bitcoin-wallet reported as Wacatac malware #28415

issue xdemiansmithx openend this issue on September 5, 2023
  1. xdemiansmithx commented at 2:03 pm on September 5, 2023: none

    Is there an existing issue for this?

    • I have searched the existing issues

    Current behaviour

    Running gpg verified binaries leads to “An active ‘Wacatac’ malware was prevented”

    Expected behaviour

    Not triggering the incident

    Steps to reproduce

    Follow https://bitcoin.org/en/full-node#mac-os-x-yosemite-1010x:

    • curl -O https://bitcoin.org/bin/bitcoin-core-25.0/ar -zxf bitcoin-25.0-arm64-apple-darwin.tar.gz
    • cd Downloads && gpg –verify SHA256SUMS.asc
    • tar -zxf bitcoin-25.0-arm64-apple-darwin.tar.gz
    • sudo cp bitcoin-25.0/bin/bitcoin* /usr/local/bin/.
    • run bitcoind

    Relevant log output

    An active ‘Wacatac’ malware was prevented

    How did you obtain Bitcoin Core

    Pre-built binaries

    What version of Bitcoin Core are you using?

    25.0-arm64-apple-darwin

    Operating system and version

    macOS Ventura 13.5.1

    Machine specifications

    apple silicone chip

  2. maflcko added the label macOS on Sep 5, 2023
  3. maflcko added the label Questions and Help on Sep 5, 2023
  4. maflcko commented at 2:12 pm on September 5, 2023: member
    What is the hashsum of the file you downloaded and are running?
  5. xdemiansmithx commented at 2:54 pm on September 5, 2023: none

    shasum -a 256 bitcoin-25.0-arm64-apple-darwin.tar.gz: 3b35075d6c1209743611c705a13575be2668bc069bc6301ce78a2e1e53ebe7cc

    cat SHA256SUMS | grep 3b35075d6c1209743611c705a13575be2668bc069bc6301ce78a2e1e53ebe7cc: 3b35075d6c1209743611c705a13575be2668bc069bc6301ce78a2e1e53ebe7cc bitcoin-25.0-arm64-apple-darwin.tar.gz

    gpg –verify SHA256SUMS.asc: 13 “Good signature from”

    sha256 of the binary is dff4410e05b89e26b74f59d3c93c5c1189e7154f835369df34a05e205b6e0677

  6. fanquake commented at 3:01 pm on September 5, 2023: member

    shasum -a 256 bitcoin-25.0-arm64-apple-darwin.tar.gz: 3b35075d6c1209743611c705a13575be2668bc069bc6301ce78a2e1e53ebe7cc

    You’ve downloaded the correct tarball. There is no malware in it.

    An active ‘Wacatac’ malware was prevented

    What is reporting the malware? Is this macOS/Gatekeeper/Xprotect? Or are you running a different virus/malware scanner that is reporting the issue?

  7. xdemiansmithx commented at 3:03 pm on September 5, 2023: none
    In this instance this was Microsoft Defender. Thanks for confirming I did all the checks correctly.
  8. fanquake commented at 3:06 pm on September 5, 2023: member

    In this instance this was Microsoft Defender.

    Ok. Only thing to do here is report the issue to Microsoft, maybe using https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-worldwide#report-a-false-positivenegative-to-microsoft-for-analysis.

    Closing this issue, as there’s nothing further for us to do.

  9. fanquake closed this on Sep 5, 2023
  10. maflcko added the label Upstream on Sep 5, 2023
  11. bitcoin locked this on Sep 4, 2024


xdemiansmithx maflcko fanquake

Labels
macOS Upstream Questions and Help

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-21 09:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me