Package: aircrack-ng
Version: 1.7-5_amd64
Severity: normal
Tags: security
X-Debbugs-Cc: hug...@hiegel.fr, Debian Security Team <t...@security.debian.org>
Hello,
scanning an entire mirror of binary (amd64) packages from Debian stable
using a white station led to consistent alerts raised by three different
scanners (out of ~10) with aircrack-ng package. Following are the exact
alert messages:
file: aircrack-ng/aircrack-ng_1.7-5_amd64.deb
sha256: 2c128adb6fef5864952205dab30ca361fdc677ea1d3cfce4424790f7cc69bfc6
- bitdefender : Trojan.Linux.Generic.274536
- avira : SPR/ANDR.Mirai.A
- fsecure : PrivacyRisk.SPR/ANDR.Mirai.A (6, 1, 1)
I obtain almost the same results with a subtle variant (Mirai.A ->
Mirai.qahkj) while scanning the aircrack-ng binary itself, which I
extracted directly from the .deb package:
file: aircrack-ng/aircrack-ng_1.7-5_amd64/usr/bin/aircrack-ng
sha256: d58a36fa6360bac0419650786e690f4691a3ba62f3710eb7db24d6d5d90e7c71
- bitdefender : Trojan.Linux.Generic.274536
- avira : SPR/ANDR.Mirai.qahkj
- fsecure : PrivacyRisk.SPR/ANDR.Mirai.qahkj (6, 1, 1)
I struggle finding evidences of a possible false alert, making me
considering this as a potentially credible issue. I would gladly help
investigate this further on, if you need so.
With best regards,
Hugues.
-- System Information:
Debian Release: 12.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.19.0-50-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
