Quttera malware

  • Resolved Andreasd083

    (@personlighalsa)


    4 years, 6 months ago

    Is this a false-positive?

    FILE: wp-content/plugins/loco-translate/tpl/admin/file/msgcat.php
    FILE_MD5: 5de0bfbccf2f4aef93801a75915efe38
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: cb9032d2da89fb3542f57ddc3e549c0a
    THREAT_NAME: Heur.PHP.iframe.gen.38
    THREAT: preg_replace(‘/[-a-z]+/’, ‘\\0</e…
    DETAILS: Detected malicious iframe injection

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

  • Is this issue reproduced using a “heuristic – high sensitivity” scan?

    Thank you.

    Thread Starter Andreasd083

    (@personlighalsa)

    This is from the Internal Scanner – High Sensitivity.

    Thank you for provided information, yes this is FP, we already fixed the detection and will release new definitions database shortly.

    Thank you for pointing this out.

    Plugin Author Tim W

    (@timwhitlock)

    I can confirm that the file hash is correct as of v2.4.3 and that my plugin does not contain malware. The so-called threat is a harmless regular expression that generates a clickable link and has nothing to do with iframes. This plugin does not use iframes.

    Hi @timwhitlock, you absolutely right, we had some incorrectness in one of the detection rules which lead to this FP.

    The issue had been fixed in the lastly released definitions database.

    BR
    Quttera Team.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Quttera malware’ is closed to new replies.