diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dab32d8fd..3a62535e6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -410,6 +410,28 @@ jobs:
           rm -v release/._ArduinoCreateAgent*.dmg
           mv -v ArduinoCreateAgent-windows*/* release/
 
+      - name: VirusTotal Scan
+        id: virustotal_step
+        uses: crazy-max/ghaction-virustotal@v2
+        with:
+          vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}
+          update_release_body: false # `true` won't work becasue trigger type is not release
+          files: |
+            release/*.exe
+            arduino-create-agent-windows-2019-386/arduino-create-agent.exe
+            arduino-create-agent-windows-2019-amd64/arduino-create-agent.exe
+
+      - name: Organize release body message #use sed to clean and format the output markdown style
+        id: release_body
+        run: |
+          vt_title_pre="<details close>\n<summary>VirusTotal analysis 🛡</summary>\n\n"
+          vt_links="$(echo ${{ steps.virustotal_step.outputs.analysis}} | sed 's/release\///g' | sed 's/,/\n/g' | sed 's/^/- [/' | sed 's/=/](/' | sed 's/$/)/')"
+          vt_title_post="\n</details>"
+          vt_title_pre="${vt_title_pre//'\n'/'%0A'}"
+          vt_links="${vt_links//$'\n'/'%0A'}" # replace \n with a special character -> generates a single lines, \n will be reintroduced later
+          vt_title_post="${vt_title_post//'\n'/'%0A'}"
+          echo "::set-output name=RBODY::$vt_title_pre$vt_links$vt_title_post"
+
       - name: Create Github Release
         uses: actions/create-release@v1
         env:
@@ -417,7 +439,7 @@ jobs:
         with:
           tag_name: ${{ github.ref }}
           release_name: ${{ github.ref }}
-          body: ""
+          body: ${{ steps.release_body.outputs.RBODY}}
           draft: false
           prerelease: ${{ steps.prerelease.outputs.IS_PRE }}