Skip to content

Security incident 2022 06 08: Anaconda installer on Windows installation page

Thomas Wiecki edited this page Jun 8, 2022 · 4 revisions

Alert: If you are a Windows user who downloaded Anaconda or Miniforge in the days between 2022-06-06 to 2022-06-08 by clicking on the links on our Wiki installation page: https://github.com/pymc-devs/pymc/wiki/Installation-Guide-(Windows), your system is likely compromised.

What happened

On 2022-06-08 we noticed that the Wiki page https://github.com/pymc-devs/pymc/wiki/Installation-Guide-(Windows) has been altered twice, changing the links to the Anaconda and Miniforge installers to suspicious looking domains. Here are the two diffs:

The file behind this link contained Malware: https://www.virustotal.com/gui/file/7c77e5599cd25c702bc000331b9934feb9dc1f8098ac7e3e40301020c1442564/detection

Response

  • We reverted the links to their official sources
  • We disabled public write access to our wiki
  • We checked the other links in our installation instructions and confirmed that they look correct
  • We reported the user https://github.com/Zapelphilipp to GitHub (the other user's account seems to already been deleted)

We'd like to apologize to all users who might have been affected by this.