I've seen the same issue, but on Windows 11. Its from the depthai-viewer tool, and I have posted about it quite a bit on this issue for its GitHub repo, as I just bought an OAK-D Lite, and wanted to trace down if this is a real issue or a false positive before I installed the tools myself to play around with.
Here's a quick summary of what I've found so far.
- From running scans on VirusTotal, it seems to affect all versions of depthai-viewer from 0.1.5 through the latest (0.2.7).
- VirusTotal only detects it on Windows builds.
- Only 13 AV products are detecting it on VirusTotal, and I've been re-queuing the file to VirusTotal on a daily basis to see if that number changes. It has not.
- The specific threat signature was only added to Microsoft Defender in November, and Microsoft has little detail on it right now, and I get almost no relevant hits for the signature name on google.
I've not posted this bit on the bug yet as I'm still working on this, but here's some info on what I've done in the past day or two:
Just today I've set up a Windows 11 VM and tried compiling the tool myself (by manually replicating the steps in the github actions definition file), which indeed triggered windows defender (Meaning the exploit method is not the same as the previously mentioned ultralytics breach, which from what I can tell, would only affect builds made on GitHub's pipeline, but that means nothing about what the actual exploit is). Interestingly enough, the none of the intermediate compilation objects are setting off windows defender. If it did trigger on one of those, it would suggest that the issue is with a dependency. Since it did not, I'm back to square one of wondering exactly what is triggering this.
@erik Microsoft has a way for developers themselves to submit files for more in-depth analysis. I don't know what (if any) information they would share from that analysis, but it might be worth submitting it to them.
