Electrum has a backdoor in it I dont care what any of you idiots say.

[ThomasDavis2018]

The author himself or one of the contributors is infecting the shit out of people.


https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection


This copy of electrum has been on my desktop for 1 week now,


This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

[DireWolfM14]

Someone has been spreading malware versions of Electrum for months now.  Just this past Monday there was a newbie who posted a "plea for help" with a link to fake version of 3.3.6.  These are common phishing attempts.

The real version of Electrum gets flagged by some antivirus suites as a false positive.  This issue has been known and recognized for many years.

The only way to insure that you have the real version of the wallet software is download from (and only from) the official website, electrum.org, and check the PGP signature.

Don't be an idiot yourself and rely on what others say.  Be diligent and you'll be safe.

[NeuroticFish]

We are talking about the proper Electrum here. And yes, it is flagged, in every version, by more or less antiviruses.
An antivirus is usually looking in the file for certain sequences of bytes (virus signatures). It's a method that can easily produce false positives.
Also, yeah, it's known that the Pyhon packer also produces false positives.
The binaries are not built by the one that writes the code, exactly for double checking and to avoid surprises.
Also, OP, don't rule out that maybe something else you have installed could have already damaged something.

The following words tell it all:

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.

[BrewMaster]

The author himself or one of the contributors is infecting the shit out of people.
https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection

you can't accuse people when you don't provide any proof.
this file you posted here is 5.23 MB while the Electrum installer for windows (.exe) is 35.28 MB. so obviously you have something else that only has the same name! the runner alone is also 6.01 MB!

This copy of electrum has been on my desktop for 1 week now,
This is the copy I just downloaded.
https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

how is it that you easily trust a closed source website with a bunch of closed source antiviruses that you don't even know what they do and you can't trust something that is open source?

[TryNinja]

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

[ThomasDavis2018]

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.

[bob123]

The author himself or one of the contributors is infecting the shit out of people.

[...]

This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

If you don't know how AV engines work, please stay away from posting this nonsense.
Noone needs your brainless contribution here.


All of these AV's which flagged electrum work with heuristics, NOT runtime analysis. They are false positives.
If you don't understand that, its fine.  But stop spreading your bullshit.


It is easy as hell to create malware which is NOT detected by AV's.
So.. please explain.. why should ThomasV (who is a very good developer) be stupid enough to get a potential malware flagged as malware ?    This doesn't make any sense.
It takes less than 5 minutes to get malware obfuscated enough so that it won't be detected as malware anymore.

POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.

I think you misunderstood something.. Noone wants you to upload something.
Just tell us where in the source code the backdoor is.

Source code: https://github.com/spesmilo/electrum

We are waiting.

[DireWolfM14]

Ok I'm uploading proof shortly.

24 hours later, and still nothing?  What is your definition of "Shortly?"

This whole thread is a joke.  Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.

[BitMaxz]

It looks like he scanned a fake one and he scanned a standalone Executable which is electrum-3.3.6.exe

I already scan the standalone executable file and other installers the result is different from the original one.

Here's the result for standalone https://www.virustotal.com/gui/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection
For installer https://www.virustotal.com/gui/file/7bc45c53a0179f5889dd68c7f023c6b27e050bf73c84bcd854a6ffe3a83bdf1d/detection
For portable https://www.virustotal.com/gui/file/f46d34e29d148c1257183f12e1a1beee2ea31677c280e006f46d57261514d13e/detection

[stomachgrowls]

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.

Love that option 3 which would suit out for OP. 

Ok I'm uploading proof shortly.

24 hours later, and still nothing?  What is your definition of "Shortly?"

This whole thread is a joke.  Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.

Im little bit triggered on the topic title but it seems OP doesnt have the plan to make argumentation on this thread.

He do tries to prove something but eventually failed. Sad