Unable to download Crytomator 1.5.1 from cloudfront.net (blocked by Malwarebytes)

handi216 · April 23, 2020, 3:56am

Hi, I try to download Crytomator 1.5.1 for Windows 10 from the website, but it was blocked by Malwarebytes which regard browser (chrome) download file from cloudfront.net as suspicious of Trojan:

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Trojan
Domain: d29vzk4ow07wi7.cloudfront.net
IP Address: 99.84.231.93
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

I failed to bypass this blocking. I finally give up and go to github to downloaded 1.5.1 instead.

Although it seem more likely a false alarm of Malwarebytes, I still believe malware protection is necessary, so please consider using other download services that could pass scanning from Malwarebytes and other Antivirus.

Thank you.
Handi

overheadhunter · April 23, 2020, 6:21am

From which site did you start the download?

handi216 · April 23, 2020, 6:57am

I have clicked hyperlink displayed on Crytomator 1.5.0 (win 64) check update.
It open https://cryptomator.org/downloads/ on chrome.
Then click the Download button, it go to URL below (I copied from chrome history):
https://d29vzk4ow07wi7.cloudfront.net/ef7a11323b72c0576cf23d22057040faf63e459e7e13e76a7cf1d5a9e631386b?response-content-disposition=attachment%3Bfilename%3D"Cryptomator-1.5.1-x64.exe"&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvZWY3YTExMzIzYjcyYzA1NzZjZjIzZDIyMDU3MDQwZmFmNjNlNDU5ZTdlMTNlNzZhN2NmMWQ1YTllNjMxMzg2Yj9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMkNyeXB0b21hdG9yLTEuNS4xLXg2NC5leGUlMjIiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE1ODc2MTM0ODd9LCJJcEFkZHJlc3MiOnsiQVdTOlNvdXJjZUlwIjoiMC4wLjAuMC8wIn19fV19&Signature=QqDPWJv1G8NGkgyuhyFMxH69rMzB8NENvVV4dc0pmMWmqkl-9JCStDOMuXEQzexrS9jpjm8Xm48plVn77myKrCnN2NohlE93R5USxmc9uNJMkyNbZ4gLeayUOsahHnL0ssLxnkSgl7ojNjOd-~FXL1bSpqJrWvz1Bf2Cn1vHYnRaTAmFQjRpIMYIte-uyFwTY7Nish6rIc7hRl8Jn1ILOSpY230n4gfB~I205TrO0WHAhkq-vKO~qqJ9D0fRzgeaA77kbV67kMpZ9E2IptbHayAbBIn018RvL~PJiWfjMyRMGhGi6mTbbOtN2uNQ3BQxkFhhJfKCx8bOBh5yxMyRmA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA

It was blocked by MalwareBytes immediately. Even I select skip this warning, next request is still blocked. When I skip again it just go to the first URL and so on.

I like to ask for another issue, I like to verify download from Github, but it is difficult using gpg to verify when I could not have obtain the public key. Any easier way e.g. also post SHA-256 of file.

Thanks and regards,
Handi

overheadhunter · April 23, 2020, 7:09am

I wasn’t aware that Bintray (our binary hoster) uses Amazon’s CDN.

Is your anti malware tool having a problem with cloudfront domain? Or is it the exe in particular?

You should see the SHA-256 below the download notification:

Bildschirmfoto 2020-04-23 um 09.08.11

handi216 · April 23, 2020, 8:56am

I could not open that download page which has been blocked.

overheadhunter · April 23, 2020, 9:27am

I see. Well I don’t know how a domain can be a trojan. But I guess downloading via GitHub is then your only other option.

handi216 · April 23, 2020, 9:28am

I think it is the whole URL that not accepted by Malwarebytes.

Please advise location of Public key for verification of files in Github.

overheadhunter · April 23, 2020, 9:40am

So you can access https://d29vzk4ow07wi7.cloudfront.net/ in your browser?

tobihagemann · April 23, 2020, 12:02pm

Public key still has to be added to the website (we forgot that during the redesign)… see:

You can find it in the meantime here:

gist.github.com

https://gist.github.com/cryptobot/8ccf8fd686d0c2d8381b69126bb3f2f8

34C80F11.asc

This file has been truncated. show original

handi216 · April 26, 2020, 3:14pm

Thank you. I can import the public key and successfully verify files downloaded from github.