Android Question The simple inclusion of the 'Net' Library causes malware detection

JohnC

Expert
Licensed User
Longtime User
A couple of users have reported that my app is being flagged by Avast Anti-virus as containing a virus - specifically the "Evo-gen [Trj]" malware.

I narrowed it down to the "Net" library (1.80 or 1.81) being included in my app. Meaning, if this lib is just "checked" in the Library Manager, my app will be flagged as containing this malware, even though my app doesn't normally use this lib (it only uses it when a compiler flag is set and this compiler flag is not set when it's being flagged as malware) - meaning I can simply uncheck that lib from the lib manager and I can compile the app without any errors.

I know that virus scanners simply look for pre-defined strings of bytes (the virus's signature) to detect viruses. So to see if the lib contained the signature, I tried simply adding the Net lib to another project, and it did NOT get flagged as malware - so this indicates the virus signature is not "within" the code of the net lib.

And I know the signature is not within my app because if I compile it without the Net Lib, it also won't get flagged.

Because my app only gets flagged as malware simply with the lib being included in it, it is making me think that this particular virus signature is being created by some unlucky matchup of the way the net lib is being included/attached to my app in some way.

So, is there a way to get the Net lib to "attached" to my app in a different way so that it won't create this particular virus signature?

(P.S. I also tried compiling my app with and without obfuscation in an attempt to change it's "signature", but it was still flagged both ways)
 
Last edited:

Almora

Well-Known Member
Licensed User
Longtime User
this is found on Huawei devices. actually it is not a virus. it is found in some users.

https://www.b4x.com/android/forum/threads/evo‐gen-virus.136189/#post-863397
 
Upvote 0

JohnC

Expert
Licensed User
Longtime User
https://www.b4x.com/android/forum/threads/evo‐gen-virus.136189/#post-863397
Thanks. Yes, I could contact Avast and report it as a false positive, but another av app "Defsquid" (fireos) also reports it as a virus.

So, I could contact a bunch of av companies to get it whitelisted, but I am wondering if there is a simple change I can do to my app so it won't match that signature so it's won't be flagged by any company.
 
Last edited:
Upvote 0

Computersmith64

Well-Known Member
Licensed User
Longtime User
Yeah - good luck with that. AVG flagged one of my apps (my most popular one, of course) as malicious a few years back & it took months of backwards & forwards emails with them to get it whitelisted. I vowed never to use AVG again after that.

- Colin.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…