For the last month or two, my AV blocks their site because it detected a ScrInject.B trojan.

And yes, it’s the correct site (monkrus.ws).

VirusTotal also shows 4 security vendors register it as malicious.

Are these all false positives or is monkrus’s site no longer trustworthy?

  • ShadowRunner@kbin.socialOP
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    It shows 5 if you scan w14.monkrus.ws.

    And this is Quttera’s analysis here:
    https://quttera.com/detailed_report/w14.monkrus.ws

    Whether there is a real problem or not, it might be something the monkrus admins want to look into in order to address it.

    But if anyone else has a better understanding of what’s going on with their site, I’d love to hear it and it’s probably good information for the rest of this sub.

    • Deletecat@lemmy.fmhy.ml
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      r/GenP talks about the safety of monkrus in their wiki: https://www.reddit.com/r/GenP/wiki/patchmethods/

      Most people who claimed they got malware from the Adobe collection repack had either downloaded it from an unofficial source, downloaded from YouTube, or downloaded other pieces of sketchy software - just so happens that a monkrus repack was the last thing they installed. Then there are others who have been using monkrus for years and haven’t had issues.

      In the Quttera analysis, the malicious files are from a blacklisted domain [M.BL.Domain.gen], fv20[.]failiem[.]lv - this is a file host from Latvia. The files being flagged probably aren’t malicious, though if this host isn’t taking down malware, it would make sense that they are blocked by some antivirus companies. Especially since Quttera isn’t checking the torrents - they are uploaded to other sites.

      All in all, if you have any doubts, don’t install it. Check out GenP instead of you don’t really trust monkrus!