Trojan in install-tl-windows.exe reported by Windows Defender

Andrea GINI andrea.gini at sns.it
Sun Jun 18 12:59:24 CEST 2023 

Il giorno sab 17 giu 2023 alle ore 11:31 Siep Kroonenberg <siepo at bitmuis.nl>
ha scritto:
> This link points to an automatically selected mirror
> https://mirror.ctan.org/systems/texlive/tlnet/install-tl-windows.exe

Ok, now I know that the link automatically downloads from a mirror.
Update: Windows defender continues to report the installer as a precise
trojan (Trojan:Win32/Wacatac:B!ml). VirusTotal only reports 1 threat over
all the other scanners. For Malwarebyte the installer is clean.

Il giorno ven 16 giu 2023 alle ore 15:27 Norbert Preining <
norbert at preining.info> ha scritto:
> In addition, the installers are signed with our GPG key, that allows you
> to verify the integrity.

I'm on windows and I'm not literate enough about certificates. I've
installed Gpg4win and downloaded the installer, the sha512 file, the pgp
file related to the sha512 and the pgp file called texlive.
The last one is the same as loading the key from the server inside Gp4win
searching for Tex Live or for tex-live at tug.org but Gpg4win reports that the
trust level is unknown.

If I verify the sha512 file and its signature, Gpg4win reports:
Verified ‘install-tl-windows.exe.sha512’ with
‘install-tl-windows.exe.sha512.asc’: The certificate could not be
certified. Error: 1

TeX Live Distribution <tex-live at tug.org> (0D5E 5D91 06BA B6BC) The used key
is not certified by you or any trusted person.


This is very possible due to my ignorance on certificates :P

I followed a quasi-tutorial for checking the iso of a linux distro, but
Gpg4win in the first place reports that the user id for texlive.asc is "not
certified" when I load the certificate (maybe I shouldn't have imported the
texlive.asc but the key needs to be retrieved directly from a server?).


The SHA512 file and the SHA512 computed for the installer are indeed
identical. Is the PGP validation that is new to me.


Il giorno sab 17 giu 2023 alle ore 11:31 Siep Kroonenberg <siepo at bitmuis.nl>
ha scritto:

> On Sat, Jun 17, 2023 at 11:17:53AM +0200, Andrea GINI wrote:
> > I didn't quite understand the last sentence. I downloaded the installer
> > directly from https://www.tug.org/texlive/windows.html.
>
> This link points to an automatically selected mirror:
> https://mirror.ctan.org/systems/texlive/tlnet/install-tl-windows.exe
>
> --
> Siep Kroonenberg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20230618/9e51dc57/attachment.htm>

More information about the tex-live mailing list.