The macOS Brackets download dmg is being flagged on Virus Total.

[paul-cossey]

Prerequisites

• Can you reproduce the problem with Debug -> Reload Without Extensions?
• Did you perform a cursory search to see if your bug or enhancement is already reported?
• Did you read the Troubleshooting guide?

For more information on how to write a good bug report read here
For more information on how to contribute read here

Description

Hi,

This isn't really a bug, but the brackets.2.1.2.dmg has just started to be flagged by security vendors on virustotal.com: https://www.virustotal.com/gui/file/6399d43315e0c8921c11d27325b697d26d8a524bfc1455a83173a13a6c6048a2/detection

However if you upload the App itself it gets a clean bill of health: https://www.virustotal.com/gui/file/6d30fe8bdd411e00d4068d210e485160015af501ddf39cde05b6aa7d6e48a957?nocache=1

Looking into the behaviour analysis on Virus Total you can see

<a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0005" style="caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; box-sizing: border-box; color: var(--bs-link-color); text-decoration: none;">Defense Evasion<span class="Apple-converted-space"> </span></a><span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2" style="caret-color: rgb(0, 0, 0); color: var(--bs-tertiary-color) !important; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; box-sizing: border-box; cursor: pointer; --bs-badge-padding-x: 0.65em; --bs-badge-padding-y: 0.35em; --bs-badge-font-size: 0.75em; --bs-badge-font-weight: 300; --bs-badge-color: var(--bs-body-bg); --bs-badge-border-radius: 0.375rem; display: inline-block; padding: var(--bs-badge-padding-y) var(--bs-badge-padding-x); font-size: 11px; font-weight: var(--bs-badge-font-weight); line-height: 1; text-align: center; white-space: nowrap; vertical-align: baseline; background-color: rgba(var(--bs-tertiary-bg-rgb), var(--bs-bg-opacity, 1)); border-radius: var(--bs-border-radius-pill) !important; margin-left: 0.5rem !important;">TA0005<vt-ui-popover style="cursor: default; box-sizing: border-box; --vt-ui-popover-content-height: 100%; --vt-ui-popover-height: auto; --vt-ui-popover-width: 400px;"></vt-ui-popover></span>

  | Masquerading T1036App bundle contains hidden files/directories
-- | --
  | Code Signing T1553.002App bundle is code signed
  | Hidden Files and Directories T1564.001App bundle contains hidden files/directories

[Defense Evasion ](https://www.virustotal.com/gui/search/attack_tactic%253ATA0005)TA0005
[Masquerading ](https://www.virustotal.com/gui/search/attack_technique%253AT1036)T1036
App bundle contains hidden files/directories
[Code Signing ](https://www.virustotal.com/gui/search/attack_technique%253AT1553.002)T1553.002
App bundle is code signed
[Hidden Files and Directories ](https://www.virustotal.com/gui/search/attack_technique%253AT1564.001)T1564.001
App bundle contains hidden files/directories

I think the dmg is being flagged on account of the hidden within in it.

ls /Volumes/Brackets\ 2.1.2 
.DS_Store		.background		Brackets.app
.VolumeIcon.icns	Applications

You may wish to work with the vendors in question to resolve this issue.

Steps to Reproduce

1. Download brackets.2.1.2.dmg
2. Upload brackets.2.1.2.dmg to virustotal.com

Expected behavior: [What you expected to happen]
The security Vendors pass do not detect any thing

Actual behavior: [What actually happened]
The Security Vendors are detecting:

• Hoax.JS.ExtMsg.a
• JS.Siggen5.44590

Versions

2.1.2
Please include the OS and what version of the OS you're running.
Please include the version of Brackets. You can find it under Help -> About Brackets (Windows and Linux) or Brackets -> About Brackets (macOS)
macOS 13.2.1

[charlypa]

Hi @paul-cossey ,

Thanks for reporting the issue. We were aware of this issue, and we have fixed this issue in windows. How ever did not fix it in MAC as no one reported it. If its really hindering your work flow please share it we will prioritize the release on Mac as well.

some interesting reads

1. https://www.reddit.com/r/brackets/comments/y9eqc4/just_installed_brackets_212_and_my_antivirus/
2. https://github.com/brackets-cont/brackets/releases/tag/v2.1.3

[paul-cossey]

Thanks, @charlypa

It is Kinda hindering our workflow. We use a tool called AutoPkg to download the latest version of an App or installer pkg, and use virus total to make sure all the downloads are safe before we add to our Repo. If anything gets flagged by 2 or more vendors it stops the import and raises a support ticket.

This is the 1st time we've seen it, so probably only just being detected by more than Kaspersky?

Thanks

[abose]

@paul-cossey Thanks for reporting the issue.
Brackets 2.1.3 patch release is now available fixing the issue. See: https://github.com/brackets-cont/brackets/releases/tag/v2.1.3

Please download from the above url or https://brackets.io

Closing as fixed. Please reopen if facing any issues.

[paul-cossey]

Thanks to all involved for a speedy fix! Very much appreciated 😄