Google Chrome labeled Nmap project as malware

Because of an analysis error, Google Chrome’s Secure Browsing Service has labeled the popular Network Mapper (Nmap) project as a potential “security threat”. This is another example of misidentification of legitimate tools, triggering false malware alerts, phishing, among other cybersecurity risks.

As you may remember, Nmap is an open source scanner for network analysis widely used by the ethical hacking community. A few days ago, Nmap developers mentioned that Chrome had tagged an earlier version of the “Ncat” software, blocking its entire directory, which included Nmap.

Days earlier, Chrome also blocked the project source code files, identifying it as malware. Gordon Lyon, Nmap’s lead developer, said: “Google wields power so immense that its practices become careless, especially since it considers our website to be ‘dangerous’ when it comes to a company error.”

The team behind Nmap faced a great disjunction, because although submitting a report to Google was the obvious method to solve this problem, its implementation could take much longer than necessary, making it difficult for project users to work. Lyon concluded that there were two workarounds: deleting a file in Nmap, or trying to convince Google that its security system made a mistake. Eventually the developer simply downloaded his frustration on Twitter, where a member of Google’s security team encountered the error.

Although it seemed that the discussion was escalating to a personal level, a couple of hours later the flaw had been corrected by Google. The company did not add further details about it.

This is an error that Google’s automatic security tools have frequently made: “In its routine security analysis work, Google’s algorithm can have a negative impact on tools developed by independent researchers,” says youtuber St.k, a cybersecurity specialist who has also been affected by similar errors. The researcher also mentions that avoiding the use of some words or phrases can reduce the chances of experiencing this flaw, although the effectiveness of this solution will always depend on Google’s current policies.

On previous occasions Chrome has incorrectly identified other legitimate applications such as PortSwigger Web Security’s Burp Suite. Kieron Hughes, director of PortSwigger, says: “We have a performance monitoring process, which allows us to take the necessary steps to correct these errors when they are filed, automatically reporting them to Google.”