Android app is getting marked as malware on Virustotal

[bcheeves]

It looks like MaxSecure is the only vendor marking it as malware. It labels it as: Trojan.Dropper.AndroidOS.Hqwar.bb

I've done a little digging, so far it's not obvious why it's marking it as malicious. Closes thing that I've found research wise is an Kaspersky article written in 2017 about this type of Android Trojan and said that it was commonly abused in banking apps using some packer/obfuscation techniques. But first of all, the source code for this utility is online. I've tried looking at sections of that to see why it might flag it as malware. I've also reviewed the sandbox analysis/behavior results in VT. I've also tried decompiling the APK and I don't see any obvious signs of a packet being used yet. I'm confused.

I wanted you to know since it's not obvious why their Antivirus is marking it is malware, but they are.

[xhdix]

Removed from Google Play! https://play.google.com/store/apps/details?id=app.openconnect&hl=en and F-Droid: https://f-droid.org/packages/app.openconnect/

[cernekee]

Removed from Google Play!

I disabled the Google Play listing until bug #51 is fixed (and the API usage can be brought up to date with the latest standards).

Trojan.Dropper.AndroidOS.Hqwar.bb

Re: https://blog.malwarebytes.com/detections/android-trojan-dropper/

There are native binaries in the assets directory (e.g. a locally bundled version of curl) but there are no APKs in there. As noted above, everything is built from source.

[codeitnos]

Have you solved this problem? I have the same problem and cannot find the cause of it! I would be glad to have any help in solving it! Thanks!