weixin_39586825
weixin_39586825
2020-12-01 22:59

Avast - "We've moved TSLocationManager to your Virus Chest because it was infected with MacOS:Pirrit-CS [PUP]"

Your Environment

  • Plugin version: -> 3.9.3
  • Platform: iOS or Android -> Both
  • OS version: 10.15.7 MacOS Catalina
  • Device manufacturer / model: Apple MacBook Pro 15-inch mid-2015
  • React Native version (react-native -v): 0.61.5
  • Plugin config

Not necessary to put as it is not relevant.

Expected Behavior

yarn add react-native-background-geolocation.9.3 Package should install

Actual Behavior

yarn add react-native-background-geolocation.9.3 Package installation gets interrupted and the Avast window appears showing the message: "We've moved TSLocationManager to your Virus Chest because it was infected with MacOS:Pirrit-CS [PUP]"

Steps to Reproduce

  1. Have Avast installed.
  2. Execute yarn add react-native-background-geolocation.9.3

Context

Debug logs

Logs
 <!-- Syntax highlighting:  DO NOT REMOVE -->
From Avast:

Threat name: MacOS:Pirrit.CS [PUP]
Severity: (2 out of 3)
File name: TSLocationManager
File path: /Users/username/Library/Caches/Yarn/v6/npm-react-native-background-geolocation-3.9.3-7bab17653c852e3b54fa2765a85f1ae3d6bf548a-integrity/node_modules/react-native-background-geolocation/ios/RNBackgroundGeolocation/TSLocationManager.framework/TSLocationManager
Process: /usr/local/Cellar/node/10.21.0/bin/node
Detected by: File Shield
Status: Threat blocked

该提问来源于开源项目:transistorsoft/react-native-background-geolocation

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • weixin_39638048 weixin_39638048 4月前

    Ran Avast on my machine:

    Someone on private Cordova repo reported this too, which references *Process: FileProvider.framework`, which is an iOS System library.

    点赞 评论 复制链接分享
  • weixin_39638048 weixin_39638048 4月前

    MalwareBytes says all is good on my machine:

    点赞 评论 复制链接分享
  • weixin_39617405 weixin_39617405 4月前

    For the record, I also think infection is implausible, I'm 99% this is false positive, but paranoia pays (to a certain extend) in security, so just trying to pin down that last %

    点赞 评论 复制链接分享