Trojan in Electrum wallet?

[Xal0lex]

I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine?



P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.

[1714484325]

1714484325

[1714484325]

1714484325

[jrrsparkles]

Just one report, then it seems a false positive.

If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum

How to verify your Electrum download

[Bitcoin_Arena]

Definitely a false positive. I have never even heard of Ikarus Antivirus before. 

So false positives have been popping up in the past too if you explore the closed issues in Github. At one point, there were 9 AV engines that would flag electrum as a malware, but a fix was done to reduce on those false positive detections.

[TheUltraElite]

If it is from their official website, then highly unlikely to be a true positive AV flag.

A remote possibility of their site having been hacked and posted a malware bound software there.

Just one report, then it seems a false positive.

If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum

How to verify your Electrum download

Verifying the signature does not completely rule out that possibility.

Hence that tingling spider sense of mine tells me that you should wait it out before operating that software. Mostly likely its false positive, but ..

[tranthidung]

I believe it is a false positive from Virustotal but to make sure, we must get official answer from Electrum team.

Can send a PM in bitcointalk to ThomasV or create an issue on Electrum Github or Electrum Twitter and wait for their team reply.

[khaled0111]

If you have downloaded Electrum for the official website (electrum.org) then you should have read this note on the bottom of the download page:

Electrum binaries are often flagged by various anti-virus software. There is nothing we can do about it, so please stop reporting that to us. Anti-virus software uses heuristics in order to determine if a program is malware, and that often results in false positives.

There is no need to report this issue to devs team. They will most likely ignore it.

Verifying the signature does not completely rule out that possibility.

If you trust the signers (Electrum devs) and you have properly imported their public keys from trusted sources then verifying the gpg signature should be enough.

[Abdussamad]

See "notes for windows users" at the bottom of the download page:

https://electrum.org/#download

[Yamane_Keto]

make sure to verify the signature with the wallet file that you downloaded. If the file is signed by the developer, do not pay attention to these warnings because they are false positive, else there is a virus that will redirect you outside electrum.org.

[keychainX]

I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine?



P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.

¨

Windows flags several Bitcoin wallets as trojans.

[NotATether]

Also in addition to what keychainX said, if you got an app that is making lots of connections to random servers, as Electrum does for its network of SPV nodes, then any antivirus is going to think that is malicious activity, because that's what malware does too. Although I have no idea what kind of virus "Win32.Patched" is refering to in this context, and it doesn't help that different vendors give viruses completely illogical and meaningless names for them.