[clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

Al Varnell alvarnell at mac.com
Thu Dec 6 16:09:54 EST 2018


What kind of suggestion are you looking for?

They appear to be three different iPhone/iPad/iPod applications.

The signatures were added to the ClamAV database on 1 Nov 2018.

I would have to guess it has something to do with this Talos article:

<https://blog.talosintelligence.com/2018/11/persian-stalker.html?utm_source=mosaicsecurity <https://blog.talosintelligence.com/2018/11/persian-stalker.html?utm_source=mosaicsecurity>>

-Al-
ClamXAV User

On Thu, Dec 06, 2018 at 11:08 AM, David Laxer wrote:
> Hi,
> 
> I am running clamav-0.100.beta on OS X 10.11.6 and got the following messages
> Ios.Trojan.FakeTelegram-6736161-0 FOUND
> 
> Here’s my clamscan invocation:
> 
> $  clamscan/clamscan -i -r --exclude-dir=/Volumes --exclude-dir=/dev --exclude-dir=/Users/davidlaxer/clamav-0.100.0-beta/test --max-filesize=100M /
> 
> I received the following three alerts:
> 
> /Users/davidlaxer/iTunes Media/Mobile Applications/7notesHD Prem 3.2.2.ipa: Ios.Trojan.FakeTelegram-6736161-0 FOUND
> /Users/davidlaxer/iTunes Media/Mobile Applications/JapanGoggles 2.6.ipa: Ios.Trojan.FakeTelegram-6736161-0 FOUND
> /Users/davidlaxer/iTunes Media/Mobile Applications/Memo 3.0.0.ipa: Ios.Trojan.FakeTelegram-6736161-0 FOUND
> 
> Any suggestions?
> 
> Thanks in advance!
> 
> Best,
> -Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181206/ce6939a9/attachment.html>


More information about the clamav-users mailing list