Trojan found in Obsidian v0.15.9 installer

obsleep · July 28, 2022, 3:14am

Things I have tried

What I’m trying to do

Yesterday I received a manual update prompt and clicked on the Download button. The download went as usual through Chrome (https://objects.githubusercontent.com/github-production-release-asset-2e65be/262342594/192e6db9-33ba-4a32-a231-9fba61c43b77?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220727%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220727T083259Z&X-Amz-Expires=300&X-Amz-Signature=fdee066bd7ccc14ffddb69717dc2ebf4163e1862a098a859b158497c132d2780&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=262342594&response-content-disposition=attachment%3B%20filename%3DObsidian.0.15.9.exe&response-content-type=application%2Foctet-stream), then the update proceeded without any issue. When I opened Obsidian after update, a popup from Dr. Web antivirus appeared saying that it eliminated threat of trojan.
Trojan.Siggen18.28329 was located at C:\Users[myusername]\AppData\Local\obsidian-updater\installer.exe
Should I be worried now? Strangely I checked the installer file I got from github with VirusTotal and it didn’t find any viruses.

Scribe · July 28, 2022, 4:01am

Hello, @obsleep. You’re not looking at a Trojan. You’re looking at processes that could POTENTIALLY be used maliciously, hence the reason we don’t download untrusted software. Specifically, VirusTotal shows NO SECURITY VENDER DETECTIONS for Obsidian 15.9 (See linked report). Looking at Dr. Web’s report, it sandboxed the file because pieces of it could potentially be used maliciously. Importantly, it did not detect maliciousness here, which is why it’s listed as neutral. Looking deeper into that report, it shows the concern was with the program being able to CREATE NEW WINDOWS, DELETE FILES, and similar things that Obsidian ordinarily does, things we want it to do, which are FEATURES (See linked report).

VirusTotal Link
Dr. Web Link

So, based on this, along with my longstanding trust of Obsidian’s developers. I had no problem installing this update. That’s my choice. Everybody else has the same choice! Enjoy your evening, folks.

ObsidianRon · July 28, 2022, 4:26am

Dr. Web antivirus

LOL! That about summarizes this post. Use BitDefender, Microsoft Defender, or Kaspersky AV.

obsleep · July 28, 2022, 5:34am

Yeah, that’s why I’m confused. Thanks for clearing that up. Still, it found a specific trojan which was not present in my system.
As for Dr. Web I can’t change it since it installed by my employer.

joethei · July 28, 2022, 5:39am

Dr. Web has been constantly flagging the installers the last few updates,
it was always a false positive.

It always flags the same thing, which COULD be used maliciously, but is not in this case.

Injects code into the following user processes:
obsidian.exe

which is not unusual for a installer.

obsleep · July 29, 2022, 12:34am

Thanks! I can be at peace for now

system · August 5, 2022, 12:35am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.