This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA detected: 'SpiGot'

Hi

We have received multiple PUA's on 100 to 150 machines. The detected files are basically java script examples : after.js and background.js

please find the example : PUA detected: 'SpiGot' at 'C:\Users\k113899\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbpcfgdgiemlcaggjhjcinhblflmgdlj\2.2_0\after.js'

 

These detection's came in off business hours and today we might see more users with the same alert. 

 

So my question is did this alert triggered from Sophos end ?

 



This thread was automatically locked due to age.
Parents
  • Hello Amit Thakur,

    with 100 to 150 machines you're likely not referring to a Free Tool, aren't you?

    Anyway, you can see from the analysis that the detection has been updated on September 29th, it could be gung-ho or it could be right. The path suggests it's loaded as extension in Chrome. As it's classified as Potentially Unwanted Application it's up to you to decide whether it's actually unwanted or not.

    Christian

  • This SpiGot after.js seems to be an epidemic as users upgrade to the new Chrome v69.x.  Hard to believe so many Extensions in the official Google Extension library are infected.  Are we sure this isn't a false warning.

    And no we're not using the Free Tool - Sophos Endpoint w/ Intercept and Central.

     

    Found this thread via Google search.  Need some answers from Sophos!

     

    The folder/files go away easy enough when you remove the extension in Chrome (Settings --> Extensions) but it's a pain for an overworked admin to respond to all these dang warnings!

Reply
  • This SpiGot after.js seems to be an epidemic as users upgrade to the new Chrome v69.x.  Hard to believe so many Extensions in the official Google Extension library are infected.  Are we sure this isn't a false warning.

    And no we're not using the Free Tool - Sophos Endpoint w/ Intercept and Central.

     

    Found this thread via Google search.  Need some answers from Sophos!

     

    The folder/files go away easy enough when you remove the extension in Chrome (Settings --> Extensions) but it's a pain for an overworked admin to respond to all these dang warnings!

Children
No Data