Article 5J633 Why isn't VirusTotal detecting a zip file that contains malware?

Why isn't VirusTotal detecting a zip file that contains malware?

by
winger9
from LinuxQuestions.org on (#5J633)
Summary

1. On www.virustotal.com, I have just used its "Scan a URL" feature to see if it
detects malware within zip files.

I found a test zip file containing malware (I believe), at

https://github.com/ActorExpose/source-code-apk-malware

The actual file containing the malware is

https://github.com/ActorExpose/sourc...heads/main.zip

2. So I pasted the above zip file URL into VirusTotal's url box, and hit ENTER.
But to my surprise, the result showed "0/88: No security vendors flagged this
URL as malicious".

3. So my questions are:

a) Does this mean that VirusTotal is not detecting the malware?
b) If not, why not?
c) Or have I chosen a zip file on github that doesn't actually contain malware?
d) If the latter is the case, where can I find a zip file that does contain
malware, so that I can test it on VirusTotal?
e) Is there a reputable site that has such a sample zip file?

Full Details

4. Initially, I ran the malware checker www.virustotal.com on the Firefox
extension visited-color-picker. This is because I was considering downloading
the extension, but Firefox point out that they don't maintain security checks on
it. The extension changes the colour of visited links to the colour of your
choice.

You see, Firefox's own visited links color selector doesn't work satisfactorily
(yes I HAVE selected "Always" in Firefox's Preferences...Colors).

5. The extension visited-color-picker can be downloaded from

https://github.com/william-billaud/visited-color-picker

And the file to download is

https://github.com/william-billaud/v...ads/master.zip

6. So I used VirusTotal's "Scan a URL" feature, and pasted the above URL address
of the zip file into the box.

The result showed "0/88: No security vendors flagged this URL as malicious".

7. But I decided to check if www.virustotal.com really does detect malware. So I
found what I believe is a zip file containing malware, at

https://github.com/ActorExpose/source-code-apk-malware

The rest is explained in the "Summary" at the start.latest?d=yIl2AUoC8zA latest?i=jMRv_yjyQEA:9CaE3FLbFOI:F7zBnMy latest?i=jMRv_yjyQEA:9CaE3FLbFOI:V_sGLiP latest?d=qj6IDK7rITs latest?i=jMRv_yjyQEA:9CaE3FLbFOI:gIN9vFwjMRv_yjyQEA
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments