Mr_Frog 11 Posted April 7 Share Posted April 7 (edited) This is for real or its just false positif. Just to make sure, I tried it again to install from play store and again ESET mark it as a malware. Anyone have the same problem? Edited April 7 by Mr_Frog Reposition the image Quote Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 7 Share Posted April 7 Quote we discovered the first Android clipper on Google Play, which led to Google improving Android security by restricting system-wide clipboard operations for apps running in the background for Android versions 10 and higher. https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/ Quote Link to comment Share on other sites More sharing options...
ESET Insiders zloyDi 4 Posted April 7 ESET Insiders Share Posted April 7 I think it's a FP. File was downloaded from Play Market page. Quote Link to comment Share on other sites More sharing options...
Barbarian 0 Posted April 7 Share Posted April 7 Same, happened ~1 hour ago. So I'm not alone, interesting... Quote Link to comment Share on other sites More sharing options...
ESET Insiders zloyDi 4 Posted April 7 ESET Insiders Share Posted April 7 Hello again, detecton will be removed after next update. Quote Link to comment Share on other sites More sharing options...
Phantom 0 Posted April 7 Share Posted April 7 (edited) Hello, same thing happened to me. I got the message Android/Clipper.AJ found for the installed Telegram application. I uninstalled the app and reinstalled it from Google Playstore, it gives the same thing. Edited April 7 by Phantom Quote Link to comment Share on other sites More sharing options...
1lor 0 Posted April 7 Share Posted April 7 yes i got this too a few mins ago Quote Link to comment Share on other sites More sharing options...
rfc 0 Posted April 7 Share Posted April 7 Is it false positive or a real threat? Same problem here. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted April 8 Administrators Share Posted April 8 It appears to be FP, the detection was removed yesterday and the app is no longer detected. Quote Link to comment Share on other sites More sharing options...
Mr_Frog 11 Posted April 8 Author Share Posted April 8 1 hour ago, Marcos said: It appears to be FP So that means its still a posibilty. Can yes can no,right? Quote Link to comment Share on other sites More sharing options...
AndiAusK 0 Posted April 8 Share Posted April 8 Was heißt FP ?? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted April 9 Administrators Share Posted April 9 21 hours ago, AndiAusK said: Was heißt FP ?? It stands for "false positive". Since this is an English forum, please post in English. Quote Link to comment Share on other sites More sharing options...
Tom100 0 Posted April 11 Share Posted April 11 I had installed the Telegram app from the Google Play Store app a long time ago. The Telegram app was updated on 4/5/2023. Neither the detection routines 27021, 27022, 27025, 27027 nor 27030 detected the app as malware. Only detection routine 27033 recognized the file as malware AJ Clipper. After uninstalling and reinstalling Telegram from the Google Play Store App it was also detected as malware. On the Virustotal website only Eset detected the extracted APK as malware. Detection routines from 27035 onwards no longer recognized Telegram as malware. However, I deleted Telegram and reinstalled it from the Google Play Store from detection routine 27035 onwards. Now the App was not detected as malware any more. According to the Google Play Store, the last change to the Telegram app was on 4/2/23. Before reading this thread I wrote an email to the German support. The German support does not know anything about a false positive or a problem? Can anyone official from Eset confirm that there is a false positive result according to detection routine 27033? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted April 11 Administrators Share Posted April 11 Yes, it was a false positive which was fixed in engine 27034. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.