Virustotal reports m1/2 trezor suite as Trojan.OSX.Ddos. Is this a false positive or is the suite infected?


Before running anything I usually check with virustotal, a web app that scans what you upload to it with multiple antiviruses at the same time.

One of the antiviruses reported the latest m1/m2 trezor suite as Trojan.OSX.Ddos. At first I was thinking that it’s due to Tor being integrated in the solution but I tried another wallet software that is a direct competitor of Trezor (and also uses Tor in the client) and no viruses reported there.

Is this a false positive or the suite distributed on trezor website for m1/m2 is infected?

If a false positive, hypothetically, what happens if you use an infected suite with your trezor?


Hi @lllll,

First, please confirm you downloaded the installation file from our official website (Trezor Suite App (Official) | Desktop & Web Crypto Management). If so, then you have legit Trezor Suite and there is no virus/malware there. As you mentioned this is most likely this is caused by the TOR feature (which is bundled in Trezor Suite). You can give an exception to the Trezor Suite, it is not infected.