Title: Quttera malware
Last modified: August 30, 2020

---

# Quttera malware

 *  Resolved [Andreasd083](https://wordpress.org/support/users/personlighalsa/)
 * (@personlighalsa)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/)
 * Is this a false-positive?
 * FILE: wp-content/plugins/loco-translate/tpl/admin/file/msgcat.php
    FILE_MD5: 
   5de0bfbccf2f4aef93801a75915efe38 SEVERITY: enMaliciousThreatType ENGINE: fscanner
   THREAT_SIG: cb9032d2da89fb3542f57ddc3e549c0a THREAT_NAME: Heur.PHP.iframe.gen.
   38 THREAT: preg_replace(‘/[-a-z]+/’, ‘_\\0</e… DETAILS: Detected malicious iframe
   injection
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fquttera-malware%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13334843)
 * Is this issue reproduced using a “heuristic – high sensitivity” scan?
 * Thank you.
 *  Thread Starter [Andreasd083](https://wordpress.org/support/users/personlighalsa/)
 * (@personlighalsa)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13335445)
 * This is from the Internal Scanner – High Sensitivity.
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13335659)
 * Thank you for provided information, yes this is FP, we already fixed the detection
   and will release new definitions database shortly.
 * Thank you for pointing this out.
 *  Plugin Author [Tim W](https://wordpress.org/support/users/timwhitlock/)
 * (@timwhitlock)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13337641)
 * I can confirm that the file hash is correct as of v2.4.3 and that my plugin does
   not contain malware. The so-called threat is a harmless regular expression that
   generates a clickable link and has nothing to do with iframes. This plugin does
   not use iframes.
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13337685)
 * Hi [@timwhitlock](https://wordpress.org/support/users/timwhitlock/), you absolutely
   right, we had some incorrectness in one of the detection rules which lead to 
   this FP.
 * The issue had been fixed in the lastly released definitions database.
 * BR
    Quttera Team.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Quttera malware’ is closed to new replies.

 * ![](https://ps.w.org/loco-translate/assets/icon-256x256.png?rev=1000676)
 * [Loco Translate](https://wordpress.org/plugins/loco-translate/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/loco-translate/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/loco-translate/)
 * [Active Topics](https://wordpress.org/support/plugin/loco-translate/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/loco-translate/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/loco-translate/reviews/)

 * 5 replies
 * 3 participants
 * Last reply from: [quttera](https://wordpress.org/support/users/quttera/)
 * Last activity: [5 years, 9 months ago](https://wordpress.org/support/topic/quttera-malware/#post-13337685)
 * Status: resolved