|
Title: Trojan in Electrum wallet? Post by: Xal0lex on January 20, 2024, 06:15:49 PM I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal (https://www.virustotal.com/gui/file/dbce49572dca715904d4584752663aa85f462968b94be5b3bc081c74b2247319) service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine?
https://www.talkimg.com/images/2024/01/20/kauwH.png P.S. The Windows Installer version is clean (https://www.virustotal.com/gui/file/9853edda49240e79789f4e269f922560d6f694621dc74b928946418a073da8dc), but the Standalone Executable version also has the same trojan (https://www.virustotal.com/gui/file/3b6ae63e6d4cd9b0da1f9fb97742e1ea329d4a9365d78848b0712e7308562ab9). Title: Re: Trojan in Electrum wallet? Post by: jrrsparkles on January 20, 2024, 06:19:36 PM Just one report, then it seems a false positive.
If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum (https://bitcointalk.org/index.php?topic=5240594.0) How to verify your Electrum download (https://bitcoinelectrum.com/how-to-verify-your-electrum-download/) Title: Re: Trojan in Electrum wallet? Post by: Bitcoin_Arena on January 20, 2024, 11:04:47 PM Definitely a false positive. I have never even heard of Ikarus Antivirus before. ;D
So false positives have been popping up in the past too if you explore the closed issues in Github (https://github.com/spesmilo/electrum/issues?q=is%3Aissue+virustotal+is%3Aclosed). At one point, there were 9 AV engines that would flag electrum as a malware, but a fix was done to reduce on those false positive detections. Title: Re: Trojan in Electrum wallet? Post by: TheUltraElite on January 21, 2024, 06:02:12 AM If it is from their official website, then highly unlikely to be a true positive AV flag.
A remote possibility of their site having been hacked and posted a malware bound software there. Just one report, then it seems a false positive. Verifying the signature does not completely rule out that possibility.If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum (https://bitcointalk.org/index.php?topic=5240594.0) How to verify your Electrum download (https://bitcoinelectrum.com/how-to-verify-your-electrum-download/) Hence that tingling spider sense of mine tells me that you should wait it out before operating that software. Mostly likely its false positive, but .. Title: Re: Trojan in Electrum wallet? Post by: tranthidung on January 21, 2024, 07:25:08 AM I believe it is a false positive from Virustotal but to make sure, we must get official answer from Electrum team.
Can send a PM in bitcointalk to ThomasV (https://bitcointalk.org/index.php?action=profile;u=3137) or create an issue on Electrum Github (https://github.com/spesmilo/electrum) or Electrum Twitter (https://twitter.com/ElectrumWallet) and wait for their team reply. Title: Re: Trojan in Electrum wallet? Post by: khaled0111 on January 21, 2024, 08:50:56 PM If you have downloaded Electrum for the official website (electrum.org) then you should have read this note on the bottom of the download page:
Quote from: https://electrum.org/#download Electrum binaries are often flagged by various anti-virus software. There is nothing we can do about it, so please stop reporting that to us. Anti-virus software uses heuristics in order to determine if a program is malware, and that often results in false positives. There is no need to report this issue to devs team. They will most likely ignore it. Verifying the signature does not completely rule out that possibility. If you trust the signers (Electrum devs) and you have properly imported their public keys from trusted sources then verifying the gpg signature should be enough. Title: Re: Trojan in Electrum wallet? Post by: Abdussamad on January 21, 2024, 09:15:43 PM See "notes for windows users" at the bottom of the download page:
https://electrum.org/#download Title: Re: Trojan in Electrum wallet? Post by: Yamane_Keto on January 22, 2024, 03:02:24 AM make sure to verify the signature with the wallet file that you downloaded. If the file is signed by the developer, do not pay attention to these warnings because they are false positive, else there is a virus that will redirect you outside electrum.org.
Title: Re: Trojan in Electrum wallet? Post by: keychainX on January 26, 2024, 08:30:44 AM I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal (https://www.virustotal.com/gui/file/dbce49572dca715904d4584752663aa85f462968b94be5b3bc081c74b2247319) service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine? ¨https://www.talkimg.com/images/2024/01/20/kauwH.png P.S. The Windows Installer version is clean (https://www.virustotal.com/gui/file/9853edda49240e79789f4e269f922560d6f694621dc74b928946418a073da8dc), but the Standalone Executable version also has the same trojan (https://www.virustotal.com/gui/file/3b6ae63e6d4cd9b0da1f9fb97742e1ea329d4a9365d78848b0712e7308562ab9). Windows flags several Bitcoin wallets as trojans. Title: Re: Trojan in Electrum wallet? Post by: NotATether on January 28, 2024, 04:09:58 AM Also in addition to what keychainX said, if you got an app that is making lots of connections to random servers, as Electrum does for its network of SPV nodes, then any antivirus is going to think that is malicious activity, because that's what malware does too. Although I have no idea what kind of virus "Win32.Patched" is refering to in this context, and it doesn't help that different vendors give viruses completely illogical and meaningless names for them.
|
