Microsoft Defender ATP is Detecting Yesterday’s Chrome Update As A Backdoor Trojan

While there are some that say Google’s software is a backdoor to them gathering as much info on you as possible, this is the first time that I have ever heard of antivirus software actually flagging Google software as a backdoor trojan. Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft’s top enterprise security solution, is currently having a bad day and labeling yesterday’s Google Chrome browser update as a backdoor trojan:

The detections are for Google Chrome 88.0.4324.146, the latest version of the Chrome browser, which Google released last night. As per the screenshot [embedded in the linked story], but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named “PHP/Funvalget.A.” The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months. System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possitive” and not an actual threat.

The consumer version isn’t behaving the same way. Thus my assumption is that this is a mistake by Microsoft in terms of it’s detection engine and we should have official confirmation of that at some point. Until then, the safe thing to do is to wait until Microsoft comments publicly on this just in case it is a real threat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: