www.mingw.org is compromised and serving a trojaned installer
www.mingw.org is compromised and is serving a trojaned installer.
Trojaned mingw installer is being served from www.mingw.org/sites/www.mingw.org/files/releases/mingw-get-setup.exe
The trojan file is 470K instead of the expected 85K
The entire /sites child path has Index of (directory traversal) enabled.
The trojaned installer seems to install a Banking Trojan.
MD5 (mingw-get-setup.exe) = 15d6548423be7a23a516ba0fe4afd65a
Thank you for the report. I've closed it as invalid, for the following reasons:
Notwithstanding, I have removed the "Download Installer" button from the website; I don't know how, or where, to fix the bad action which is associated with it ... an action which, for me, delivers a zero-length file, (not the 470kb monster, to which you allude). The correct action would have been to invoke a download from https://osdn.net/projects/mingw/downloads/68260/mingw-get-setup.exe (size being 91kb, and 4 of 66 virus scanners report known false positives), but, as noted, I don't know how to make that happen.
If you can assist in forwarding this information to the right people who support mingw.org website that would be great. The site is compromised and serving malware.