VirusTotal scan shows positives

The VirusTotal result may show detections from MaxSecure and VBA32:

• MaxSecure: Trojan.Malware.300983.susgen
• VBA32: Downloader.MSIL.gen.rexp

These are generic/heuristic labels, not confirmations of a specific malware family. Songify is an open-source .NET app that:

• checks for updates and may download/update binaries,
• talks to external APIs (Spotify/Twitch),
• writes files for overlays/widgets,
• runs a small local web server,

This is all perfectly normal for our use case, but the exact behavior pattern that “downloader/susgen” heuristics often flag in small open-source projects without broad publisher reputation.

Why this happens

• Heuristics, not signatures: The engines are flagging behavior patterns (network + file IO/updater) rather than a known malicious signature.
• Low reputation binaries: New builds and unsigned apps are more likely to be flagged by smaller engines even when the code is clean.
• No signed binaries: Code signing certificates are unfortunately too expensive for us as an open-source project, so our releases don’t get the extra “trust signal” that signed commercial apps do.

What you can do to verify

1. Download only from our official releases: https://github.com/songify-rocks/Songify/releases
2. Check the hash: We publish SHA-256 checksums; compare them with your download.
3. Build from source: If you prefer, clone the repo and build locally - you’ll get the same binaries.

TL;DR: With 2/66 (from heuristic engines) and an open-source codebase, this looks like a false positive caused by our updater/network behavior - not a trojan. As it is with everything on the internet, though, only download from sources you trust.