Skip to main content

Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

Trojan in itch.io app?

A topic by Nattehine created Jan 05, 2019 Views: 3,336 Replies: 5
Viewing posts 1 to 7

Like the title suggests, I got a trojan while trying to download the official program. I went to www.itch.io/app and pressed "Start Download" and it took me to a strange url which I will not mention because of safety reasons. BitDefender flagged the site as unsafe but I figured it was just a false alarm so I continued anyway. BitDefender thankfully deleted the file right away when the download started automatically.

The trojan was this one: Gen.Variant.Graftor.532430.

Guess I won't be trying to download the app ever again...

(+4)

Well let me say that it is impossable to get trojan virues on a open sorce project, everyone would have seen it the moment someone tryed to add it. I test out the app on a VM to see if anything happen to it but nothing bad happen: https://app.any.run/tasks/96541bca-b0c4-451d-b2fa-c47c7de5989a

The screenshots you see are what you will see when you going to download the program. What really happen is that your got scam from the company BitDefender and they did not scan the program but instead used this result: https://www.virustotal.com/en/file/63e21381be337f57ca65686df6821c9b27139b8758b31...


This picture is what happens to the program, it shows zero trojan being installed.

Admin(+3)

Thanks for the heads-up. This is definitely a false positive. Programs that download and install more software can trip up basic virus scanners. We'll investigate this more to get it resolved.

Admin moved this topic to Questions & Support
(+1)

As the developer of itch & itch-setup, I also confirm this is a false positive. We've gotten 3 reports of that particular false positive in the past two days, but nothing has changed on our side (our servers are still serving the same executable, which is built on our servers, signed with our code certificate, from open-source code).

We hope AV vendors will take action quickly to squash that false positive, as we don't want our users to be worried for nothing!

(+1)

Thanks for all the reassurance! I got really scared there for a moment. I'll try to get in contact with BitDefender support and inform them of this issue.

(+1)

There's a lot of bad antivirus programs out there, and even a bunch of malware that claims it's antivirus (PC Optimizer Pro, anyone?). I remember the infamous case of Norton Antivirus deleting itself thinking it was a virus. It's good to stay vigilant, and make sure good programs STAY good :P

This topic has been auto-archived and can no longer be posted in because there haven't been any posts in a while.