July 11, 2021

How common is it to get malware from open source software updates?

A few days ago, Windows Defender flagged the update .exe file for a piece of open source software I use as a Trojan. The developer says this was a false positive. Today, another piece of open source software I occasionally use started behaving strangely – as soon as I opened the app, it would close immediately. I uninstalled it, downloaded the installer for the most recent version, and ran it through VirusTotal – VirusTotal flagged something in that update as malware as well (Bkav Pro – W32.AIDetect.malware1).

Generally speaking I think I’m very safe when it comes to this sort of thing. I scan almost every new file before opening it, I have Malwarebytes pro running real time, I don’t visit shady websites and have hardened Firefox, when I use open source apps I try to only use at least semi-popular ones, etc. I’ve never had a problem with updates for software I use and trust getting flagged as malware, and now it’s happened twice in the past week.

Even though these are likely false positives, I still feel hesitant to install the updates. Is it common to get malware from software updates? I always thought this was one of the less likely ways to get malware, so I never worried too much about it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.