Q&A Mullvad 65 contains Win32.Trojan.WisdomEyes

Discussion in 'VPN and Privacy' started by Chigwells, Oct 27, 2017.

  1. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    #1 Chigwells, Oct 27, 2017
    Last edited: Oct 27, 2017
    Hi everyone, would anybody care to suggest what's going on here?

    Mullvad VPN just issued the latest update, 65, and it appears to contain WisdomEyes trojan. My AV flagged it up, which never happened before. I downloaded the Win version.

    Here's what VirusTotal has to say (and screenshot of same):


    Edit: Malwarebytes reports it can detect wisdonEyes, so possible this is a false positive?
    Trojan.WisdomEyes - Malwarebytes Labs

    mullvad 65.png

    Trojan.WisdomEyes - Malwarebytes_ Detections.png
    upnorth, Rengar and Opcode like this.
  2. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    Windows 10
    Baidu and eGambit. :unsure:

    I would assume it is a false positive detection since it is Baidu and eGambit and no vendors which I feel are "reliable" (unless generic detection specifically), but I've never heard of Mullvad VPN.

    Could you send me the executable you scanned with for VirusTotal? I'll see if I can look into it more and get back to you. I recommend you submit the file through the submission forms to a vendor or two (such as Avira, Avast, Emsisoft or Kaspersky) and see what verdict they respond with too, since they have teams dedicated to getting through submissions 24/7 haha.

    Better to be safe than sorry! (especially since VirusTotal is not the best for zero-day malware detection, so assuming it is just a FP is also a risk, but that doesn't mean it cannot just be an FP). :)
    upnorth, Anker_by, harlan4096 and 2 others like this.
  3. mlnevese

    mlnevese Level 10

    May 3, 2015
    Windows 10
    Mos probably a false positive...
    upnorth and Anker_by like this.
  4. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    Sorry I don't know how to do that lol! Couldn't find how to send you a message with attachment? You can download the file straight from Client | Mullvad if you get a moment.

    I uploaded it to Emsisoft. I'll report back their answer.

    Cheers, Chigwells.
    upnorth and Opcode like this.
  5. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    I guess it was a False Positive, here is what the Emsisoft support staff had to say:

    Emsi reply.png
    mlnevese likes this.
  6. upnorth

    upnorth Level 11

    Jul 27, 2015
    Chigwells and mlnevese like this.
  7. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    Thanks upnorth, didn't know that one!
    upnorth likes this.