tools.build:gradle:2.3.1 infected with HEUR:Trojan.AndroidOS.Boogr.gsh

Asked 20/4, 2017 at 15:52 Answered 23/4, 2017 at 13:50

Since today when we build an App with latest Version of Android Studio and enabled instant run, Kaspersky starts to reporting us that something tries to inject HEUR:Trojan.AndroidOS.Boogr.gsh in our classes.dex. After some research i found out that this starts happening when we are using com.android.tools.build:gradle:2.3.1 instead of 2.3.0 ! I tested it on a completely new mac book. Just Download Android Studio created an empty Project with installed Kaspersky with the latest updates and got the Alert from Kaspersky. Could anybody check if that also is happening for him? Also with an old project which is using the 2.3.1 since some weeks, this is not happening i think cause of an cached version of 2.3.1. Maybe somebody has changed something in the 2.3.1 in the meanwhile.

Erstwhile answered 20/4, 2017 at 15:52 Comment(1)

Are you still seeing this? Can you file a bug report here: issuetracker.google.com/issues/…. – Imparity 30/4, 2017 at 0:59

I am actually experiencing the same issue.

Temporary solution is to desable instunt run or to downgrade gradle to 2.3.0.

For me it only happens with app in development. When you build release version, everything works fine.

UPD (April, 22) The problem is gone for me. Used the same pc with the same settings with gradle 2.3.1 and instant run enabled - everything works fine.

Talipes answered 20/4, 2017 at 17:41 Comment(5)

I know that everything is working fine when we disable instant run or going back to 2.3.0 but i really want to make sure that there is no virus in the current android build pipeline or on our company maschines. – Erstwhile 20/4, 2017 at 19:25

Not a virus on your company machines. Having the same report since today, MacBook Pro with Kaspersky. – Countryman 21/4, 2017 at 6:54

I have tried to reproduce on my mac book pro as well as on Windows with no luck. Could your provide more information on how to reproduce it, which dependencies you are bringing in ? Can you repro when building a newly created project from a template ? – Piggott 21/4, 2017 at 19:42

@JeromeDochez for a couple of days i had this issue. Tried to build it today - everything is back to normal (same pc with same settings and development environment). Thank you for your concern! – Talipes 22/4, 2017 at 12:10

Glad to hear that the issue has resolved itself. Further updates will be provided on the bug : buganizer.corp.google.com/issues/37536603 – Piggott 24/4, 2017 at 16:47

We are looking into it right now.

Piggott answered 21/4, 2017 at 17:7 Comment(1)

Hey Jerome, this is more of a comment. Do you mind putting more of an official answer? Maybe add this to the android bug tracker? – Imparity 22/4, 2017 at 16:16

I experienced the same issue last night when I downloaded Android Studio to a Windows 7 computer and ran the example App "Hello World" using Instant Run through a USB to a Samsung Galaxy Core Prime mobile phone. I'm trying to find out if it is the phone trying to infect the computer through Android Studio or Android Studio trying to infect the phone. I've kept text files of the Kaspersky virus scan reports if you need more details.

The App ran on the phone as expected but as soon as it displayed "Hello World" Kaspersky detected the Trojan HEUR.Trojan.AndroidOS.Boogr.gsh. Kaspersky failed to disinfect the file and then deleted it. I ran the App again and again Kaspersky detected and deleted it. I then carried out a full scan and it reported several references to the Trojan in the downloaded Android files on the computer. Kaspersky cleared these and a third scan reports no infection.

I've run another program (Processing Android) many times in the last week using the same computer phone connection and Kaspersky has not reported a problem.

Reluctance answered 20/4, 2017 at 23:14 Comment(1)

I cannot reproduce the issue. This is what I did on Windows 10 - Install Kapersky Total Security - Install Android Studio 2.3.1 - Create a new project with defaults. - build/run the project on Emulator N. - make couple of code changes doing a hot swap. Kapersky did not complain about the dex files. I need more info to reproduce this. Is this happening on every project ? can you try creating a new project and see if you can repro there ? – Piggott 21/4, 2017 at 17:55

The problem I had was a virus message from Kaspersky whenever I ran a newly comoiled "Hello World" from Android Studio, Using Kaspersky to erase the virus didn't remove the problem.

I raised the issue with Kaspersky who were uncertain if it was a genuine virus or because the default sensitivity I was using is the highest sensitivity for the Kaspersky software. They said they might raise it within their software team and possibly with the Android Studio team.

Next day (in Australia) I downloaded and installed a new copy of Android Studio having first factory reset my phone, used Kaspersky to once again clean the two suspect virus components and then removed every Android Studio software component from the computer. Subsequent total system virus checks and running of Android Studio did not produce the problem again.

Don't know whether Kaspersky and/or Android fixed the problem or whether It was an isse with my system and fixed with my cleaning.

Netherlands answered 23/4, 2017 at 13:50 Comment(0)

Recommended topics

Hot tags