I suspect this is likely a false positive (based on this historical post), however, speaking with Zendesk support via their live chat on our merchants account has not lead to any further answers as to if the current flagging of Card Stealer on the web-widget-chat-sdk-a0370fe.js is an issue or not.
We have been told to report this with Avast, however, we're not at liberty to say whether the file in question is compromised or not, this is why we've raised it to Zendesk.
