Author Topic: App XP Investimentos False Positive  (Read 578 times)

0 Members and 1 Guest are viewing this topic.

Offline gustavo.santorio

  • Newbie
  • *
  • Posts: 4
App XP Investimentos False Positive
« on: January 21, 2022, 09:18:40 PM »
Hello,

I'm XP Inc. Software Architect!

Our clients are informing us about a Malware Advertisement in Android XP Investimentos App (https://play.google.com/store/apps/details?id=br.com.xp.carteira). Our team already analyze all the possibilities with this positive risk, and We concluded that is false positive. We tried to send a request to add this software in Whitelist, but the form seems to be out.

Can anyone please help us in this situation?

I have attached some evidences in order to help in analysis.

Thank you!

Gustavo Santorio
« Last Edit: January 21, 2022, 09:21:00 PM by gustavo.santorio »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37173

Offline gustavo.santorio

  • Newbie
  • *
  • Posts: 4
Re: App XP Investimentos False Positive
« Reply #2 on: January 21, 2022, 09:45:05 PM »
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Hello Pondus,


I already post this situation to the form too, but receive Internal Server Error from webpage.

Thanks!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37173
Re: App XP Investimentos False Positive
« Reply #3 on: January 21, 2022, 10:20:25 PM »
upload and scan file at www.virustotal.com

post link to scan result here, then avast lab can fetch file from VT when thay see this topic





Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33453
  • malware fighter
Re: App XP Investimentos False Positive
« Reply #4 on: January 22, 2022, 03:00:17 PM »
Wait for a final verdict from avast team, as they are the only ones to act.
Has that file been signed properly?
Is there an insecure inline script somewhere?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline gustavo.santorio

  • Newbie
  • *
  • Posts: 4
Re: App XP Investimentos False Positive
« Reply #5 on: January 22, 2022, 03:10:46 PM »
Thank you for the tip Pondus!

Here is the virustotal analyze link https://www.virustotal.com/gui/file/fdcfbea8552e010be3c8cd2a92cb288f9adfe4f5b16b4fad4a1cb7990548d8a1, but Avast and AVG seems to be out, because the analyze return no information.

Anyone know if this could be a problem in Avast?

Thank you!

Offline gustavo.santorio

  • Newbie
  • *
  • Posts: 4
Re: App XP Investimentos False Positive
« Reply #6 on: January 22, 2022, 03:17:37 PM »
Hello Polonus,

My problem is that the Whitelist form seems to be out, and return Internal Server Error. Our app have more than 2 million users, and we have a lot of security validations in our publication process. We don't have any insecure script in our code, and avast doesn't return any explanation to our clients. Just send the Malware advertisement.

I'm waiting for the responsible team answer my questions, but until there we can lose a lot of client, and this is the reason that I'm trying to contact anyone in Avast that can help me.

Thank you a lot!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 73605
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: App XP Investimentos False Positive
« Reply #7 on: January 22, 2022, 03:30:03 PM »
Hi Gustavo, as you're a developer, read here...

-> https://support.avast.com/article/229/
-> https://support.avast.com/article/228/
Win 8.1 [x64] - Avast PremSec 22.1.6903.IBC [UI.690] - EEK - Firefox ESR 91.5 [NS/uBO/PB] - TB 91.5.1
Avast-Tools: Secure Browser 97.1 - Cleanup 21.4 - SecureLine 5.15 - Driver Updater 21.4 - CCleaner 5.89
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86141
  • No support PMs thanks
Re: App XP Investimentos False Positive
« Reply #8 on: January 22, 2022, 03:33:35 PM »
<snip>
Here is the virustotal analyze link https://www.virustotal.com/gui/file/fdcfbea8552e010be3c8cd2a92cb288f9adfe4f5b16b4fad4a1cb7990548d8a1, but Avast and AVG seems to be out, because the analyze return no information.

Anyone know if this could be a problem in Avast?

It isn't a problem, avast doesn't do on-demand website/url scans on VT, it only does live website scans via the Web Shield, that is why you don't see them in the results.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 73605
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: App XP Investimentos False Positive
« Reply #9 on: January 22, 2022, 04:30:54 PM »
Dev-Info: Hello everyone, there was an issue with FileRep, leading to False Positives. The issue has been resolved (1 PM CET).
Win 8.1 [x64] - Avast PremSec 22.1.6903.IBC [UI.690] - EEK - Firefox ESR 91.5 [NS/uBO/PB] - TB 91.5.1
Avast-Tools: Secure Browser 97.1 - Cleanup 21.4 - SecureLine 5.15 - Driver Updater 21.4 - CCleaner 5.89
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37173
Re: App XP Investimentos False Positive
« Reply #10 on: January 22, 2022, 04:47:59 PM »
<snip>
Here is the virustotal analyze link https://www.virustotal.com/gui/file/fdcfbea8552e010be3c8cd2a92cb288f9adfe4f5b16b4fad4a1cb7990548d8a1, but Avast and AVG seems to be out, because the analyze return no information.

Anyone know if this could be a problem in Avast?

It isn't a problem, avast doesn't do on-demand website/url scans on VT, it only does live website scans via the Web Shield, that is why you don't see them in the results.
He did not scan a URL but a APK file (android)  Click VT details tab

avast/AVG is visible in the scan result but given "Timeout" 
avast-mobile engine give clean result






Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86141
  • No support PMs thanks
Re: App XP Investimentos False Positive
« Reply #11 on: January 22, 2022, 05:43:27 PM »
Thanks, I thought it was just checking a url.

That said there has been a response by Asyn from Avast-Dev.
Dev-Info: Hello everyone, there was an issue with FileRep, leading to False Positives. The issue has been resolved (1 PM CET).

So I would ensure that gustavo.santorio checks for update on virus defs or program.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33453
  • malware fighter
Re: App XP Investimentos False Positive
« Reply #12 on: January 22, 2022, 11:02:50 PM »
The only warning that the file scan results at VT produce is "Contains one or more Linux executables".

Also looked at the following scan results:
https://urlscan.io/result/1e2d2522-56e5-41bc-bc19-74bfdf177eab/

Nothing much in the form of indicators:
https://urlscan.io/result/1e2d2522-56e5-41bc-bc19-74bfdf177eab/#indicators

Nothing much here neither: https://urlscan.io/api/v1/result/1e2d2522-56e5-41bc-bc19-74bfdf177eab/

Look at the DOM
Quote
5[Violation] 'setInterval' handler took <N>ms
and
Quote
[Violation] 'requestAnimationFrame' handler took 76ms content.script.js
Violation - Update native-base version.

polonus (volunteer 3rd party cold recon website-security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!