A ransomware piece, disguised as a Malwarebytes security product, is raging out on the web and targeting users.
The tactic of a malware posing as anti-virus programs to fool users into downloading and installing it isn’t new at all. In fact, is has been around since the 90s.
The malware in this particular distribution campaign is the DetoxCrypto ransomware, which was first detected in August this year. It comes in two different versions – the Pokemon Go-based encrypter and the Calipso variant, which takes a screenshot of the victims` PCs.
Now, the latest DetoxCrypto developments may mean that the ransomware is gearing up for series of attacks.
The Malwarebytes security researchers, Christopher Boyd, explains that there is a chance the ransomware is preparing for something big in the near future.
“What we’re seeing at the moment is what appears to be a kind of trial run for ransomware distribution. There’re a couple of Detox Ransomware files doing the rounds, and though they’re all broken in terms of functionality and / or download / dropper URLs, it’s still a possible sign of things shortly coming around the corner and worth giving a heads up on.” – says Boyd.
This is a picture taken from the ransomware’s VirusTotal page:
As you can see, the name is misspelled as “Maswerbyte” and, seeing it, users should immediately recognize that is not the security product they want. Moreover, the Malwarebytes` researchers have discovered more of this “Malwerbyte” fake versions and none of them are actually able to encrypt victims` data.
Whit that said, at least for now, users don’t have to worry about data loss from this ransomware. However, we shouldn’t forget that things could always turn around and, if they do, we may not notice. We could never predict when or if a crook will decide to correct a spelling error in their product or plug a vulnerability.
That`s why, when looking for an anti-virus program, always make sure to download it from the official website and not from some third-party shady looking page.