Microsoft Defender Advanced Threat Protection (ATP), commercial version of antivirus Defender, has identified the Google Chrome browser update (version 88.0.4324.146) presented yesterday as a backdoor Trojan.
As you can see in the screenshot shared on Twitter By Catalin Cimpanu, Security Journalist for ZDnet, Defender ATP for Chrome is detecting multiple files that are part of the Chrome v88.0.4324.146 update as a Generic backdoor Trojan named "PHP / Funvalget.A".
An "automation bug" by Microsoft
Keep in mind that Microsof Defender ATP is the main business security solution of the Redmond brand. It should be noted that various users of Defender in its free version have said in their Twitter accounts that they are not getting the same alert about Chrome and the possibility of Trojans of rear doors.
According to ZDnet, Microsoft has said a few hours after this matter was discovered and users talked about it on social media, that the information Microsoft Defender ATP gives about Chrome files they are false positives due to "an automation error".
Reports galore online, but only for Defender ATP. Defender free is not seeing the same issues.https: //t.co/MBNWMVlVoYhttps: //t.co/xLySMFGAZwhttps: //t.co/sIi0c9SUe7https: //t.co/DZMpar6CPlhttps: //t.co/dA1bB3hB9Zhttps : //t.co/PIo3cSpZ6j- Catalin Cimpanu (@campuscodi) February 3, 2021
Suspicions towards the December 2020 attacks
If we take into account that in December 2020 there were different attacks on the supply chain of large software companies and the extent that they may have is still not well known, there are users on Twitter who feared that Chrome could really be infected.
When we talk about supply chain attacks we mean attackers compromise the security of a third party and with this they manage to infiltrate companies and clients in general who use their services. In December SolarWinds was the victim of a massive attack. The company was little known, but after its security problem it became known that its software was used by many of the largest companies in the world. Among others, Microsoft. However, now the creator of Windows says that this is all a bug and not a real security problem.
It should be remembered that at the end of 2020, an investigation by the Microsoft answer center discovered that beyond the presence of malicious code in SolarWinds programs, attempts to access its programs by a hacker had also been detected. "We discovered that an account had been used to view the source code"said Redmond. The firm explained that this problem had been solved and has not affected their customers.