Trojan found in Spotify folder

Plan

Premium

Country

Sweden

Device

(Samsung Galaxy S6, PC)

Operating System

(Android 7, Windows 10)

 

My Question or Issue

Hello!

 

My Windows Defender flagged the following file C:\Users\AppData\Local\Spotify\Data\e9\e9595c535c54b2ad17449a5343777019434fa4f4.file as a trojan of the type Trojan:Script/Foretype.A!ml(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Script/For...).

 

I've been listening to music through the Spotify client on my PC and Samsung Galaxy S6. I also visited the following website: https://summerburst.se/goteborg/artister/ which have implemented the Spotify web UI player. I did play a few tracks from that site. But I cannot remember in which order or what could have injected the potential trojan.

 

Any ideas on this one? Could it be a false positive?

 

Thanks in advance!

 

Hey folks,

 

Thanks for reporting this to us.

 

We've passed this on to the right team, who are now looking into it.

 

We'll let you know as soon as we have any updates on this.

 

In the meantime, make sure to click + VOTE if you're experiencing this.

 

Thanks!

mosohodPeti
Rising Star 16

Hey there everyone! 
This is most likely a false positive. Make sure your Windows Defender's database is fully up to date, and check with a trusted antivirus if it still detects anything!
Let me know how things go! Have a great day! :)

Related Issues

Comments
Yps
Newbie

Agree, got the same, but not same file:  false positive?

....\AppData\Local\Spotify\Data\3b\3b94a597ab73b9a3a011acf3c64ebfc592788400.file

faerydreaming
Music Fan

I got the same thing today. Opened the Spotify cilent on Windows 10 and Defender immediately flagged a similar file as a Trojan:Script/Foretype.A!ml. For me, the file is called \Data\78\7870964bcc95cf92e7eb83258966e1dfd5cdc49b.file 

  

Hopefully it's just a false positive.

Rakkzo
Casual Listener

Yes indeed! Hope it is just a false positive. Have you performed any virus scans afterward?

Rakkzo
Casual Listener

Wounder what caused it to be flagged? Maybe Windows Defender virus defenitions could not recognize the file and therefore flagged it? My last update of defenitions was done around an hour before the flag popped up. I did not receive any updates to Spotify today. So it would be intresting to know what it was. As it happened to some more people.

Yps
Newbie

I can´t find the file anymore, but would good to send it to virustotal to verify if more antivirus engines detects it: https://www.virustotal.com/#/home/upload

 

faerydreaming
Music Fan

I went ahead and temporarily took it out of quarantine to put it into VirusTotal. Oddly, it's showing as everything saying it's clean, including Microsoft. Here are the results: https://www.virustotal.com/#/file/0097aa5ace99ed9f496bc91b91a1ea4896088aa4577192b8f7db4eaf5b2193ed/d...

Yps
Newbie

Sounds like a false positve, maybe send the file to Microsoft? 

https://www.microsoft.com/en-us/wdsi/filesubmission

 

 

GenesisClimber
Newbie

I also got a Windows Defender notification for the Trojan:Script/ForetypeA!.ml, on this file:

 

\AppData\Local\Spotify\Data\47\475e6287fec87c4d9d9d087d9384ac295100418d.file

 

I don't recall accessing Spotify on any non-Spotify sites recently. Occasionally I'll allow a site to like / follow an artist on Spotify for access to a music download on something I've found on SoundCloud, but I haven't done that in a few months.

Gastro_Clemens
Newbie

Windows Defender found a trojan in the Spotify folder about 6 hours ago. I've since the run a full scan and found two more of the same kind as described by Rakkzo.  Can an employee explain to me as to why this is?

Eldaria
Casual Listener

Yup same here.

Would be good to get a comment from Spotify.

AppData\Local\Spotify\Data\4b\4b2d1b928a5e44c15a32f79104bd700b7a89b57c.file