Skip to main content
S
Sokoeun5FAD
Participant
May 10, 2021
Answered

Adobe Acrobat apk version is detect in Virus Total- TrojanDropper.VBS.cvi

  • May 10, 2021
  • 4 replies
  • 8443 views

Dear Sir/Madam,

We have downloaded Adobe Acrobat android apk version from Adobe Inc. on Google playstore and scanned on Virus Total. The result was one Trojan was detected as you could see in screenshot. We would like to know whether it is false positive or there is missing point that Adobe team have not checked. Pleased kindly check and update us. Thank you!

 

 

 

 

This topic has been closed for replies.
Correct answer ls_rbls

Dear @ls_rbls, thank you for your suggestion and recommendation. 

It was my fault that I did not mention much about my purpose last time. In my orgazation we are using tablet and we need to install pdf in order to be able to open some file, so Adobe Acrobat first came to our mind because we could say it is world-wide used and such a well-known company we can trust. We need to install pdf on many tablets by using MDM and to be able to scan apk version before push to those tablets we downloaded it from Google playstore on a mobile phone and took out that file to upload on Virus Total. The resutl of scanning was Trojan detected as in previous screenshot.  So what we need now is confirmation that this apk version is clean or not.  If it is clean, no any malicious code embeded we will use this apk version to push to our tablets. If it is not clean please check it and advise us which version to use. 

I have not notified to Google support about this yet. 

 

Thank you!


Well, you can re-test yourself with the link below:

 

https://get.adobe.com/reader/enterprise/

 

Select Android from the dropdown 64 bit version for ARM for Android devices verion 5 and above.

 

If you run the Virus Total scan again on this apk file you will get the same results.

 

Curious enough though, Jiangming is the only security vendor that flags the Adobe app as having the  the trojan dropper. 

 

If you research a little bit about them, they seem to be operating from China amd providing services since 1990. But, in other security forums that I researched, Jiangmin also pops up as a malicious process when you use other scanners.

 

If you go to the Details tab of the Virus Total scan results, you'll notice that many of the third party files embedded with the apk are URL  routines that points to Google PlayStore and Microsoft, and of course other Adobe online services.

 

So I am unsure if Jiangmen is trying to advertise themselves through Virus Total giving false positive results to users so they subscribe to their premium service, or, if indeed the file is infected in both Google Playstore and Adobe download servers.

 

I would sayd to submit this finding to Adobe directly using the link that I provided for you earlier and see if Adobe can confirm that this virus scanner is accurate or not.

4 replies

ls_rbls
Community Expert
ls_rblsCommunity Expert
Community Expert
May 15, 2024

@maz37399312q1yl ,

 

Thank you for updating this thread !

R
Ricky33398057b1x0
Participant
November 5, 2023

Is this an adobe virus? What is this?

ls_rbls
Community Expert
ls_rblsCommunity Expert
Community Expert
November 12, 2023

Hi @Ricky33398057b1x0 ,

 

Please elaborate on what were you trying to install when you got that message.

 

Based on the screenshot alone is hard to tell what exactly you were trying to accomplish. The message doesn't necessarily indicates that you have a malformed installation package or corrupt, it may also be the wrong version forced onto your current mobile device's operating system (for example).

 

Did you run an anti-virus scan before executing the installation of the packaged software ?

S
Seth32459937b84c
Participant
September 22, 2023

The detection of a TrojanDropper.VBS.cvi in the Adobe Acrobat APK version on VirusTotal is a concerning issue that should not be ignored. It suggests that the APK file may be compromised or infected with malicious code. Here's what you should consider doing:

  1. Delete the Suspicious APK: Do not install or open the APK file if it's flagged as containing malware. Delete it immediately from your device to prevent any potential harm.

  2. Official Sources: Always download software or apps from official sources, such as the Google Play Store for Android apps or the official Adobe website for Adobe Acrobat. Avoid downloading files from third-party websites or untrusted sources.

  3. Scan Your Device: After deleting the suspicious APK, perform a thorough scan of your device using reputable antivirus or anti-malware software to ensure that there are no lingering threats on your device.

  4. Report the Issue: If you believe that the Adobe Acrobat APK file was obtained from an official source and should not contain malware, consider reporting the issue to Adobe. They can investigate and take appropriate action.

  5. Stay Informed: Keep an eye on official announcements from Adobe regarding security issues and updates. It's possible that they may release a fix or update for the issue.

  6. Avoid Side-loading Apps: Whenever possible, avoid side-loading apps (installing apps from sources other than official app stores) to reduce the risk of downloading compromised files.

Remember that security should always be a top priority when downloading and installing software or apps on your device. If you're in doubt about the legitimacy of a file or encounter any suspicious activity, it's best to err on the side of caution and seek guidance from trusted sources or security experts.

    ls_rbls
    Community Expert
    ls_rblsCommunity Expert
    Community Expert
    May 11, 2021

    Are you using Whatsapp and Facebook apps in your mobile device?

     

    You may need to provide more information. The screenshot that you've provided doesn't says anything.

     

    Where did you run the scan?

     

    What is the original name of the apk file that you claim was downloaded from the Google Playstore?

    S
    Sokoeun5FADAuthor
    Participant
    May 11, 2021

    @ls_rbls 

    On the mobile phone that I downloaded apk file has Facebook and Whatsapp. 

    I upload downloaded file to Virus Total and the result was like in the previous screenshot.  This the file name Adobe Acrobat 21.4.0.17702. 

     

    ls_rbls
    Community Expert
    ls_rblsCommunity Expert
    Community Expert
    May 12, 2021

    Was it just the download to your phone , or did the file installed itself soon after the download completed?

     

    Did you also notified Google support of this issue?

     

    It Seems like Google Playstore is becoming more prone to these type of trojan droppers in their download servers.

     

    If your phone is not acting weird in any way after the download, it is worth noting that the trojan droppers (specifically the ones that are already identified to plague the Google Playstore during the last couple of years),  uninstall themselves soon after it installs itself on that device and after loading the unkown malware in the device.

     

    If it was up to me, I would put that mobile device in airplane mode, and do a backup of all your important documents, and address book contacts to an external USB device. But I would plug the USB device to a diskless workstation, like using a virtual machine, or bootup the diskless computer directly from CD ROM using  a live ISO image of any Linux OS distribution of your choice.

     

    I am suggesting this because notice the file extensions of the virus-trojan detected by Virus Total: .VBS. and .cvi file extensions.

     

    You can't really tell if the malicious code would only affect Micrososft Windows computers or  macOS systems, but we can assume that  by .VBS there could be some macros targetting Microsoft Office programs.

     

    Notice also the .cvi file extension which is usually associated with the Canva or Canavas image and illustration program, which is commonly used to create and download content from socila media websites.

     

    We may assume that a trojan claiming to execute a Canva app  could trick the operating system to try an open such program in that computer device (regardless if it is installed or not) , and instead try to exploit vulnerablities as soon as the OS detects your phone attached to your desktop computer.

     

    OR, it could also pass intself undetected by malware and antivirus scanning software, and pose as a legitimate program that is just trying to fetch proxy images residing somewhere in a vulnerable proxy server between your infected mobile device and Facebook, for example.

     

    From what I've read, such proxy image requests that are normally pulled from a social media websites are blocked by Facebook depending on the region.

     

    Anyway, after you figure out how to do a safe data backup, do a hard reset in your mobile device to factory defaults.

     

    Just remember, use a known good working computer (not that mobile detice) to go online and access your bank accounts, email services, etc. and change your passwords... consider even changing your phone number and notify Adobe of  this security issue using this link: 

     

    https://helpx.adobe.com/security/alertus.html

     

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices