Dear Mikolaj Michnowicz,

I'm not sure I know anything about winget, I don't think that's an Inkscape operated or approved of method for getting Inkscape.

If the sha for the msi matches the one on the website (inkscape.org) then you can be sure it contains no ransomware. But be careful.

It's a bit of a cheek for the antivirus to say it infects Linux when it's an msi file, but I guess it's a standard bog roll text.

Come to the dev chat at chat.inkscape.org if you'd like to talk to the msi builder.

Best Regards, Martin Owens

On Sun, 11 Feb 2024 at 14:56, Anonymous User <mikolaj.michnowicz@mcomm.eu> wrote:
Hi,
We have installed today your software via winget (winget install Inkscape.Inkscape) and our antivirus software showed some Indicators of Compromise corresponding to some files that were extracted from .msi during installation.

#PS C:\Users\MikolajMichnowicz> winget show Inkscape.Inkscape
Found Inkscape [Inkscape.Inkscape]
Version: 1.3.2
Publisher: Inkscape
Publisher Url: https://inkscape.org
Publisher Support Url: https://inkscape.org/support-us
Moniker: inkscape
Description: Inkscape is a free and open-source vector graphics editor used to create vector images, primarily in Scalable Vector Graphics (SVG) format. Other formats can be imported and exported.
Homepage: https://inkscape.org
License: GPLv2
License Url: https://inkscape.org/about/license
Privacy Url: https://inkscape.org/about/privacy
Tags:
  art
  drawing
  editor
  foss
  graphics
  icons
  svg
  vector-graphics
Installer:
  Installer Type: wix
  Installer Locale: en-US
  Installer Url: https://media.inkscape.org/dl/resources/file/inkscape-1.3.2_2023-11-25_091e20e-x64.msi
  Installer SHA256: 214263cb23d241134af0a22144c54ff1a1c0993d3a1c9ea7d76710f985a145df

Files detected related to installation:
1. HelloXD Ransomware Detected
An artifact with an extension associated with the HelloXD ransomware was seen. Hello XD is a ransomware targeting Windows and Linux systems which disables shadow copies and encrypts user's files. It is known to drop an open source backdoor called MicroBackdoor on the victim's machine to exfiltrate files, execute commands and delete itself from the host.

Categories      ransomware
Tags    ransomware, malware, file, UA_2022
Artifact ID     SHA256  Path
9502
913357103891825ab4b7aec76dc7c8185fa7860ed798b8d4d60b9cb97ccf6da9
CM_FP_inkscape.lib.tk8.6.demos.hello

2. Cuba Ransomware Artifact Detected
An artifact known to be associated with the Cuba ransomware was seen being created or modified on the system. The Cuba ransomware has been targeting organizations in various fields, such as financial institutions, technology, logistics, etc. The malicious actors behind it recently decided to start leaking the stolen data, similar to what happened to other ransomware campaigns. Once a victim's network has been breached, the attackers deploy PowerShell scripts to move laterally and execute the next stages.

Categories      ransomware
Tags    ransomware, encryption, persistence, artifact
Artifact ID     SHA256  Path
9240
2f9dfe275b62efbcd5f72d6a13c6bb9afd2f67fddd8843013d128d55373cd677
CM_FP_inkscape.lib.tcl8.6.tzdata.Cuba

It of cource could be a false positive, netherless please check it out, maybe someone compromised some elements somewhere and put those in.
_______________________________________________
Webmaster mailing list -- webmaster@lists.inkscape.org
To unsubscribe send an email to webmaster-leave@lists.inkscape.org