Malware, Security Strategy, Plan, Budget

DetoxCrypto ransomware imitates Malwarebytes software

Malwarebytes is warning users of a trail run of a variant of DetoxCrypto ransomware that is imitating the security vendor's software.

Researchers said there are a couple files of the ransomware going around although they are all broken in terms of functionality, download ability, and dropper URL, although there is no doubt that a fully functional version will appear in the near future, according to a Sept. 16 blog post.

It was also noted that the sample doesn't encrypt files which further suggests it may be a trial run or just a poorly coded malware, researchers said. The imitation file contains a type and misspells the firm's name as “Malwerbyte” which makes it easy to spot out as a fake.

Although the saying goes that imitation is the sincerest form of flattery, Malwarebytes Lead Malware Intelligence Analyst Jerome Segura told SCMagazine.com that users should stay miles away from this piece of malware.

“Malware authors will often taunt security companies with hidden messages in their code, or also try to social engineer users by featuring the same company logo or name,” Segura said. “Fortunately, threat actors are not always very good with spelling, as was the case here, so that's something that should immediately raise a red flag, not to mention the fact that the malware file was not digitally signed.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds