Secure Endpoint Detecting Trojan on My Open Source Project Website

gregLTS · ‎03-28-2022

I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as well as numerous remote scanners, and absolutely nothing is being detected. I've also looked through the server and I'm unable to find any issues.

Is there anywhere I can submit my site with Cisco to have it analyzed, or is there someone I can contact to get further information about what's being detected and where?

Troja007 · ‎03-30-2022

Hello @gregLTS ,
i assume that the customer downloaded something from your website (browsing/download file) where Secure Endpoint is detecting something. Would be great having the SHA256 of the detected file, so we can take a deeper look.

Greetings, Thorsten

gregLTS · ‎04-09-2022

The user said they weren't downloading anything when the alert popped up, just visiting the homepage using Firefox. I've included the sha256 of the homepage below. I do also have a single download file offered on the site, so I've included the sha256 for it as well just in case.

Homepage: 5da911b41310e76687a8a4bc1fb9ba8b2a06d3231f4e35df541eccb3a668c65f

Download File: 1aeabcdbc74855b76820c68d95be238bea5401aeb34307c705cc2b4df8ee3eab