[email protected]: hash check failed

[skyoh-nsuslab]

ERROR Hash check failed!
App: main/ngrok
URL: https://bin.equinox.io/a/4vvyKGoo1gc/ngrok-v3-3.18.4-windows-amd64.zip
Expected: 0ec8cf167a77ae420d7f483e74ac6bad6e653c36cccb03ddd8c9fd9f8b49ff24
Actual:

During the installation of ngrok 3.18.4, Microsoft Defender flagged the ngrok file from the provided URL as Trojan
/Sabsik.FL.A!ml (Trojan:Script/Wacatac.H!ml) and subsequently quarantined it. Upon scanning the zip file on VirusTotal, some antivirus engines identified it as malware. According to descriptions, this could potentially be due to a "fat finger" issue.

zip file
https://www.virustotal.com/gui/file/0ec8cf167a77ae420d7f483e74ac6bad6e653c36cccb03ddd8c9fd9f8b49ff24

exe file (zip extract)
https://www.virustotal.com/gui/file/a0f02163062dc25ce4a8256570427fc761855a3189b0650986eedc1f2770f552

The scan matched the rule “Cmd.EXE Missing Space Characters Execution Anomaly” by Florian Roth (Nextron Systems) on the Sigma Integrated Rule Set (GitHub). This rule detects Windows command lines that omit a space before or after the /c flag when running a command with cmd.exe. Such behavior may indicate an attempt at obfuscation or simply be the result of a developer typo.

based on my long-term experience using ngrok through Scoop, security warnings sometimes occur during ngrok updates via Scoop, which has gradually led me to lose trust in using ngrok. 😭

[github-actions]

Cannot reproduce

Are you sure your scoop is up to date? Clean cache and reinstall
Please run scoop update; scoop cache rm ngrok; and update/reinstall application

Hash mismatch could be caused by these factors:

• Network error
• Antivirus configuration
• Blocked site (Great Firewall of China, Corporate restrictions, ...)