Millions Hit by Bogus Malware Warning

John Lister's picture

Microsoft's antivirus tools have mistakenly labeled Google Chrome and other browsers as housing malware. The error didn't cause any harm but may have annoyed or confused millions of users.

The mistake affected Microsoft Defender (previously called Windows Defender), the built-in security tool in Windows that is likely the world's most widely used anti-malware tool.

For most users, the mistake will have been most visible through a beeping noise and on-screen alert every time they opened Google Chrome. Confusingly, clicking on the notification opened up a screen which flashed more details for a split second before changing to say that everything was now fine.

Ransomware Warning

Users who could read very quickly, or clicked through to Microsoft Defender's list of fixed problems will have seen a claim that the tool had detected and removed "Win32/Hive.ZY".

If that was the case, its presence would have been very concerning and its removal a welcome relief. The malware in question is an example of "ransomware as a service", meaning its creators hire out the tool for people wanting to infect computers, encrypt files and demand a payment to restore access. (Source: theregister.com)

In fact, Defender was mistakenly identifying both Chromium (the underlying code of Google Chrome) and Electron JavaScript (software used to create desktop applications that can run on multiple operating systems) as being the Hive ransomware.

That meant that although Chrome was the most notable source of the mistaken alerts, it also affected other browsers and applications, including the Spotify music player.

Duff Database

Microsoft hasn't detailed exactly how and why the mistake happened. One theory is that Chromium had an update at almost the same moment as Microsoft updated its database of threats. That could have meant Defender didn't recognize a change in the Chromium code and mistakenly interpreted it as a threat.

Microsoft has now fixed the problem by updating its threat database. It issue a brief statement saying "We have released an update to address this issue and customers using automatic updates for Microsoft Defender do not need to take additional action." (Source: bleepingcomputer.com)

What's Your Opinion?

Were you affected by this problem? Were you concerned or simply annoyed?

Rate this article: 
Average: 4.8 (5 votes)

Comments

mazaprin's picture

I am only speaking for myself but most of the people I know have never used Microsoft Defender (or Windows Defender) for being unreliable and most use third-party protection like Kaspersky, Norton, and others that offer a Suite with many tools for protection and... Microsoft (Windows) Defender never shows on any list of the Best antivirus protection for PCs so I was surprised that customers are using Microsoft Defender. For my part, I have been using Kaspersky (consistently among the 3 best if not the best) for years and I have no complaints regardless of rumors that they are Russian spies but there is no proof of that.

trevvytrev_10414's picture

mazaprin, may I respectfully suggest you do a bit of research first because you are unfortunately coming out with the same mantra as everyone else, based on Defender's poor past reputation, which is no longer the case. Microsoft Defender is now a VERY GOOD antivirus/antimalware product and in recent tests (which you can easily find online) it is probably now in the top 5 for free products.

Personally, I use it all the time as my main antivirus but I also use Malwarebytes adwcleaner (free), Spywareblaster (free), Superantispyware (free), McAfee Stinger64 (free), F-Secure online scanner (free) and ESET online scanner (free) as a blended approach. They all play well together (although I only run each one at a time) and I feel I have a multi faceted approach to security which has kept my pc completely virus and malware free for a number of years now.

The added benefit of Defender is that it's free, it integrates seamlessly with Windows and works very quietly in the background, it updates itself with little to no input and it has a very low overhead as regards to your computer's resources.

Try it one-time, I think you'll be pleasantly surprised. Cheers and beers!