General Category > General Discussion
Virus in Android App?
Checki:
I get the download the Android app with the GS911 downloader a virus message on my Windows PC.
After transfer to my smartphone I get also a viral message
android.riskware.SMSSend.gQVj
Malware
That's not nice and I'm about my thoughts
What is going on here?
Inspector Gadget:
Could it be that you are using one of the free AV scanners on your machine?
These free versions use often some kind of heuristics to detect malware and some version are quite susceptible to false alarms.
And not detecting that well on actual viruses neither.
For the paid version you can always contact that vendor and ask them to do a deep analysis if there is indeed malware or not.
Xchallenge:
Yes, there are currently 6 out of 53 virus scanners that since today flag the Android app as malware when tested on www.virustotal.com. Yesterday all AV-scanners said the file was okay.
On the other hand, the file I download now is unchanged from the one I downloaded after it's release. Realistically that file have been used by many users for a year now and one would expect that any bad behaviour would have surfaced during this time. My guess is that it is a false-positive.
I expect a serious AV-manufacturer to have a reporting facility for false-positives, so please make use of it. Finding and fixing false-positives is really in the best interest of the AV-manufacturer, so they would be stupid not to make use of their complete user base for that.
Let's hope that someone from Hex will respond here...
Inspector Gadget:
Realistically, a False Positive can happen but it is a wee bit sloppy from the side of the AV vendor, if I may be so honest.
The number of different (!) malware is not as predominantly big on the Android OS-ses as, lets say, the ones for the PC.
There are some variants, but that does not merit a False Positive.
But that is my opinion, of course.
In my view, HexCode is not to blame nor the one to take action upon this.
As there are literally hundreds of AV vendors, or products that contain a form of AV protection, in some kind of shape.
It would soon become more then a day-job to maintain all those AV vendors.
VirusTotal is a quick-and-dirty method, but it is not watertight nor it is not without some criticism either.
The FP could be due to compression-schemes used, some coding-practices or something those AV vendors think alike that malware is behaving, that depends sometimes quite differently between the various AV vendors.
If your AV encounters something that appears to be a False Positive, your AV vendor is responsible for further investigation and resolving it.
Next to the fact, that AV vendors often respond rather more quickly to somebody (end-user) paying for their software (license) and reporting an FP then some software company (HexCode) that happen to generate an FP.
At least, these are my experiences.
I agree, any serious AV vendor does offer, track-and-traced, a reporting facility to submit any possible data to further analyse, both false negatives (= not detected malware) and false positives.
It is indeed also the user-base, next to other customers, AV researchers and so on, who will strengthen the detection-rates and also help avoid FP's.
kobus:
--- Quote from: Xchallenge on October 15, 2014, 12:16:46 AM ---Let's hope that someone from Hex will respond here...
--- End quote ---
Not much to say really.
It's a false positive. And as mentioned above, it's really the anti-virus vendor's job to make sure they do not report false positives.
Navigation
[0] Message Index
[#] Next page
Go to full version