NextDNS Detected as a Trojan, Again?

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,864
Members on NextDNS forum reported about VirusTotal results already a month ago and also that their AVs ( Microsoft Defender etc ) started to flag the NextDNS agent as malicious. Apparently not the first time as seen in the quoted sources. It is several separate reports with a bit unusual amount of vendors flag it. False Positive ( FP ) is of course possible, but the malicious flags is still up and available since the first submission from December 2020.

  • Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
Official statement :
we just pushed a new version of the windows client. We often get false positives, even though our client is signed and does nothing wrong.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
This is very interesting, not because of NextDNS detection per se, but the nasty copycat practices of most vendors (look at the detection name), they will simple detect anything that Microsoft Defender or Kaspersky detects at VirusTotal without giving a "F" word.

Some years ago I even made a thread about this, you can see that Microsoft Defender had a false positive that was later fixed, but the copycats kept the wrong detection.

547.png



Capturar.PNG


My old thread about this:

Ps: Revisiting my old thread I noticed that some vendors finally changed the detection name for "Application Joke" or "Fake File Coder", I guess that they took notice of my complainings at that time.
 
Last edited:

Divine_Barakah

Level 27
Verified
Top poster
Well-known
May 10, 2019
1,614
Looking at VT results I do not see detections coming from Kaspersky and Eset. The aforementioned vendors’ detection names might have given us a clue about what is wrong.
20A762C7-606E-4C55-8516-9A5EC90AE266.pngF643A628-229E-4E5F-817F-32930894684A.png
But, unfortunately, the response of NextDNS is not in a way or another convincing. Let’s wait and see.
 
F

ForgottenSeer 85179

maybe the binary itself isn't the "problem" but the default NextDNS filter list which block some ads and tracking, and companies doesn't like that.
It's just a guess through