DetoxCrypto ransomware imitates Malwarebytes software

It was also noted that the sample doesn’t encrypt files which further suggests it is a trial run or just a poorly coded malware.
It was also noted that the sample doesn’t encrypt files which further suggests it is a trial run or just a poorly coded malware.

Malwarebytes is warning users of a trail run of a variant of DetoxCrypto ransomware that is imitating the security vendor's software.

Researchers said there are a couple files of the ransomware going around although they are all broken in terms of functionality, download ability, and dropper URL, although there is no doubt that a fully functional version will appear in the near future, according to a Sept. 16 blog post.

It was also noted that the sample doesn't encrypt files which further suggests it may be a trial run or just a poorly coded malware, researchers said. The imitation file contains a type and misspells the firm's name as “Malwerbyte” which makes it easy to spot out as a fake.

Although the saying goes that imitation is the sincerest form of flattery, Malwarebytes Lead Malware Intelligence Analyst Jerome Segura told SCMagazine.com that users should stay miles away from this piece of malware.

“Malware authors will often taunt security companies with hidden messages in their code, or also try to social engineer users by featuring the same company logo or name,” Segura said. “Fortunately, threat actors are not always very good with spelling, as was the case here, so that's something that should immediately raise a red flag, not to mention the fact that the malware file was not digitally signed.”

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS