Microsoft patches a bug in Defender that incorrectly identifies apps as Hive ransomware payloads.
Last weekend, Windows users ran into a bug in Defender. The antivirus solution identified Electron and Chromium workloads as threats.
Several users learned that their PCs were infected with Win32/Hive.ZY malware. The alerts were worrying. Hundreds of users sought help on social media and forums.
Windows Defender claimed that the threats were quarantined. After about two minutes, the message reappeared. The warnings caused confusion. Multiple users checked the alerts with third-party tools, including Malwarebytes.
The alerts were triggered by popular apps such as Slack, Chrome, Edge, Discord and Spotify. Launching an affected application triggered the warning. Defender claimed that the threat was resolved by uninstalling the application. In reality, the applications were unaffected and the alerts kept coming in.
Users discovered that the bug was caused by a Defender update from Sunday, September 4. Over the course of the day, Microsoft released four updates. The tech giant eventually fixed the bug with version 1.373.1537.0, about 12 hours after the issue first appeared. Windows users are advised to update to 1.373.1537.0 or a later version.
Tip: ‘Ransomware group Hive hits telecom giant Altice’