Trojan included in Free Word Press File

themeforest

#1

Received an email from Theme Forest offering the following 3 x Word Press files Free

  1. Kora - Portfolio/Agency Theme
  2. Cinderella - Beauty, Hair and Spa Theme
  3. Business Hub for Online Businesses

Windows Defender found a TrojanDownloader:JS/Jasobfus.B!ml in file themeforest-15670928-kora-portfolio-agency-wordpress-theme-file-and-license20180531-15678-9f1wlq.zip


#2

They don’t send the free file offers at the middle of the month. Are you sure that is it actually from Envato? ( check the email email address )

On the other hand, Envato doesn’t offer 3X WordPress theme for free at the same time.


#3

I believe it is the offer came via market.news@envato.com and I logged into my account on Envato got the link directly from Theme Forest and was allowed to download for free before 1 July 2018 and Windows Defender found this TrojanDownloader:JS/Jasobfus.B!ml in this file

themeforest-15670928-kora-portfolio-agency-wordpress-theme-file-and-license20180531-15678-9f1wlq.zip


#4

This file is safe. You can check it here:

https://www.virustotal.com/#/file/2dd1b2e50cd2a27dd2dbb9abc79964b0f75ad4feaec9a98f7236c295713de85d/detection

Windows Defender is notorious for false positives. In fact, even more interestingly, if you disable Defender, download the file, re-enable Defender, and then manually scan the zip file by right-clicking on it, it doesn’t detect it as infected. :thinking:

What it claimed it found in your case was a “trojan downloader” in the form of a JavaScript file, rather than a trojan itself. Not only is this a common false positive in many anti-viruses, but in a browser environment, such a thing (if it were true) is impossible.

If you’re still concerned, you can contact support and they’ll have the file re-checked.

Cheers!


#5

Hi @wecare30 - thanks for raising this.

That file is currently being checked by the ThemeForest Quality team, but it looks like @baileyherbert is correct - we’ve received several support tickets about the alert, but it appears to be a false positive from Windows Defender.

@ki-themes We have a group of free WordPress themes available here. That’s a landing page run by our SEO team, and it’s also featured in occasional Market Mail campaigns like the one sent last night. Most exposure for that page is aimed at new customers, so you may not have seen it before.


#6

You mentioned that the file is being checked. So just to confirm, is it ok (false-positive) ?


#7

@alber99 Yes, after a full investigation our team has reported a false positive to Microsoft. The file should be fine to use.