A Trojan in mapillary_tools-win32.exe? [Solved]

Hi
My Windows Defender reports that the file mapillary_tools-win32.exe is infected by Trojan.Win32/Zpevdo.B
Can anyone confirm? (SO: Win 10 32 bits ) (Tried to re install Mapillary Desktop Uploader today, because it was not working anymore)
RGDS
F

6 Likes

Two days ago the installer 2.0.3 on Virustotal had a score 4, today it is 14 ( VirusTotal ).
:shushing_face: :japanese_ogre:

mapillary_tools-win32.exe [v0.7.3] - score now 28 VirusTotal

3 Likes

I had the same warning from Defender. Can developers elaborate on this issue?

3 Likes

Same here. I’m not able to upload images anymore.

1 Like

Version 2.0.2 still available at https://tools.mapillary.com/uploader/mapillary-uploader-2.0.2.exe

2 Likes

This is definitely a false positive detection.

To allow the uploader to run: open Windows Security, go to Virus & thread protection and check the Protection history. You should be able to see it there and choose “Allow” to run the app. I suggest restarting the Desktop uploader before trying again.

2 Likes

Result online escanner for *.exe Kaspersky Threat Intelligence Portal

1 Like

Is there a way to prevent the automatic update of desktop uploader to the latest (not working) version?

1 Like

Thanks for reporting. This is a known issue and we’re working on pushing out an update to the Desktop Uploader to address this.

6 Likes

I was having issues today and got the following issue after downloading the latest desktop uploader

Threats found PUA:Win32/Puamson.A!ml

PS - still cant drop images into messages - “Access Denied”

1 Like

Desktop uploader 2.0.4 is now out and it includes fixes for the antivirus warnings on Windows. Please try it out and let us know if you encounter any more problems

1 Like

What about mapillary_upload_cli-win32? - Result 11 VirusTotal

1 Like

If you’re curious about the technical details behind the problem I can share more information about it.

As you have probably guessed from the antivirus messages, the Mapillary tools binary that is bundled with the Desktop Uploader was the one that was identified as a potential virus. As you know, Mapillary tools is a Python library and we build each release with Pyinstaller. It’s a known issue that apps packaged with Pyinstaller sometimes are falsely reported as a virus (Issues · pyinstaller/pyinstaller · GitHub) but we never encountered that problem until the version that we used in Desktop Uploader 2.0.3. The fix was relatively straightforward: we built new versions of bootloaders for Pyinstaller so we can build a clean version that doesn’t cause any false-positive detections by antivirus software.

Thanks for raising the issue of code signing. We now also updated how we sign the app and now both Windows and Mac installers from the desktop uploader page are signed with up-to-date certificates and the Mac app is also notarized.

4 Likes

@GITNE,
Thank you, I’m no expert, but from what I picked up over the years this seems to me the first really helpful post in the installer saga.
Met vriendelijke groet, (Dutch for ‘with friendely greeting’),

1 Like

Thanks for the detailed analysis and advice!

We just released version 2.0.5 which now has all executables double-signed.

For the installer, we are using NSIS as this is supported by our Electron build tools right now. Will make sure to migrate to MSIX as soon as we can.

2 Likes