Mutant Windows Malware?

mbod · December 16, 2020, 8:09am

Just for reference. My last scan is just 2 days old:

########
# Start: Mo 14. Dez 13:13:40 CET 2020
# Start scanning: /usr/

# Detected Malware: 16
/usr/lib/firefox/browser/features/[screenshots@mozilla.org.xpi](mailto:screenshots@mozilla.org.xpi): Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND
/usr/lib/firefox/browser/features/[screenshots@mozilla.org.xpi](mailto:screenshots@mozilla.org.xpi): Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND
/usr/lib/firefox/browser/features/[webcompat-reporter@mozilla.org.xpi](mailto:webcompat-reporter@mozilla.org.xpi): Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND
/usr/lib/firefox/browser/features/[webcompat-reporter@mozilla.org.xpi](mailto:webcompat-reporter@mozilla.org.xpi): Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND
/usr/lib/firefox/browser/extensions/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi: Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND
/usr/lib/firefox/browser/extensions/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi: Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND
/usr/lib/firefox/browser/extensions/[uBlock0@raymondhill.net.xpi](mailto:uBlock0@raymondhill.net.xpi): Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
/usr/lib/firefox/browser/extensions/[uBlock0@raymondhill.net.xpi](mailto:uBlock0@raymondhill.net.xpi): Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
/usr/lib/firefox/browser/omni.ja: Sanesecurity.Foxhole.Zip_fs197.UNOFFICIAL FOUND
/usr/lib/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}.xpi: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND
/usr/lib/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}.xpi: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND
/usr/lib/thunderbird/omni.ja: Sanesecurity.Foxhole.Zip_fs186.UNOFFICIAL FOUND
/usr/lib/thunderbird/omni.ja: Sanesecurity.Foxhole.Zip_fs186.UNOFFICIAL FOUND
/usr/share/nmap/scripts/http-vuln-cve2012-1823.nse: {HEX}php.exe.globals.414.UNOFFICIAL FOUND
/usr/share/webapps/nextcloud.bak/core/css/guest.css: Sanesecurity.Phishing.Bank.2912.UNOFFICIAL FOUND
/usr/share/webapps/nextcloud/core/css/guest.css: Sanesecurity.Phishing.Bank.2912.UNOFFICIAL FOUND

# End: Mo 14. Dez 15:30:48 CET 2020
# End scanning: /usr/

These are all false positives, verified with https://www.virustotal.com/gui/