Weird connection

[Baarsik]

Why is qBitTorrent making a strange connection on startup? My antivirus detected and blocked this action. Here is the log:

-Website Information-
Category: Trojan horse
Domain:
IP address: 202.164.139.181
Port: 61013
Type: Outgoing traffic
File: C: \ Program Files \ qBittorrent \ qbittorrent.exe

[busthead]

My qBittorrent has also been exhibiting strange behavior.

v4.3.2 and v4.3.3 (at least) may be vulnerable to malicious injection or compromised from the source (unlikely?).

The IP address you provided appears to redirect to 181.139.164.202 which is a dynamically assigned address is Columbia, likely a compromised user system that is part of a bot/command and control net.

May I ask what AV solution detected the trojan horse?

If possible can you please run 'fciv -md5 qbittorrent.exe' at a command line without the quotes and post the output here?

[Nemo]

In my years of torrenting (since the beginning..) I've probably connected to millions of people worldwide.. Your antivirus is acting weird thats the issue. Or prove it otherwise.

[busthead]

The absence of evidence is not evidence of absence.

It's likely @Baarsik anti-malware software functioning as it should and that a particular torrent, within qBittorrent, is the source of the malicious activity, not qBittorrent itself.

[Peter]

What kind of AV software y'all are running?
I've been using Defender / ESET NOD / Avast but have never seen such messages... oO

[busthead]

Host antimalware is Malwarebytes and network IPS is Sophos. Both detected malicious connections from qBt.