nfcgate icon indicating copy to clipboard operation
nfcgate copied to clipboard

Published 20 hours ago verified publisher icon nfcgate

Malware scanner reports - app flagged as malware

Open IzzySoft opened this issue 1 year ago • 13 comments

May I kindly ask to take a look at VT for the latest release? With two major engines agreeing and being supported by 2 others, I'm not 100% sure to call it a "false positive" (maybe something slipped in?). I'll remove this update from IzzyOnDroid for now, just to be on the safe side (no offense meant of course!) – waiting for your response. Thanks for taking care!

IzzySoft avatar Jun 01 '24 09:06 IzzySoft

That's odd. We will have a look. Thanks for making us aware!

kleest avatar Jun 01 '24 10:06 kleest

Odd indeed! Hope it's something easy-to-fix :crossed_fingers:

IzzySoft avatar Jun 01 '24 11:06 IzzySoft

The previous NFCGate version 2.3.0 is also flagged now. Building a debug version locally from source also triggers the detection. This is a false positive. We will reach out to the vendors.

kleest avatar Jun 01 '24 12:06 kleest

Oof, by 5 engines even. Guess it's the "cart in front of the horse" again, scanners detecting something malware would use as well instead of the other way around (wouldn't be the first time). Hope you can identify the culprit and have it fixed by its vendor. Thanks again for digging in!

IzzySoft avatar Jun 01 '24 13:06 IzzySoft

After some communication with vendors, the newest version 2.4.2 is no longer flagged as malware or unwanted software. However, older versions and debug versions still are. I will keep this issue open for further updates.

kleest avatar Jul 08 '24 20:07 kleest

latest report

https://www.virustotal.com/gui/file/452e321ee5f48030331edd5e55ca936ddd2b20488ced726ad96d467fc04ca5e5

xcypher78 avatar Aug 25 '24 20:08 xcypher78

I'm afraid the false positive is in part also because of this https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/

GlassGruber avatar Aug 29 '24 14:08 GlassGruber

Ah, so again they blame the producer of the getaway car for the bank robbery performed by the car's driver. Not the first time I see such… :man_facepalming:

IzzySoft avatar Aug 29 '24 16:08 IzzySoft

We have added a statement regarding the recent news: #176

roussosalex avatar Sep 01 '24 20:09 roussosalex

Thanks! And :crossed_fingers: for getting that tackled!

IzzySoft avatar Sep 01 '24 21:09 IzzySoft

Ouch, it's getting worse: this time it's 9 engines, so v2.4.4 showed up with a red shield screaming "Alert!"

Could you please include a hint with your app description (full_description.txt) linking to your statement? I've just injected the following paragraph here locally, but it would be overwritten with your next update:

<p><b>Important notice:</b> Currently, NFCGate is wrongly flagged as malware by multiple scanning engines. Please see <a href='https://github.com/nfcgate/nfcgate/issues/176'>the statement of the NFC Gate team</a> for background on this. In short, this app is <b>not</b> malware. Malicious actors copied significant portions of source code from NFCGate when creating their malware, so this app is wrongly detected as such.</p>

I wrote it in the third person to make clear it's not part of your description, but be welcome to copy (and optionally adjust) it to your full_description.txt. Thanks!

@roussosalex @kleest

IzzySoft avatar Dec 12 '24 21:12 IzzySoft

Hi @IzzySoft, sounds like a good idea! We will include a statement as part of the next update.

kleest avatar Dec 12 '24 22:12 kleest

Preview from here:

image

Hm, no icon? Ah, couldn't be fetched because it's a symlink in the fastlane structure (something the Github API doesn't handle easily or I'm to stupid to figure how). OK, fixed now manually :wink:

IzzySoft avatar Dec 13 '24 01:12 IzzySoft