Security issues - keylogger detected

[hhuutan]

Problem Description

The application was blocked by SentinelOne.

Diagnoses:

Persistence:

• Detect processes that write persistency through registry autorun keys
• MITRE : Persistence [T1547.001]
• MITRE : Privilege Escalation [T1547.001]
• Application registered itself to become persistent via an autorun
• MITRE : Persistence [T1547.001]
• MITRE : Privilege Escalation [T1547.001]

Injection:

• Library was injected to a remote process
• MITRE : Defense Evasion [T1055]
• MITRE : Privilege Escalation [T1055]

Infostealer:

• Keylogger Installation
• MITRE : Credential Access [T1056.001]
• MITRE : Collection [T1056.001]

General:

• Process started from shortcut file
• MITRE : Execution [T1204]

Besides that, the application makes a connection to a strange IP address: 151.101.1.229

Screenshots

Flow Launcher Version

v1.14.0

Windows Build Number

Windows 11 22H2 - OS Build: 22621.1413

[deefrawley]

There are no viruses, malware or keyloggers in the Flow code. It is open source and anyone can verify this. If you could log a false positive report with SentinelOne that would be appreciated.

[totpero]

Similar discussion here: https://github.com/winsiderss/systeminformer/issues/1668

[Garulf]

This happens a lot with open source software unfortunately. If possible we ask you to report this to your virus software vendor.

To keep safe always install Flow Launcher from its official source such as flowlauncher.com or at this repository under releases.

Also our code is all open source and available for anyone interested. It contains no malicious code.

I'm closing this issue for now. Please feel free to reopen if you feel this needs further discussion.