I tried to download two different audiogames (like videogames, but only with audio), but Defender detected both as Wacatac trojan and quarantined them.
The first one is crazy party, it can be downloaded at the bottom of this page:
– Defender detects it as Wacatac
– on virustotal many vendors say it’s malicious
And the second one is manamon:
– Defender detects it also as Wacatac
– on virustotal many vendors say it’s malicious
When I got the alert for the first audiogame I though that Defender saved me, but with the second alert I started getting suspicious. Could it be that Defender tends to alert on every file that is not well-known? So I started doing some thinking/research and here are my considerations/findings:
– both audiogames are fairly known in the audiogame community. It is not a really big community, but it is quite weird that they both turned out to be malware
– windows defender gives no information whatsoever about the reason for having detected the malware. Is it behavior based? Is it hash based? Who knows
– there is absolutely no information on the internet about Wacatac, apart from the simple “it’s a trojan, delete it”.
– if you put the md5s of the audiogames in google you get no result
– Both websites are http. Quite unsafe, true, but this may be the reason why Defender says they are malicious
So in the end I have the suspicion that they are false positives and that Defender only alerts because they were downloaded from http websites. I wouldn’t say I am confident enough to run a potential trojan on my computer, so I am asking here: do you people agree?
submitted by /u/fabio_work
[link] [comments]