[Libreoffice-bugs] [Bug 141648] New: MalwareBytes flagged the 2021.04.12 daily build of Libreoffice 7.2Dev as ransomware and quarantined it

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Mon Apr 12 15:18:52 UTC 2021 

https://bugs.documentfoundation.org/show_bug.cgi?id=141648

            Bug ID: 141648
           Summary: MalwareBytes flagged the 2021.04.12 daily build of
                    Libreoffice 7.2Dev as ransomware and quarantined it
           Product: LibreOffice
           Version: 7.2.0.0.alpha0+ Master
          Hardware: x86-64 (AMD64)
                OS: Windows (All)
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Draw
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: mwtjunkmail at gmail.com

Description:
MalwareBytes absconded with 7.2dev after declaring the program malware.  Was in
the middle of researching bugs and then I wasn't.

Steps to Reproduce:
1. Install Malware Bytes
2. Install Windows LO Dev build 

Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 7a0e0a84a02f505200331c19b28d45e898cd5a12
CPU threads: 8; OS: Windows 10.0 Build 19042; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL


3. Link the program to the windows taskbar
4. Launch the program from the taskbar repeatedly (was testing a saving issue)

Actual Results:
Alas, poor Yorik I knew him well...*POOF*
MalwareBytes quarantined the program.



Expected Results:
Malware Bytes shouldn't have flagged anything (never has before with daily
builds).


Reproducible: Always


User Profile Reset: No



Additional Info:
Given that recently GitHub has been swarming with cryptominers, I wouldn't be
surprised if this ransomware flag was real.

I've had MalwareBytes a long time and this is the first time it's ever flagged
a daily dev build as ransomware. The only thing I can think of that I've done
differently in today's testing than any other was having a linked picture in
the document (for testing bug 82637).

Not really sure there is anything you can do on your end other than scan the
build for infections, but my first suspicion is MWB created a false flag based
on the linked file and how quickly I was saving the file / relaunching the
program.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20210412/8e340eba/attachment.htm>

More information about the Libreoffice-bugs mailing list