Trojan found in Spotify folder






(Samsung Galaxy S6, PC)

Operating System

(Android 7, Windows 10)


My Question or Issue



My Windows Defender flagged the following file C:\Users\AppData\Local\Spotify\Data\e9\e9595c535c54b2ad17449a5343777019434fa4f4.file as a trojan of the type Trojan:Script/Foretype.A!ml(


I've been listening to music through the Spotify client on my PC and Samsung Galaxy S6. I also visited the following website: which have implemented the Spotify web UI player. I did play a few tracks from that site. But I cannot remember in which order or what could have injected the potential trojan.


Any ideas on this one? Could it be a false positive?


Thanks in advance!


Hey folks,


Thanks for reporting this to us.


We've passed this on to the right team, who are now looking into it.


We'll let you know as soon as we have any updates on this.


In the meantime, make sure to click + VOTE if you're experiencing this.



Rising Star 16

Hey there everyone! 
This is most likely a false positive. Make sure your Windows Defender's database is fully up to date, and check with a trusted antivirus if it still detects anything!
Let me know how things go! Have a great day! :)

Related Issues


Agree, got the same, but not same file:  false positive?


Music Fan

I got the same thing today. Opened the Spotify cilent on Windows 10 and Defender immediately flagged a similar file as a Trojan:Script/Foretype.A!ml. For me, the file is called \Data\78\7870964bcc95cf92e7eb83258966e1dfd5cdc49b.file 


Hopefully it's just a false positive.

Casual Listener

Yes indeed! Hope it is just a false positive. Have you performed any virus scans afterward?

Casual Listener

Wounder what caused it to be flagged? Maybe Windows Defender virus defenitions could not recognize the file and therefore flagged it? My last update of defenitions was done around an hour before the flag popped up. I did not receive any updates to Spotify today. So it would be intresting to know what it was. As it happened to some more people.


I can´t find the file anymore, but would good to send it to virustotal to verify if more antivirus engines detects it:


Music Fan

I went ahead and temporarily took it out of quarantine to put it into VirusTotal. Oddly, it's showing as everything saying it's clean, including Microsoft. Here are the results:


Sounds like a false positve, maybe send the file to Microsoft?




I also got a Windows Defender notification for the Trojan:Script/ForetypeA!.ml, on this file:




I don't recall accessing Spotify on any non-Spotify sites recently. Occasionally I'll allow a site to like / follow an artist on Spotify for access to a music download on something I've found on SoundCloud, but I haven't done that in a few months.


Windows Defender found a trojan in the Spotify folder about 6 hours ago. I've since the run a full scan and found two more of the same kind as described by Rakkzo.  Can an employee explain to me as to why this is?

Casual Listener

Yup same here.

Would be good to get a comment from Spotify.