Jump to content

ESET now detects AI2 apps as PUA?


EAV8

Recommended Posts

Hello,

 

1. You could upload the file to virustotal.com to see if some more vendor detect it as a PUA or something else, and post a link with the results here.

 

2. You could post a link here from where you are downloading it incase someone wants to check it out. 

Link to comment
Share on other sites

If this really happens then it's quite strange, because app inventor is a legitimate software and I don't know why it should be PUA.

 

Could you upload an example apk and paste the link to it here?

Then upload it maybe to virustotal to check from who it is detected there. (Although you shouldn't rely on this, because virustotal isn't designed for such tests)

 

Additionally: What name does EMS (I think you tested it with EMS...) give the "threat"?

Edited by rugk
Link to comment
Share on other sites

ESS detects it as "a variant of Android/Appinventor.A"

 

Right now I can't upload a simple apk to virustotal, but you can find many virustotal links with this detection.

 

A simple google search: https://www.virustotal.com/en/file/79b0cbbee52ac84e607885405cd627b173c392c0f39556d5d570d97e0432fe7b/analysis/

 

Also, if you want to see it by your eyes, you can go to app inventor website and create a simple app, in some seconds.

 

Thanks for the answers ;)

Link to comment
Share on other sites

Okay, at first I tried to look for a description on the virusradar site, but there seems to be an error with the Android/Appinventor entry.

If you click on the descriptions you will only be redirected to the page for the latest descriptions and you won't see any description for this detection.

 

But I did what you say and created my own small apk. And when testing the detection with ESS and EMS I found something important out!

This apk was detected as as a potentially unsafe application - don't confuse this with a potentially unwanted application (PUA)! (When we use the abbreviation PUA here it means normally "potentially unwanted application" and not "... unsafe ...")

post-3952-0-29532300-1418502291_thumb.pngpost-3952-0-11933600-1418502306_thumb.png

 

In the second pictures you can see a short description of a potentially unsafe application - it is legitimate, but it can be misused.

And just FYI (and as an information for ESET): The link "more information online (only in English)" only shows the "homepage" of the ESET knowledgebase, so I don't get any more information and I also didn't found a specific kb article about "potentially unsafe applications" in the kb when searching manually.

I don't know how exactly this apps can be misused - maybe they cause a security risk somehow...

I don't know how this created apps work, so I can't say how they can be misused...

 

BTW the apk is detected on virustotal from ESET too, but in this test no other vendor detected it.

 

VSD versions I used:

ESS: 10873

EMS: 5265

Edited by rugk
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...