Malware in cloudflare js challenge page?

users have reported malware in cloudflare js challenge page
detected by highly reputable Antivirus software Kaspersky

also I find these hcaptcha in js challenge pages highly sketchy
AFAIK hcaptcha is a form of brutal monetization

I am very sad to see cloudflare service falling apart with malwares and hcaptcha
I hope they stop this nonsense before it’s too late, their reputation is at stake now…

1 Like

Thank you for reporting this issue.
Our Anti-Bot technique I the Javascript Challenge or Captcha is likely to be misinterpreted here by the “Expert Analysis” as malware.

Can you file a customer support ticket, so that we can investigate for that particular domain whether it’s actually malware or a false positive by Kaspersky? There is still a risk that someone is using protected paths to serve malware that just looks like our challenge but isnt. We will reach out to Kaspersky separately.

7 Likes

It seems strange to me that you just dismiss this as being “likely” a false detection without any prior verification. Shouldn’t you do investigations first and wait for the results of the investigation before jumping to a conclusion?

We would like to have more details about this whole hcaptcha process that you have introduced recently. Can you provide details about the business model of hcaptcha. Is it really meant to stop robots? Why not use google captcha instead then?

Moreover we would like to know if your js challenge uses third party content and how you scan that content for malicious software.

You might not be authorized to provide these details but at the very least I hope you will do some genuine internal checks and clean up whatever needs to be cleaned up. My advice as a webmaster : no source of income is worth ruining your reputation.

I recommend reading this blog article from Cloudflare which explains why they have moved away from reCAPTCHA, and also explains a bit what hCaptcha is exactly about.

5 Likes

I will say it since he most likely can’t disclose details. The file entropy is unusual and therefore it’s flagged by the anti-virus, the reason for the entropy being abnormal is the obfuscation that is commonly placed on those pages.

I’ve been working in the security industry for 10 years and Kaspersky has never returned a false detection, not a single time. Kaspersky is a benchmark within the security industry.

My confidence their detection is correct is 99.99%

Given the large numbers of false positives that Kaspersky and other malware tools have, it seems like a reasonable initial stance that it is more likely they are triggering on a false positive than that we have introduced malware into to own code to determine whether or not to invoke hCaptcha.

The ‘conclusion’ included a parallel track for investigation to ensure that this wasn’t an issue with our code.

1 Like

Seems like it did just now though… Because an error doesn’t exist to you doesn’t mean it’s not there for other people, there is a reason why all anti-viruses have an entire team dedicated to manually analyzing falsely reported files and adding them to an exception list.

Antiviruses prefer to be better safe than sorry, if a file is obfuscated and they can’t determine the behavior at a glance, it’s most likely flagged as malware.

That’s an amazing run of luck. They have a mechanism to report false positives

Unfortunately, manufacturers of security solutions cannot avoid false detection. At Kaspersky, we continuously improve the product testing system and strive to decrease the number of false positives. However, it is impossible to completely avoid such cases, as new threats arise every moment.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.