Trojan in One theme

Ran Bitdefender and found a hidden trojan in one of the themes: d84lXiXG-kera-fashion-elementor-woocommerce-theme-file-and-license2021802-25850-99xqx3…etc.

JS:Trojan.Cryxos.8022

@jefferis

If this is the case then use this page here:

To report any vulnerbility you think exists.

It’s a false positive. The theme is safe to use.

I narrowed the “trojan” down to an open-source file named jquery.sumoselect.js. Its code closely matches the official code from GitHub, except the theme author moved a “use strict” statement to satisfy ThemeForest requirements, and added some WooCommerce-specific code to the bottom.

This is just another case of “artificial intelligence” scanning not being very intelligent when it comes to JavaScript files. There is absolutely nothing wrong with this file and the theme is 100% safe to use. I will notify the author about the false detection.

VirusTotal: 3cd38338eab9aae6f38e5fee86115e1790eea38e24cdedcc32752c82eb7b0f5d
File contents: https://elementor.thembay.com/kera/wp-content/themes/kera/js/jquery.sumoselect.js

Edit: The author has updated the problematic script and it is no longer showing as a trojan: VirusTotal

1 Like