[R-pkg-devel] Possible malware(?) in a vignette

Iñaki Ucar |uc@r @end|ng |rom |edor@project@org
Thu Jan 25 12:02:00 CET 2024


On Thu, 25 Jan 2024 at 10:13, Colin Gillespie <csgillespie using gmail.com> wrote:
>
> Hi All,
>
> I've had two emails from users in the last 24 hours about malware
> around one of my vignettes. A snippet from the last user is:
>
> ---
> I was trying to install a R package that depends on PowerRLaw two
> weeks ago.  However my virus protection software F secure did not
> allow me to install it from CRAN, while installation from GitHub
> worked normally. Virus protection software claimed that
> d_jss_paper.pdf is compromised. I asked about this from our IT support
> and they asked it from the company F secure. Now F secure has analysed
> the file and according them it is malware.
>
> “Upon analyzing, our analysis indicates that the file you submitted is
> malicious. Hence the verdict will remain

See https://www.virustotal.com/gui/file/9486d99c1c1f2d1b06f0b6c5d27c54d4f6e39d69a91d7fad845f323b0ab88de9/behavior

According to the sandboxed analysis, there's something there trying to
tamper with the Acrobat installation. It tries several Windows paths.
That's not good.

The good news is that, if I recreate the vignette from your repo, the
file is different, different hash, and it's clean.

The bad news is that... this means that CRAN may be compromised. I
urge CRAN maintainers to check all the PDF vignettes and scan the
Windows machines for viruses.

Best,
Iñaki


>
> ---
>
> Other information is:
>
>  * Package in question:
> https://cran.r-project.org/web/packages/poweRlaw/index.html
>  * Package hasn't been updated for three years
>  * Vignette in question:
> https://cran.r-project.org/web/packages/poweRlaw/vignettes/d_jss_paper.pdf
>
> CRAN asked me to fix
> https://cran.r-project.org/web/checks/check_results_poweRlaw.html a
> couple of days ago - which I'm in the process of doing.
>
> Any ideas?
>
> Thanks
> Colin
>
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel



-- 
Iñaki Úcar



More information about the R-package-devel mailing list