False positive result or a phishing of some sort?

[SFR10]

While browsing the Service Announcements board, the following "thread ^[archived]" caught my attention, so I roamed around until stumbling upon one of its pin threads (Protect yourself from Bitcoin Clipper/Stealer Malware ^[archived]) that has three downloadable links; Two of them are for Malwarebytes and AdwCleaner while the remaining one is for a tool that they claim it detects "Bitcoin Clipper". Although the latter one is a file on google drive, I didn't open it but instead, I analyzed it with VirusTotal and got a phishing flag by Scantitan: VirusTotal result
^{- Having said that, I didn't get any flags while analyzing it with MetaDefender and Kaspersky.}



Should I open a thread on the "Scam Accusations" board or this is just a false positive result?

[1715637283]

1715637283

[1715637283]

1715637283

[1715637283]

1715637283

[1715637283]

1715637283

[1715637283]

1715637283

[LoyceV]

a file on google drive

Are there still people dumb enough to run executables from unknown sources? I'd say post a warning in that thread.

I analyzed it with VirusTotal and got a phishing flag by Scantitan

Even if it doesn't contain known malware, an executable can basically do anything once you start it.

Should I open a thread on the "Scam Accusations" board or this is just a false positive result?

If it's malware, the user should be Nuked.

[SFR10]

Are there still people dumb enough to run executables from unknown sources?

Unfortunately, from time to time I still see users that literally run/download anything from anywhere ^[SMH].

I'd say post a warning in that thread.

Just came back and "did" as you instructed.

If it's malware, the user should be Nuked.

I reported it as phishing...
^{- I'll update this post if anything changes.}

[NotATether]

VirusTotal makes MANY false positives for Windows utilities, even many of Nirsoft's famous tools are flagged by some AV's as malware, and Microsoft threatened to sue some antivirus vendors to make them stop flagging its Sysinternals suite of programs.

VirusTotal works by scanning the program with about 60 AVs, and I do not necessarily trust Scantitan to make accurate results.

(And by the way, running a malwarebytes scan is a completely ineffective way to prevent clipboard malware from running in the first place.)

[khaled0111]

I tead the thread and I understand it might be a false positive, hence we can't accuse him of anything ,yet. But what I can't understand is why he responded with such aggressivity to the warning you posted! Did he create that tool to be so sure it's legitimate and safe?

Anyway, there is no need to download or run any software to check whether your device is infected with the clipboard malware or not, just copy a valid address and paste it in any text editor, if they don't match then your device is infected.

[SFR10]

VirusTotal makes MANY false positives for Windows utilities, even many of Nirsoft's famous tools are flagged by some AV's as malware,
~Snipped~
and I do not necessarily trust Scantitan to make accurate results.

I tead the thread and I understand it might be a false positive, hence we can't accuse him of anything ,yet.

By the look of things, I have to delete my warning post and apologize to @hackcurrency.

But what I can't understand is why he responded with such aggressivity to the warning you posted!

Probably because he/she thought I didn't know the difference between phishing and malware and since I had to use the former one due to the flag, I totally understand why he/she thinks I'm someone that randomly/intentionally makes false accusations.

[Theb]

So I've seen their reply against your warning and all I can say is that this is not all the way true. Phishing doesn't require any kind of impersonation or identity theft as long as your point is to get the necessary credentials in order to steal the user's money for example there are fake giveaways and new kinds of wallets that doesn't need any kind of impersonation but their main motive is to get your private keys and passphrases their act alone can be classified as phishing.

Phishing: it is the crime of tricking people into sharing confidential information such as passwords and credit card numbers. As in fishing, there is more than one way to catch a victim, but there is a phishing tactic that is the most common. Victims receive an email or text message that mimics (or "impersonates") a trusted person or organization, such as a coworker, a bank, or a government office. Written at: https://www.malwarebytes.com/phishing/

It is evident that we are not doing any identity theft or trying to deceive anyone, you are completely confused or it is simply an effort to discredit a project that will have an incredible future.

Nonetheless users are right to point out that there is a lot of false positives happening with VirusTotal. IMO since it has detected to be phishing the only way to know is to see if their program is has something that aims to steal the information out of their users and unfortunately I don't have any ways of doing that except for installing it on an unused old laptop.

[ChuckBuck]

Is it sure that the results given by VirusTotal are 100% correct for assertions? Just wanted to emphasize that I do not protect the alleged user above, but in my experience, the results for VirusTotal may be wrong at some point. I used to experience it, the same file, when I posted it to the driver, there weren't any hazards, but when I posted it mega, it reported a threat. It might be a case to consider.

[bitcoinVPSD]

I think this might be an inaccurate result, though, there's nothing to prove if we don't have more specialized tools to test it. But I think this may be an inaccurate result, I have a concrete example here. The file link the user sent me was found to be dangerous (by VirusTotal), but when he posted it by another means, it didn't exist.