Malware PHP/backdoor

Hello everyone,

English is not my mother language, so … don’t be shocked

I try to install holoviz tutorial on Ubuntu 20.04 TLS (built on WLS2 / Win11)

I fell on the same error as :

I downloaded the file in question directly onto my Ubuntu distribution. Since I trusted Holoviz, I didn’t imagine I was downloading a Malaware

And yet on VirusTotal, the photo file contains :
Suspicious:PHP/backdoor detected in at line 0

I don’t understand Holoviz’s interest in inserting a backdoor.

Does the malaware spread on the computer?

I’d like to remove it. Do you have an easy way to do it on Ubuntu?

Thanks for your help :+1:

1 Like

Hi @Strass

Thanks for posting. I’m not a security expert and I don’t know the file in question.

Please note the file is not downloaded to your server directly and will not run on your server directly. Instead it will run in your browser - for example in a notebook.

Whether that file is a file from HoloViz and whether it is in fact dangerous someone else will have to look at.

HoloViz is an open source, free and community driven project. It would surprise me if anyone in the community on purpose contributed a file with a security issue.

Hi @Strass

Thanks for reporting this, we take this very seriously however I’m a little confused. I don’t really understand in what form we’re either bundling or referring to the URL you are referencing:

Please provide some more detail where and how you encountered this file being loaded. I cannot imagine any of our libraries are using this file in any way.

I’m Sorry,
I forget the link to the picture, wich contains Malaware :

This one !

Take a look on this report :

Astra Security Scan

I think that security scanner is simply very confused, that image is a PNG hosted on GitHub and PNG files cannot embed any external JS or PHP. This sounds like it has previously found malware on the GitHub domain and is now flagging any resources loaded from there. GitHub can host effectively anything since anyone can host stuff there so this sounds like a false alarm.

1 Like

I think it’s more than a confusion

Please have a look on Virus Total :


Again I very much appreciate your concern but from a technical perspective there is simply no way that I’m aware of that would allow embedding executable JS or PHP in a PNG file. If you know of any exploits that would allow this I’d be very happy to be proven wrong but automated virus scanners have plenty of false positives.

I just tried VirusTotal and it’ll flag literally any PNG file from GitHub as malware.

1 Like