Microsoft Defender Advanced Threat Protection (ATP), the commercial version of Defender antivirus, has identified the Google Chrome browser update (version 88.0.4324.146) introduced yesterday as a backdoor Trojan.
As can be seen in the screenshot shared on Twitter by Catalin Cimpanu, security journalist for ZDNet, Defender ATP for Chrome is detecting several files that are part of the Chrome update v88.0.4324.146 as a generic backdoor Trojan and named “PHP/Funvalget.A”.
An “automation error” on Microsoft’s part
It should be noted that Microsoft Defender ATP is the main enterprise security solution from the Redmond brand. It is worth noting that several users of Defender in its free version have said on their Twitter accounts that they are not receiving the same alert about Chrome and the possibility of backdoor Trojans.
According to ZDnet, Microsoft has said a few hours after this issue was discovered and users were talking about it on social media that the information Microsoft Defender ATP gives about Chrome files is false positives due to “an automation error.”
Suspicions towards December 2020 attacks
If we take into account that in the past month of December 2020 there were different attacks on the supply chain of large software companies and that it is still not well known the scope they may have had, there are users on Twitter who feared that Chrome could be infected.
When we talk about supply chain attacks, we mean that attackers compromise the security of a third party and thereby manage to infiltrate companies and customers in general who use their services. In December SolarWinds was the victim of a massive attack. The company was little known, but after its security problem, it became known that its software was used by many of the world’s largest companies. Among others, Microsoft. However, now the company that created Windows says that it is all a mistake and not a real security problem.
It should be recalled that at the end of 2020, an investigation by Microsoft’s response center discovered that beyond the presence of malicious code in SolarWinds programs, attempts to access its programs by a hacker had also been detected. “We discovered that an account had been used to view the source code,” said the Redmond company. The company explained that this problem had been solved and had not affected its customers.