Hi Mr. Avast,
Cannot comment, really, because we all here are volunteers. We do not have influence in such respects.
It is for avast team to decide what definitions they will launch for genuine and also for heuristic detections.
Understandable, it is their product, their definitions....
Would be interesting to find what threat analyzing programs will come up with,
apart from what VT has to show us.
As long as JavaScript is around, since the days of Brendan Eich developing the language,
it has been a two-pointed sword in many respects.
I work retire.js, node.js. It still stays a real can of worms, somewhat like what php is in the hands of many developers.
A script blocker of sorts like NoScript and uMatrix (alas now left by it's developer, probably because upcoming extension restrictions)
is a solution that always works against such threats (all of them, even those foreseeable in the future).
But end-users also have to reckon with what Big Tech and overseeing organizations have decided for us.
That's the world we live in. Have a good week.
polonus (volunteer third party cold recon website security analyst and website error-hunter)