Jump to content

Recommended Posts

Hi,

Headwind MDM is the open source mobile device management system for Android. Recently, our users complain that one of the Android modules, the remote access module, is detected as a trojan. 

Here's the link:

https://headwind-remote.com/files/hremote-1.35-premium.apk

 

Our software is "open core" and the source code of the APK is available on github: 

https://github.com/h-mdm/remote-control-android

  The source code of that particular APK (full version) could also be provided on demand, it is available in a private repository.

Recently, we have ordered the source code review by an independent cybersecurity company. They thoroughly inspected the source code and found no malicious code, however they noted MalwareBytes and Eset trigger malware alerts. They reported two possible reasons: a trojan injection at build stage (unlikely) and a similarity to a GoatRat trojan which was apparently created by using our open source code base. The report is available here:

https://headwind-remote.com/files/HeadwindMDM-NTF-06-18-2023_Final_Rev2.pdf

 

How could we proceed to fix the issue?

Edited by AdvancedSetup
Disabled hyperlink
Link to post
Share on other sites

The IP is blocked. Staff will investigate.

The VT link for the apk. https://www.virustotal.com/gui/file/c407b3dc59e7b8ab357844dfc512bc1057c246f334200ebe0ffc0fd139b31aac?nocache=1

Category: Malware
Domain:
IP Address: 77.222.59.36
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

 

 

Edited by Porthos
Link to post
Share on other sites

Hi @vmayorow,

Thanks for reaching out!  I went ahead and removed the detection.  It will no longer be detected in future database versions.

However, looks like many other vendors are still finding this as GoatRat as the PDF you sent states:  https://www.virustotal.com/gui/file/c407b3dc59e7b8ab357844dfc512bc1057c246f334200ebe0ffc0fd139b31aac/detection

 

Link to post
Share on other sites

Thank you for reviewing our mobile application and I'm happy you confirm that Headwind Remote is clean and safe! 

I know that some other vendors still finding Headwind Remote as malware and I wonder how could I prevent this. We already got a clean report from a few of them (latest VirusTotal report shows 10 warnings whereas it had been 12 a week ago).

I would acknowledge if you give me any hints how the issue could be fixed globally. Do you know / use any open malware repositories containing malicious code samples where GoatRat could be stored?

Link to post
Share on other sites

2 minutes ago, vmayorow said:

Thank you for reviewing our mobile application and I'm happy you confirm that Headwind Remote is clean and safe! 

I know that some other vendors still finding Headwind Remote as malware and I wonder how could I prevent this. We already got a clean report from a few of them (latest VirusTotal report shows 10 warnings whereas it had been 12 a week ago).

I would acknowledge if you give me any hints how the issue could be fixed globally. Do you know / use any open malware repositories containing malicious code samples where GoatRat could be stored?

Private Message already sent before I even read this. 😉

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.