Some security scanners — including antivirus software, web application firewalls, and malware scanners — may flag Akeeba Backup or its files as malicious. These are false positives. Akeeba Backup is not malware.
The most common reasons security scanners trigger on Akeeba Backup are:
Use of base64_decode and unpack. Akeeba Backup uses these standard PHP functions to handle binary backup data. Malware sometimes abuses these same functions, which causes simplistic pattern-matching scanners to flag them regardless of context or intent.
The kickstart.txt file. The Site Transfer Wizard includes a copy of the Kickstart extraction script stored internally as kickstart.txt. This file is a PHP script deliberately renamed with a .txt extension to make it inactive until it is deployed to the target server. Some scanners flag PHP code inside a .txt file as suspicious.
If your security scanner flags Akeeba Backup you can safely add an exception for the Akeeba Backup component directory (administrator/components/com_akeebabackup/). The source code of Akeeba Backup is publicly available; you are welcome to review it. If you believe you have found genuinely malicious code please contact us through our site before making any public claims so we can investigate.