course with high priority.
The universalJavaApplicationStub code is the startup script to run APP 2.0.0 on macOS and that script definitely does not contain XCSSET malware and I compiled the script myself to make it an executable. And then Apple approved this because the whole package was notarized by Apple. So it seems quite likely that your anti-virus is giving a false positive here, but to be sure I will scan all my mac computers for this problem and see what comes up.
Will report back as soon as I know more 😉
Same here. VirusBarrier 10.9.63 with latest Virus descriptions alerted me to
universalJavaApplicationStub - OSX/XCSSET
Intel 5k iMac running MacOS Monterey 12.4
I wanted to try APP 2.0.0 β2 because APP 1.083.2 is failing Star Analysis on my subs (Green especially) which, as far as I can tell, are fine. In fact, it's failed some subs that look better than others that are accepted.
I have taken a very! long time to investigate this issue and I can only conclude at the moment that your virus scanners are very likely giving a false positive on a possible XCSSET infection.
I use Bitdefender Total Security which has a very good reputation and it definitely knows the XCSSET infection. It does not find it on any of my macs and it does not find it in the beta2 release.
To add to this: the universalJavaApplicationStub is a small script that starts APP on your mac that I compile to a binary on my macs during build of the DMG installers.
This script simply does not contain XCSSET.
Furthermore XCSSET is spread using XCODE which is NOT used/involved in my development environment to create the mac installers for APP. So that alone makes it impossible for the DMG to contain it I think.
"One of the most interesting things about XCSSET is that its main target seems to be developers who use Apple’s Xcode app. An Xcode project infected by XCSSET can lead to malicious code being executed on a developer’s computer."
XCODE is simply not used by us since we develop cross-platform, which leads me to conclude that your virus scanners are not accurate unfortunately.
I will not close this issue for now, but at the moment, I can not do more I think to give you a more satisfying answer.
I understand that you both use Intego VirusBarrier right? So please be open to the possibility that Intego is not accurate here, since other AntiVirus packages report the 2.0.0-beta2 as clean/not infected.
You're right, it's likely a false positive. I think I should contact Intego about this and see if they can tell us more and/or fix the likely false detection.
Will keep you posted,
Ping @philpaul3aol-com as well.
I just received a reply from Intego support. Like you suspected, it was a false positive and they have now fixed the definitions. I updated VirusBarrier and installed 2.0.0-beta2. No errors and everything works now.
Here is the reply from Intego:
Support Intego (Intego)
Aug 5, 2022, 02:49 CDT
This is a false positive which has been fixed with new 2022080401 virus definitions.
Please check for updates with NetUpdate.
And remove this entry from the Quarantine or the Trusted Items list.
Please let us know if you have any other questions.
The Intego European Support Team.
Excellent, thank you very much for contacting Intego about this. I am glad that they have confirmed it was a false positive 🙂 !