Had a bit of a scare with one of recent PCB orders from one of the popular vendors, ALLPCB. Been ordering with these guys for few years and had ok results with small test runs of various rigid and flexible printed circuit boards. Today however tried to download one of the production Gerber files to check some dimensions of produced board, and instead got all bells going of due to detected trojan in the production file archive:

Quick google shows that Win32/Tiggre!rfn is cryptojunk miner but some other sources hint it could also have ransomware payload. It’s quite concerning especially considering that many engineers might spent hundreds of hours on their PCB designs, under risk of corruption or damage by infected machine.

So keep a close eye on what you downloading in ZIPs over the internets. Even if you’d like to think big popular vendor website should be safe place, don’t let guard down and keep protection tools on your machines up to date, with frequent backups of sensitive data to other storage locations.

After contact to the company representative to give chance for rectifying the situation, I have met with suggestion that “PC have problem handling production gerber files, hence detect it as virus”. Not exactly the response expected.

While such situations are remotely possible, it is not the case here today, as ZIP-file download link from ALLPCB site has clearly binary bkcx.exe executable program, which CANNOT be the Gerber file and should NOT be in the archive.

VirusTotal also quite sad with trojan/virus scan detection on the same ZIP file downloaded from ALLPCB site. If you downloaded any files, especially ZIPs from ALLPCB, please check them for possible virus content and let them know of the situation. Meanwhile I’ll switch to other vendors, while being extra careful with any binary files downloaded online.