Speckle Manager 2.8.7 Identified as Malware by Windows (Wacatac.B!ml)

After updating to Speckle Manager 2.8.7 I received the following notification from Windows Defender (win10):

Script/Wacatac.B!ml
Severe
Trojan
This program is dangerous and executes commands from an attacker.

Hey @ChristopherConnock ,

Welcome to the forum and thanks for the report!

Please rest assured we’re not shipping any trojan :sweat_smile:, reading online it seems like the AI used by Microsoft Defender can sometimes report false positives, see this thread.

I’ve inspected our logs and commits and there is no unusual activity detected, likewise a scan with MD did not report any malware on our end.

Please let us know if it pop us again!

Matteo

Please could you upload your Manger.exe found in %AppData%\Speckle\Manager to virus total.
And send us the link generated

1 Like

@teocomi no worries! I wouldn’t assume this was done on purpose, just wanted to keep you all in the loop in case anyone else got the notification. I can email a link to the windows defender event log as well if there is a specific email you would like me to send it to.

@Jedd When I updated the manager it was immediately quarantined. I removed the file and Speckle until I had feedback from you all. I just tried re-downloading and Windows Defender immediately quarantined the download. I allowed it and uploaded to Virus Total - it found no threats. So most likely a detection error, but one that may happen with more users.

Virus Total Link

5 Likes