[GH-ISSUE #3632] 病毒和后门程序 Viruses and backdoors #2898

New issue

Closed

opened 2026-05-05 13:52:18 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 13:52:18 -06:00

Owner

Copy link

Originally created by @MyBirdVery6 on GitHub (Sep 27, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3632

Describe the feature request

我的电脑因为使用 frpc 中了一次勒索病毒，入侵者通过frpc侵入电脑(可能植入了木马），破解了系统登录密码，使用勒索病毒加密了我的电脑，导致所有有价值的文件全部被加密了，通过服务器的网络日志，可以判断是因为frpc的加密不够，在互联网侧暴露导致被利用引起的。同时，通过各种杀毒软件检测，frpc所有版本，包括最新版，都存在木马Trojan:Win32/Malgent!MTB，存在远程执行漏洞，希望作者能尽快修复这些安全漏洞。
My computer was hit by a ransomware virus because of the use of frpc. The intruder invaded the computer through frpc (maybe implanted a Trojan horse), cracked the system login password, and used the ransomware virus to encrypt my computer, causing all valuable files to be encrypted. Through the server's network log, it can be determined that the encryption of frpc is not enough and it is exposed on the Internet side and is exploited. At the same time, through various anti-virus software detection, all versions of frpc, including the latest version, have the Trojan Trojan:Win32/Malgent!MTB and remote execution vulnerabilities. I hope the author can fix these security vulnerabilities as soon as possible.

Describe alternatives you've considered

I hope the author can fix these security vulnerabilities as soon as possible.

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @MyBirdVery6 on GitHub (Sep 27, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3632 ### Describe the feature request 我的电脑因为使用 frpc 中了一次勒索病毒，入侵者通过frpc侵入电脑(可能植入了木马），破解了系统登录密码，使用勒索病毒加密了我的电脑，导致所有有价值的文件全部被加密了，通过服务器的网络日志，可以判断是因为frpc的加密不够，在互联网侧暴露导致被利用引起的。同时，通过各种杀毒软件检测，frpc所有版本，包括最新版，都存在木马Trojan:Win32/Malgent!MTB，存在远程执行漏洞，希望作者能尽快修复这些安全漏洞。 My computer was hit by a ransomware virus because of the use of frpc. The intruder invaded the computer through frpc (maybe implanted a Trojan horse), cracked the system login password, and used the ransomware virus to encrypt my computer, causing all valuable files to be encrypted. Through the server's network log, it can be determined that the encryption of frpc is not enough and it is exposed on the Internet side and is exploited. At the same time, through various anti-virus software detection, all versions of frpc, including the latest version, have the Trojan Trojan:Win32/Malgent!MTB and remote execution vulnerabilities. I hope the author can fix these security vulnerabilities as soon as possible.  ### Describe alternatives you've considered I hope the author can fix these security vulnerabilities as soon as possible. ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue 2026-05-05 13:52:19 -06:00

gitea-mirror commented 2026-05-05 13:52:21 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Sep 27, 2023):

Duplicate https://github.com/fatedier/frp/issues/2095

<!-- gh-comment-id:1736594297 --> @fatedier commented on GitHub (Sep 27, 2023): Duplicate https://github.com/fatedier/frp/issues/2095

gitea-mirror commented 2026-05-05 13:52:21 -06:00

Author

Owner

Copy link

@JoeyC-Dev commented on GitHub (May 17, 2025):

It looks like frp is specifically being detected/listed as a virus (based on the reason column), no matter how code is being changed.

Be real honest, I have seen frp is trying to be used in Kubernetes clusters, like concept "feature gate". But in cloud environment, our client will ask us why it is being detected as "virus" and will have many compliance issues if using frp.

Maybe good for on-site cluster. But usually something like trivy will be used, and we will face for compliance issues again.

In most cases, client will directly ask the operator team to remove it, or we need a very valid report for compliance issue.

I understand that the maintainers may not want to deal with this "virus" issue any more. But if this application is indeed planned to be designed for Kubernetes, it is still necessary to consider this issue. When it comes to Kubernetes, it is no longer a simple issue.

FYI: @fatedier

Sorry for excusing. I want to comment this as I see this application is planned to be used for Kubernetes.

<!-- gh-comment-id:2888508378 --> @JoeyC-Dev commented on GitHub (May 17, 2025): It looks like frp is specifically being detected/listed as a virus (based on the reason column), no matter how code is being changed.  Be real honest, I have seen frp is trying to be used in Kubernetes clusters, like concept "feature gate". But in cloud environment, our client will ask us why it is being detected as "virus" and will have many compliance issues if using frp. Maybe good for on-site cluster. But usually something like [trivy](https://github.com/aquasecurity/trivy) will be used, and we will face for compliance issues again. In most cases, client will directly ask the operator team to remove it, or we need a very valid report for compliance issue. I understand that the maintainers may not want to deal with this "virus" issue any more. But if this application is indeed planned to be designed for Kubernetes, it is still necessary to consider this issue. When it comes to Kubernetes, it is no longer a simple issue. FYI: @fatedier Sorry for excusing. I want to comment this as I see this application is planned to be used for Kubernetes.

gitea-mirror commented 2026-05-05 13:52:22 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (May 19, 2025):

@JoeyC-Dev

I understand that the maintainers may not want to deal with this "virus" issue any more.

Please refer to issue #2095.

<!-- gh-comment-id:2889512316 --> @fatedier commented on GitHub (May 19, 2025): @JoeyC-Dev > I understand that the maintainers may not want to deal with this "virus" issue any more. Please refer to issue #2095.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2898

No description provided.