We are dealing with a virus alert on several laptops of researchers within our team. However, I wonder if we might be facing a false positive.
The alert from WithSecure indicates a possible infection via files related to the R program, specifically embedded in a PDF file.
What we know so far:
- Computers were potentially infected through the community repository (safe to view) CRAN package: cran.r-project[.]org/web/packages/Rcpp/index[.]html
- Windows binaries: r-devel: Rcpp_1.0.13.zip, r-release: Rcpp_1.0.13.zip, r-oldrel: Rcpp_1.0.13.zip (seem to be not safe to download).
- The possible infection originates from the files
Rcpp/doc/Rcpp-introduction.pdf and Rcpp/doc/Rcpp-FAQ.pdf. - WithSecure continues to indicate that these two documents might be infected with phishing.rpasg/talu.
- Response from CRAN: "We already received reports and contacted the maintainer. The scans seem to be false positives complaining about the vignette, which has been stable for a long time and not modified even across versions. Source code is available for careful inspection."
- VirusTotal scan report,
- VirusTotal - File - 761416314e424383653bfea68875afc34fb3702e1a2a0936433297232be11f5e
I am curious to know if others within the WithSecure community have had similar experiences, especially related to the use of the R program.
https://cran.r-project.org/web/packages/Rcpp/index.html
