I did a routine virus scan on my Mac (10.13.6) and it revealed a virus, which it quarantined.
The readout showed TROJ_GE.987C30... (full name truncated). It found the infection in the OpenCore 0.6.6 DEBUG zip file, in the directory: > IA32/EFI/OC/Drivers/OpenHfsPlus.efi
OC 0.6.6 was the first appearance of OpenHfsPlus.efi that I came across in OpenCore. Previous releases included the prepackaged HfsPlus.efi. I have OpenHfsPlus.efi installed on another test hackinbox, but it's from the OC 0.6.6 RELEASE zip file, which was also scanned by my TrendMicro tool and not found to be infected. I did a separate scan of that OC 0.6.6/macOS 11.2.2 box and it came up clean.
The Threat Encyclopedia I reviewed to look up TROJ_GEN indicates it was catalogued in December 2017 and has ratings of "Low Risk," "Low Damage Potential" and "Low Distribution Potential."
So I guess it's not something to be too concerned about? However, why would a Trojan be sitting inside an OpenCore executable anyway? That doesn't happen by accident.
Any thoughts or further elaboration on who/what/when/where/why??
TIA
[link] [comments]
Post a Comment