Need Supporting Documentation for CyberSecurity (Security Concerns with CCA)

[its-robinhood]

Describe the bug
Not necessarily a bug but we have security concerns here with CCA. I am corporate IT staff working with a municipality in Canada. Our security team has scanned the requested software and the verdict came back as highly suspicious as it detected possible Envyscout malware (in the main executable) used by the APT29 group by patterns already used in the past. Please see screenshot attached.

Perhaps anyone can confirm that this is a false positive provide us some supporting documents ?

Desktop (please complete the following information):

• OS: [e.g. Windows 10 32 bits]
• Version [e.g. 1.0.0]

To Reproduce
Steps to reproduce the behavior: Complete virus scan and provide submission report

Expected behavior
Clear virus scan and reporting no suspicious components - or supporting documentation for false positives.

Screenshots
Please see screenshot with the details of the findings.

Additional context
IT teams looking to roll out the tool for staff members but there is a security concern that's preventing approval.

[ferllings]

It's probably a false positive due to the electron framework nature. I tested with virus total:
https://www.virustotal.com/gui/file/f966de78ccf6f32d7282a183f06738715f77b6dbe1037d965febae295a0ebce7

Btw I would also recommend to upgrade to 3.5.4

[its-robinhood]

It's probably a false positive due to the electron framework nature. I tested with virus total: https://www.virustotal.com/gui/file/f966de78ccf6f32d7282a183f06738715f77b6dbe1037d965febae295a0ebce7

Btw I would also recommend to upgrade to 3.5.4

Thanks for your help ferllings

[its-robinhood]

@ferllings Update from Cyber: rescanned the updated version of the CCA tool on our primary tool and it still seems to be highly suspicious. scanned it on another tool Hybrid analysis and it came back as malicious - However the detected malware from this scan appears to be an exploit for android devices.

The app also appears to send/receive data through the Internet but unable to find what this data is (assuming it looks for updates or device information). not confident in this app based on the detected yara rule found on the primary scan.