Virustotal reports m1/2 trezor suite as Trojan.OSX.Ddos. Is this a false positive or is the suite infected?


Before running anything I usually check with virustotal, a web app that scans what you upload to it with multiple antiviruses at the same time.

One of the antiviruses reported the latest m1/m2 trezor suite as Trojan.OSX.Ddos. At first I was thinking that it’s due to Tor being integrated in the solution but I tried another wallet software that is a direct competitor of Trezor (and also uses Tor in the client) and no viruses reported there.

Is this a false positive or the suite distributed on trezor website for m1/m2 is infected?

If a false positive, hypothetically, what happens if you use an infected suite with your trezor?


Hi @lllll,

First, please confirm you downloaded the installation file from our official website (Trezor Suite App (Official) | Desktop & Web Crypto Management). If so, then you have legit Trezor Suite and there is no virus/malware there. As you mentioned this is most likely this is caused by the TOR feature (which is bundled in Trezor Suite). You can give an exception to the Trezor Suite, it is not infected.

Just to understand correctly: what would the outcome be if Trezor interacts with corrupted suite?

Hi @Sirtoby,

Trezor Suite downloaded from our official website is not corrupted. Anyway, even if you connect your Trezor to the fake Trezor Suite app, nothing can happen as all private keys are always stored offline in the Trezor device and never leave it.

A fake Trezor Suite app would probably ask you to enter a recovery seed because it would be a phishing app. Remember that the recovery seed must remain offline and should never be shared with anyone!