Hacker News new | past | comments | ask | show | jobs | submit login

The only thing VirusTotal would tell you about, is already known patterns of virus/malware. If there is a novel/different way of doing something, and/or it hasn't been noticed by the AVs they're collaborating with, you'll end up with everything green.

PoC Rust program that takes the contents of .npmrc and uploads it to a random IP (DONT RUN THIS! It'll steal your npm authentication token): https://gist.github.com/victorb/adf0ac8b7ada8d5a4982462e24e8...

"No security vendors flagged this file as malicious" = https://www.virustotal.com/gui/file/b99b86a5ce3aa24b39ec53dd...

But clearly, it is malicious :)






I don't understand, the op claims the alert came from Virustotal.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: