Ubuntu
ubuntu-release-upgrader package

clamav n sophos savscan detected virus for /usr/bin/jq

Bug #1892819 reported by kuennleow
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-release-upgrader (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

$ sudo clamscan -ir /usr/bin
/usr/bin/jq: Win.Malware.Agent-9451404-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8616004
Engine version: 0.102.4
Scanned directories: 1
Scanned files: 2329
Infected files: 1
Data scanned: 403.14 MB
Data read: 893.13 MB (ratio 0.45:1)
Time: 50.400 sec (0 m 50 s)

sudo /opt/sophos-av/bin/savscan -f -all -archive -suspicious /usr/bin/jq
SAVScan virus detection utility
Version 5.74.0 [Linux/AMD64]
Virus data version 5.77, August 2020
Includes detection for 53270981 viruses, Trojans and worms
Copyright (c) 1989-2020 Sophos Limited. All rights reserved.

System time 01:55:37 PM, System date 25 August 2020
Command line qualifiers are: -f -all -archive -suspicious

Full Scanning
>>> Virus 'Mal/Generic-S' found in file /usr/bin/jq
1 file scanned in 5 seconds.
1 virus was discovered.
1 file out of 1 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: ubuntu-release-upgrader-core 1:20.04.24
ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
Uname: Linux 5.4.0-42-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.8
Architecture: amd64
CasperMD5CheckResult: skip
CrashDB: ubuntu
CurrentDesktop: KDE
Date: Tue Aug 25 13:26:24 2020
InstallationDate: Installed on 2019-10-28 (302 days ago)
InstallationMedia: Kubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805)
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_US
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_SG.UTF-8
 SHELL=/bin/bash
SourcePackage: ubuntu-release-upgrader
Symptom: release-upgrade
UpgradeStatus: Upgraded to focal on 2020-04-29 (118 days ago)
VarLogDistupgradeXorgFixuplog:
 INFO:root:/usr/bin/do-release-upgrade running
 INFO:root:No xorg.conf, exiting

Revision history for this message
kuennleow (kuennleow) wrote :
Revision history for this message
kuennleow (kuennleow) wrote :

push file to www.virustotal.com with following results:

https://www.virustotal.com/gui/file/bcfa215dec8fe15d4265c508c39c1ebafb7370acc95721e4e7d610b0459eb8dd/detection
15 engines detected this file

Revision history for this message
kuennleow (kuennleow) wrote :

these are the antivirus software that detected it...

AegisLab Trojan.Linux.Miner.4!c
Antiy-AVL Trojan/Linux.Miner.gen
CAT-QuickHeal ELF.CoinMiner.38802.GC
ClamAV Win.Malware.Agent-9451404-0
Cyren E64/Trojan.ZHGJ-3
Fortinet PossibleThreat
Ikarus Trojan.Win32.Casdet
Kaspersky HEUR:Trojan.Linux.Miner.gen
Microsoft Trojan:Linux/CoinMiner.N!MTB
Qihoo-360 Linux/Trojan.d48
Sophos AV Mal/Generic-S
TrendMicro Trojan.SH.HADGLIDER.TSE
TrendMicro-HouseCall Trojan.SH.HADGLIDER.TSE
ViRobot Script.S.Agent.30872
ZoneAlarm by Check Point HEUR:Trojan.Linux.Miner.gen

Ubuntu Foundations Team Bug Bot (crichton)
affects: ubuntu → ubuntu-release-upgrader (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-release-upgrader (Ubuntu):
status: New → Confirmed
Revision history for this message
Tim Passingham (tim-8aw3u04umo) wrote :

Sophos for linux detected this (as above), starting on 24th August 2020, and now detects it every day in my daily on-demand scan.

I'm on 20.04, fully up to date.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.