{"id":24587,"date":"2024-05-30T09:10:10","date_gmt":"2024-05-30T17:10:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/05\/30\/news-18317\/"},"modified":"2024-05-30T09:10:10","modified_gmt":"2024-05-30T17:10:10","slug":"news-18317","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/05\/30\/news-18317\/","title":{"rendered":"Beware of scammers impersonating Malwarebytes"},"content":{"rendered":"\n<p>Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it <a href=\"https:\/\/www.trellix.com\/blogs\/research\/a-catalog-of-hazardous-av-sites-a-tale-of-malware-hosting\/\">came to our attention<\/a> that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand.<\/p>\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1429\" height=\"632\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/malware-hosting-3.jpg?w=1024\" alt=\"Very convincing fake Malwarebytes site at malwarebytes.pro\" class=\"wp-image-111231\" \/><figcaption class=\"wp-element-caption\">Image courtesy of Trellix<\/figcaption><\/figure>\n<p>The download from the fake website was an information stealer with a filename that resembled that of the actual Malwarebytes installer.<\/p>\n<p>Besides some common system information, this stealer goes after:<\/p>\n<ul>\n<li>Account tokens<\/li>\n<li>Steam tokens<\/li>\n<li>Saved card details<\/li>\n<li>System profiles<\/li>\n<li>Telegram logins<\/li>\n<li>List of running process names<\/li>\n<li>Installed browser lists and their version<\/li>\n<li>Credentials from the browser &#8220;User Data&#8221; folder, Local DB an autofill<\/li>\n<li>Cookies from the browser<\/li>\n<li>List of folders on the C drive<\/li>\n<\/ul>\n<p>This is just one scam, but there are always others using our name to target people. We regularly see <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2017\/04\/do-i-have-malwarebytes-or-a-tech-support-scam\">tech support scammers pretending to be Malwarebytes<\/a> to defraud their victims.<\/p>\n<p>Some scammers sell\u2014sometimes illegal\u2014copies of Malwarebytes for prices that are boldly exaggerated.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"879\" height=\"403\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/overpriced.png\" alt=\"scammer selling overpriced copy of Malwarebytes\" class=\"wp-image-111237\" \/><\/figure>\n<p>Others will try and <a href=\"https:\/\/www.malwarebytes.com\/phishing\">phish<\/a> you by sending you a confirmation mail of your subscription to Malwarebytes.<\/p>\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img decoding=\"async\" loading=\"lazy\" width=\"871\" height=\"684\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/order_confirmation.png\" alt=\"phisihng mail saying it's an Order confirmation\" class=\"wp-image-111238\" style=\"width:700px\" \/><\/figure>\n<p>And sometimes when you search for Malwarebytes you will find imposters in between legitimate re-sellers. Some even use our logo.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"617\" height=\"142\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/search_result_malwarebytes_premium.png\" alt=\"search result for Malwarebytes Premium pointing to an imposter site\" class=\"wp-image-111240\" \/><\/figure>\n<p>In this case, Google warned us that there was danger up ahead.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"717\" height=\"358\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/fake_website2.png\" alt=\"Google warning for malwarebytes-premium.net\" class=\"wp-image-111241\" \/><\/figure>\n<p>The site itself was not as convincing as the advert, and some poking around in the source code told us the website was likely built by a Russian speaking individual.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"513\" height=\"143\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/origin.png\" alt=\"source code including Russian error prompt\" class=\"wp-image-111242\" \/><\/figure>\n<h2 class=\"wp-block-heading\">How to avoid brand scams<\/h2>\n<p>It&#8217;s easy to see how people can fall for fake brand notices. Here are some things that can help you avoid scams that use our name:<\/p>\n<ul>\n<li>Download software directly from our sites if you are not sure of the legitimacy of the ones offered to you.<\/li>\n<li>Check that any emails that appear to come from Malwarebytes are sent from a\u00a0<a href=\"http:\/\/malwarebytes.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">malwarebytes.com<\/a> address.<\/li>\n<li>If you have any questions or doubts as to the legitimacy of something, you can <a href=\"https:\/\/support.malwarebytes.com\/hc\/en-us\/p\/contact_support\">contact our Support team<\/a>.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/05\/beware-of-scammers-impersonating-malwarebytes\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Scammers and other cybercriminals love to use our name to defraud their victims. Here&#8217;s what to look out for. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11539,10560,32,10574],"class_list":["post-24587","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-fake","tag-malwarebytes","tag-news","tag-scams"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24587"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24587\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}