Closed visubesy closed 1 year ago
Those are false positives – it looks like some AV vendors are a little bit too careful and just matching by filename.
Element uses this version of d3dcompiler_47.dll.
As you can see, this file has a valid signature from microsoft.
For comparison, this is the file used in the attack
The malware used in the supply-chain attack has no valid signature and is much larger than the genuine file (due to containing hidden shellcode).
I'll close this issue, as this is just a false positive. But in the future, if you find something that you believe might be a security issue, please contact our security team instead of opening an issue: https://github.com/vector-im/element-web/security/policy
OK, thank you. Good to know that it is a false positive.
%HOMEPATH%\AppData\Local\element-desktop\app-1.11.26\d3dcompiler_47.dll is flagged as virus, see: VirusTotal - d3dcompiler_47.dll
Maybe, Element was attacked like 3CX where d3dcompiler_47.dll contained malware? See Hackers compromise 3CX desktop app in a supply chain attack.
Version of Element: 1.11.26 Version of Olm: 3.2.12