Spotify Community

Rakkzo · 2019-04-04

Plan

Premium

Country

Sweden

Device

(Samsung Galaxy S6, PC)

Operating System

(Android 7, Windows 10)

My Question or Issue

Hello!

My Windows Defender flagged the following file C:\Users\AppData\Local\Spotify\Data\e9\e9595c535c54b2ad17449a5343777019434fa4f4.file as a trojan of the type Trojan:Script/Foretype.A!ml(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Script/For...).

I've been listening to music through the Spotify client on my PC and Samsung Galaxy S6. I also visited the following website: https://summerburst.se/goteborg/artister/ which have implemented the Spotify web UI player. I did play a few tracks from that site. But I cannot remember in which order or what could have injected the potential trojan.

Any ideas on this one? Could it be a false positive?

Thanks in advance!

Katerina · 2019-06-07

Hey there folks,

Thanks for taking the time to report this here in the Community!

We can assure you that Spotify is safe to use.

No worries, our support teams will be more than happy to take a closer look and investigate why this happened. You can do so by heading here.

We'd also suggest having a zip with the suspicious file available so you can pass it on to the right teams when they reply to you.

Hope this helps! Don't hesitate to give us a shout if there's anything else we can help with.

Have a lovely day 🙂

KaterinaModerator

Help others find this answer and click "Accept as Solution".

If you appreciate an answer, maybe give it a Like.

Are you new to the Community? Take a moment to introduce yourself!

View solution in original post

Yps · 2019-04-04

Agree, got the same, but not same file: false positive?

....\AppData\Local\Spotify\Data\3b\3b94a597ab73b9a3a011acf3c64ebfc592788400.file

faerydreaming · 2019-04-04

I got the same thing today. Opened the Spotify cilent on Windows 10 and Defender immediately flagged a similar file as a Trojan:Script/Foretype.A!ml. For me, the file is called \Data\78\7870964bcc95cf92e7eb83258966e1dfd5cdc49b.file

Hopefully it's just a false positive.

Rakkzo · 2019-04-04

Yes indeed! Hope it is just a false positive. Have you performed any virus scans afterward?

Rakkzo · 2019-04-04

Wounder what caused it to be flagged? Maybe Windows Defender virus defenitions could not recognize the file and therefore flagged it? My last update of defenitions was done around an hour before the flag popped up. I did not receive any updates to Spotify today. So it would be intresting to know what it was. As it happened to some more people.

Yps · 2019-04-04

I can´t find the file anymore, but would good to send it to virustotal to verify if more antivirus engines detects it: https://www.virustotal.com/#/home/upload

faerydreaming · 2019-04-04

I went ahead and temporarily took it out of quarantine to put it into VirusTotal. Oddly, it's showing as everything saying it's clean, including Microsoft. Here are the results: https://www.virustotal.com/#/file/0097aa5ace99ed9f496bc91b91a1ea4896088aa4577192b8f7db4eaf5b2193ed/d...

Yps · 2019-04-04

Sounds like a false positve, maybe send the file to Microsoft?

https://www.microsoft.com/en-us/wdsi/filesubmission

GenesisClimber · 2019-04-05

I also got a Windows Defender notification for the Trojan:Script/ForetypeA!.ml, on this file:

\AppData\Local\Spotify\Data\47\475e6287fec87c4d9d9d087d9384ac295100418d.file

I don't recall accessing Spotify on any non-Spotify sites recently. Occasionally I'll allow a site to like / follow an artist on Spotify for access to a music download on something I've found on SoundCloud, but I haven't done that in a few months.

Gastro_Clemens · 2019-04-05

Windows Defender found a trojan in the Spotify folder about 6 hours ago. I've since the run a full scan and found two more of the same kind as described by Rakkzo. Can an employee explain to me as to why this is?

Eldaria · 2019-04-05

Yup same here.

Would be good to get a comment from Spotify.

AppData\Local\Spotify\Data\4b\4b2d1b928a5e44c15a32f79104bd700b7a89b57c.file

maoft · 2019-04-05

I got the same notification from Windows Defender on file: ..\AppData\Local\Spotify\Data\89\895c448b290c634b1e05c0f6691a75f2304b19c0.file

It was identified as Trojan:Script/Foretype.A!ml - Alert level: Severe

My spotify updated itself to version 1.1.3.259.g8172f63a today and I was listening to music while Windows Defender picked up the threat. Would be great to get a comment from Spotify on this!

mosohodPeti · 2019-04-05

Hey there everyone!
This is most likely a false positive. Make sure your Windows Defender's database is fully up to date, and check with a trusted antivirus if it still detects anything!
Let me know how things go! Have a great day! 🙂

k77d-lb_yahm · 2019-04-05

Also reporting in this happened to me as well.

mosohodPeti · 2019-04-05

@k77d-lb_yahm Please check if your Windows Defender is up to date and scan again with a trusted antivirus. Its most likely a false positive.

János · 2019-04-06

Hi! I had this problem a few moments ago. I wrote Mail, I look forward to your reply because it is not reassuring reading the "guessing" that the alarm is wrong. There is a reason for this, and the Trojan horse only appears in the application ...
I will install the app again tomorrow, see how it behaves!
Regards, John

maoft · 2019-04-06

Just an update: I have updated my Windows Defender definitions and ran a full scan as well as complete scans with MalwareBytes and SuperAntiSpyware all with negative results. With exceptions to the original file that was quarantined (and removed) by Windows Defender I no longer see any trace of the trojan. It may very well be a false-positive but given the nature of this type of trojan I am not entirely convinced it was a random coincidence. I hope someone at Spotify can shed some light on how this was picked up by Windows Defender.

I want to note that this happened on my new work computer (clean install) and as a software developer I am certain all programs installed are from trusted sources including Spotify

troytlb2 · 2019-04-06

Yeah, I've got the same problem, recieving the same Trojan as you guys. My PC stays entirley clean, has a realtivly fresh copy of windows on it. Could we please have some closure from Spotify?

papa_D · 2019-04-06

Same here.

I just updated Spotify today and saw I had notifications. Checked and apparently the trojan was found a few hours before the update.

Clarification?

knutsi · 2019-04-06

Got the same thing right now. Scary. First time ever Windows Defender alerted me to something. It would be nice with some reassuring confirmation this was a false positive, and not some breach at Spotify spreading malware around.

Spotify Community

Trojan found in Spotify folder

Trojan found in Spotify folder

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Trojan found in Spotify folder

Trojan found in Spotify folder

Suggested posts

Let's introduce ourselves!