Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 60317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA detected: 'SpiGot'

Berzerk

Hi

We have received multiple PUA's on 100 to 150 machines. The detected files are basically java script examples : after.js and background.js

please find the example : PUA detected: 'SpiGot' at 'C:\Users\k113899\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbpcfgdgiemlcaggjhjcinhblflmgdlj\2.2_0\after.js'

 

These detection's came in off business hours and today we might see more users with the same alert. 

 

So my question is did this alert triggered from Sophos end ?

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Amit Thakur,

    with 100 to 150 machines you're likely not referring to a Free Tool, aren't you?

    Anyway, you can see from the analysis that the detection has been updated on September 29th, it could be gung-ho or it could be right. The path suggests it's loaded as extension in Chrome. As it's classified as Potentially Unwanted Application it's up to you to decide whether it's actually unwanted or not.

    Christian

  • 0 in reply to QC

    This SpiGot after.js seems to be an epidemic as users upgrade to the new Chrome v69.x.  Hard to believe so many Extensions in the official Google Extension library are infected.  Are we sure this isn't a false warning.

    And no we're not using the Free Tool - Sophos Endpoint w/ Intercept and Central.

     

    Found this thread via Google search.  Need some answers from Sophos!

     

    The folder/files go away easy enough when you remove the extension in Chrome (Settings --> Extensions) but it's a pain for an overworked admin to respond to all these dang warnings!

Reply
  • 0 in reply to QC

    This SpiGot after.js seems to be an epidemic as users upgrade to the new Chrome v69.x.  Hard to believe so many Extensions in the official Google Extension library are infected.  Are we sure this isn't a false warning.

    And no we're not using the Free Tool - Sophos Endpoint w/ Intercept and Central.

     

    Found this thread via Google search.  Need some answers from Sophos!

     

    The folder/files go away easy enough when you remove the extension in Chrome (Settings --> Extensions) but it's a pain for an overworked admin to respond to all these dang warnings!

Children
No Data
Unfiltered HTML