THE ‘ANTI-VIRUS’ SOFTWARE THAT ACTUALLY HACKS YOU
What’s the threat?
A fake version of Malwarebytes that’s actually ransomware. This tactic isn’t new – hackers have been disguising malware as antivirus products since the 1990s. But it’s the first time it has been used to infect computers with the Detoxcrypto ransomware.
First detected in August, Detoxcrypto gained notoriety for displaying a photo of a Pokémon Go character in the desktop pop-up message that tells victims that their files have been locked (as captured in this Youtube video: www.snipca.com/21887).
When it locks a PC, it takes a screenshot and uploads it to the hacker, who may increase the asking price of the ransom if the image contains information that they can use to blackmail the victim. Nasty.
What should you do?
Make sure you know the correct spelling of ‘Malwarebytes’. As the screenshot shows, the hackers think it’s spelt ‘Malwerbyte’. As with scam emails, sub-standard spelling in fake antivirus programs is a dead giveaway that it’s not legitimate. Don’t click any links to this version - instead download Malwarebytes from the official site only: www. malwarebytes.com.
If you do accidentally download the malware, don’t panic. Researchers at the real Malwarebytes say that the imposter doesn’t actually encrypt your files, despite its dramatic claim: “you can only unlock your files by buying this key from us – there is no other way to save or unlock your files”. This could be down to a flaw in the malware, or the hackers may simply be trying to scare people into instantly paying the ransom.
But ransomware is such big business that hackers are quick to fix errors like these. Malwarebytes thinks that these attacks could be a “trial run” for a more widespread ransomware campaign using Detoxcrypto (presumably with better spelling). Should that arrive, we’ll tell you how to stay safe.