Misspelled Malwarebytes isn’t the real deal. It’s ransomware!

Spelling does have a purpose: sorting the good software from the bad.

David bisson
David Bisson
@

Misspelled Malwarebytes isn't the real deal. It's ransomware!

A piece of software masquerading as a security product from Malwarebytes is making its rounds on the web and distributing ransomware to unsuspecting users.

This technique isn’t new. Malicious software has been disguising itself as anti-virus solutions since the 1990s.

What’s significant about this particular attack campaign is the crypto-malware behind the mask: DetoxCrypto.

Sign up to our free newsletter.
Security news, advice, and tips.

The ransomware has been making quite a stir since researchers first detected it back in August. Already it has two variants to its name: a “Calipso” iteration that takes a screenshot of the victim’s computer, and a Pokémon GO-themed encrypter.

(To be fair, the latter isn’t the only one of its kind.)

Pokemon ransomware
Source: Bleeping Computer.

But recent developments suggest DetoxCrypto might just be getting started.

Christopher Boyd, a security researcher at Malwarebytes, explains the ransomware could be planning something big for the near future:

“What we’re seeing at the moment is what appears to be a kind of trial run for ransomware distribution. There’s a couple of Detox Ransomware files doing the rounds, and though they’re all broken in terms of functionality and / or download / dropper URLs, it’s still a possible sign of things shortly coming around the corner and worth giving a heads up on.”

That being said, there’s not much for users to worry about for the immediate future.

Take a look at this image taken from the ransomware’s VirusTotal page:

File information

See anything wrong with that entry?

Last time I checked, Malwarebytes isn’t spelled “Malwerbyte.” That should automatically raise a red flag that this product is a fake.

Not only that, but all current versions of “Malwerbyte” that Malwarebytes’ researchers have come across do not encrypt a victim’s files, which means they don’t need to worry about data loss from this ransomware just yet.

Wrong key

But things are fluid in the world of ransomware.

You never know when a malware developer will plug a vulnerability or fix a spelling error in their product.

With that being said, if you are looking to install anti-virus solutions like one of Malwarebytes products, make sure you do so from the vendor’s real website directly. That way you don’t have to worry about any of these middle men potentially pushing malware onto your computer.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.