Hi all,
Not sure if I am in the right spot, but this needed reporting somewhere. I am an avid Snap user, but not proficient in its mechanics. I just did a scan of my work-system with ClamAV and it appears to have found a trojan named and found Mirai in the Slack Snap package.
Now, I am not 100% sure this is due to the package, something I received via Slack or a false positive. I researched it online and couldn’t find any other mentions on this. I did a full removal of the snap package and it’s directories and confirmed it was gone. After reinstalling the Slack Snap the trojan was back again.
For now I have removed the Slack Snap. Could someone please investigate this?
Scan results:
user@system:~$ sudo clamscan --max-filesize=3999M --max-scansize=3999M -i -r /snap/slack/8/usr/lib/slack
_[sudo] password for user: _
/snap/slack/8/usr/lib/slack/slack: Unix.Trojan.Mirai-5932143-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6634140
Engine version: 0.100.1
Scanned directories: 44
Scanned files: 146
Infected files: 1
Data scanned: 261.75 MB
Data read: 182.37 MB (ratio 1.44:1)
Time: 24.151 sec (0 m 24 s)
user@system:~$ sudo clamscan --max-filesize=3999M --max-scansize=3999M -i -r /snap/slack/7/usr/lib/slack
/snap/slack/7/usr/lib/slack/slack: Unix.Trojan.Mirai-5932143-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6634140
Engine version: 0.100.1
Scanned directories: 49
Scanned files: 142
Infected files: 1
Data scanned: 262.89 MB
Data read: 189.34 MB (ratio 1.39:1)
Time: 27.368 sec (0 m 27 s)