d3dcompiler_47.dll of Element Desktop flagged as virus / trojan

element-hq / element-web

A glossy Matrix collaboration client for the web.

https://element.io

GNU Affero General Public License v3.0

11.11k stars 1.98k forks source link

d3dcompiler_47.dll of Element Desktop flagged as virus / trojan #25003

Closed visubesy closed 1 year ago

visubesy commented 1 year ago

%HOMEPATH%\AppData\Local\element-desktop\app-1.11.26\d3dcompiler_47.dll is flagged as virus, see: VirusTotal - d3dcompiler_47.dll

Maybe, Element was attacked like 3CX where d3dcompiler_47.dll contained malware? See Hackers compromise 3CX desktop app in a supply chain attack.

Version of Element: 1.11.26 Version of Olm: 3.2.12

justjanne commented 1 year ago

Those are false positives – it looks like some AV vendors are a little bit too careful and just matching by filename.

Element uses this version of d3dcompiler_47.dll.

As you can see, this file has a valid signature from microsoft.

For comparison, this is the file used in the attack

The malware used in the supply-chain attack has no valid signature and is much larger than the genuine file (due to containing hidden shellcode).

justjanne commented 1 year ago

I'll close this issue, as this is just a false positive. But in the future, if you find something that you believe might be a security issue, please contact our security team instead of opening an issue: https://github.com/vector-im/element-web/security/policy

visubesy commented 1 year ago

OK, thank you. Good to know that it is a false positive.