Bank robbers 2.0: digital thievery and stolen cryptocoins

Bank robbers 2.0: digital thievery and stolen cryptocoins

Bank robbers 2.0: digital thievery and stolen cryptocoins

Posted: February 9, 2018 by 

Imagine running down the street (and away from law enforcement) with 2,000 pounds of gold bars. Or 1,450 pounds in $100 bills. With both of these physical currencies amounting to roughly US$64 million, you’d be making quite a steal…if you could get away with it.

That’s exactly what the next generation of thieves—bank robbers 2.0—did in December 2017, when they stole more than $60 million in Bitcoin* from the mining marketplace NiceHash. It turns out stealing Bitcoin is a lot less taxing on the body.

*Disclaimer: I used the value of Bitcoins as they were at the time of the robbery. Current values are volatile and change from minute to minute.

Crime these days has gotten a technical upgrade. By going digital, crooks are better able to pull off high-stakes sting operations, using the anonymity of the Internet as their weapon of choice. And their target? Cryptocurrency.

Old-school bank robbers

The amount of money stolen from NiceHash is comparable to arguably the biggest physical heist to date, the theft of nearly $70 million from a Brazilian bank in 2005. Noted in the Guinness Book of World Records, the robbers managed to get away with 7,716 pounds of 50 Brazilian real notes. There were 25 people involved—including experts in mathematics, engineering, and excavation—who fronted a landscaping company near the bank, dug a 78-meter (256-foot) tunnel underneath it, and broke through 1 meter (about 3.5 feet) of steel-reinforced concrete to enter the bank vault.

The largest bank robbery in the United States, meanwhile, was at the United California Bank in 1972. The details of this bank robbery were described by its mastermind, Amil Dinsio, in the book Inside the Vault. A gang of seven, including an alarm expert, explosives expert, and burglary tool designer, broke into the bank’s safe deposit vault and made off with cash and valuables with an estimated value of $30 million US dollars.

What these robberies have in common is that, in order to pull them off, there were large groups of criminals involved with various special skills. Most of the criminals of these robberies were either caught or betrayed—physical theft leaves physical traces behind. Today’s physical robbers run the risk of getting hurt or hurting others, or leaving behind prints or DNA. And they are often tasked with moving large amounts of money or merchandise without being seen.

heavy loot

Bank robbers 2.0

So here comes the bank robbers 2.0. They don’t have to worry about transporting stolen goods, fleeing the crime scene, digging or blowing things up. They are in no—immediate—physical danger. And if they’re smart enough, they work alone or remain anonymous, even to their accessories. Their digital thievery has been proven successful through several methods used to obfuscate their identity, location, and criminal master plan.

Social engineering

One of the most spectacular digital crimes targeted 100 banks and financial institutions in 30 nations with a months-long prolonged attack in 2013, reportedly netting the criminals involved over $300 million. The group responsible for this used social engineering to install malicious programs on bank employees’ systems.

The robbers were looking for employees responsible for bank transfers or ATM remote control. By doing so, they were able to mimic the actions required to transfer money to accounts they controlled without alerting the bank that anything unusual was going on. For example, they were able to show more money on a balance than was actually in the account. An account with $10,000 could be altered to show $100,000 so that hackers could transfer $90,000 to their own accounts without anyone noticing anything.

The alleged group behind this attack, the Carbanak Group, have not yet been apprehended, and variants of their malware are still active in the wild.

Ponzi schemes

Bitcoin Savings & Trust (BST), a large Bitcoin investment firm that was later proved to be a pyramid scheme, offered 7 percent interest per week to investors who parked their Bitcoins there. When the virtual hedge fund shut down in 2012, most of its investors were not refunded. At the time of its closing, BST was sitting on 500,000 BTC, worth an estimated $5.6 million. Its founder, an e-currency banker who went by the pseudonym pirateat40, only paid back a small sum to some beneficiaries before going into default. It was later learned that he misappropriated nearly $150,000 of his clients’ money on “rent, car-related expenses, utilities, retail purchases, casinos, and meals.”

Hacking

Even though details are still unclear, the NiceHash hack was reported as a security breach related to the website of the popular mining marketplace. Roughly 4,732 coins were transferred away from internal NiceHash Bitcoin addresses to a single Bitcoin address controlled by an unknown party. The hackers appear to have entered the NiceHash system using the credentials of one of the company’s engineers. As it stands now, it is unknown how they acquired those, although it’s whispered to be an inside job.

Stolen wallet keys

In September 2011, the MtGox hot wallet private keys were stolen in a case of a simple copied wallet.dat file. This gave the hacker access to not only a sizable number of Bitcoins immediately, but also the ability to redirect the incoming trickle of Bitcoins deposited to any of the addresses contained in the file. This went on for a few years until the theft was discovered in 2014. The damages by then were estimated at $450 million. A suspect was arrested in 2017.

Transaction malleability

When a Bitcoin transaction is made, the account sending the money digitally signs the important information, including the amount of Bitcoin being sent, who it’s coming from, and where it’s going. A transaction ID, a unique name for that transaction, is then generated from that information. But some of the data used to generate the transaction ID comes from the unsigned, insecure part of the transaction.As a result, it’s possible to alter the transaction ID without needing the sender’s permission. This vulnerability in the Bitcoin protocol became known as “transaction malleability.”

Transaction malleability was a hot topic in 2014, as researchers saw how easily criminals could exploit it. For example, a thief could claim that his transactions didn’t show up under the expected ID (because he had edited it), and complain that the transaction had failed. The system would then automatically retry, initiating a second transaction and sending out more Bitcoins.

Silk Road 2.0 blamed this bug for the theft of $2.6 million in Bitcoins in 2014, but it was never proven to be true.

Man-in-the-middle (by design)

In 2018, a Tor proxy was found stealing Bitcoin from both ransomware authors and victims alike. A Tor proxy service is a website that allows users to access .onion domains hosted on the Tor network without having to install the Tor browser. As Tor proxy servers have a man-in-the-middle (MitM) function by design, the thieves were able to replace the Bitcoin address that victims were paying ransom to and insert their own. This left the ransomware authors unpaid, which in turn left the victims without their decryption key.

Cryptojacking

Also known as drive-by mining, cryptojacking is a next-generation, stealthy robbing trick that covers all mining activities completed on third-party systems without the users’ consent. Stealing little amounts from many can amount to large sums. There are so many methods to achieve this that Malwarebytes’ own Jérôme Segura published a whitepaper about it.

Unlike drive-by downloads that push malware, drive-by mining focuses on utilizing the processing power of visitors’ computers to mine cryptocurrency, especially those that were designed to accommodate non-specialized processors. Miners of this kind come to us in advertisements, bundlers, browser extensions, and Trojans. The revenues are hard to guess, but given the number of blocks Malwarebytes records on Coinhive and similar sites daily, criminal profit margins could be potentially record-breaking.

Physical stealing of digital currency

This last one brings us full circle, as someone actually managed to steal Bitcoins the old-fashioned way. In January 2018, three armed men attempted to rob a Bitcoin exchange in Canada, but failed miserably as a hidden employee managed to call the police. However, others have had more success. The Manhattan District attorney is looking for the accomplice of a man that robbed his friend of $1.8 million in Ether at gunpoint. Apparently this “friend” got hold of the physical wallet and forced the victim to surrender the key needed to transfer the cryptocurrency into his own account.

Summary

As we can conclude from the examples above, there are many ways for cybercriminals to get rich quick. With a lot less risk of physical harm and even less hard labor, they can score larger amounts for less risk than the old-fashioned bank robbers. The only pitfall to robbing digital currency is how to turn it into fiat money without raising a lot of suspicion or losing a big chunk to launderers.

While the diminished use of violence is reassuring, it’s still beneficial to think about how we can avoid becoming a victim. Much of it has to do with putting too much trust in the wrong people. We are dealing with a very young industry that doesn’t have a lot of established names. So how can you avoid getting hurt by these modern thieves? Here are a few tips:

  • Don’t put all your eggs in one basket.
  • Use common sense when deciding who to do business with. A little background check into the company and its execs never hurt anyone.
  • Don’t put more money into cryptocurrencies than you can spare.

ABOUT THE AUTHOR


Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Bank robbers 2.0: digital thievery and stolen cryptocoins

 

Internet of Things (IoT) security: what is and what should never be

Internet of Things (IoT) security: what is and what should never be

The Internet has penetrated seemingly all technological advances today, resulting in Internet for ALL THE THINGS. What was once confined to a desktop and a phone jack is now networked and connected in multiple devices, from home heating and cooling systems like the Nest to AI companions such as Alexa. The devices can pass information through the web to anywhere in the world—server farmers, company databases, your own phone. (Exception: that one dead zone in the corner of my living room. If the robots revolt, I’m huddling there.)

This collection of inter-networked devices is what marketing folks refer to as the Internet of Things (IoT). You can’t pass a REI vest-wearing Silicon Valley executive these days without hearing about it. Why? Because the more we send our devices online to do our bidding, the more businesses can monetize them. Why buy a regular fridge when you can spend more on one that tells you when you’re running out of milk?

Internet of Things

Unfortunately (and I’m sure you saw this coming), the more devices we connect to the Internet, the more we introduce the potential for cybercrime. Analyst firm Gartner says that by 2020, there will be more than 26 billion connected devicesexcluding PCs, tablets, and smartphones. Barring an unforeseen Day After Tomorrow–style global catastrophe, this technology is coming. So let’s talk about the inherent risks, shall we?

What’s happening with IoT cybercrime today?

 Both individuals and companies using IoT are vulnerable to breach. But how vulnerable? Can criminals hack your toaster and get access to your entire network? Can they penetrate virtual meetings and procure a company’s proprietary data? Can they spy on your kids, take control of your Jeep, or brick critical medical devices?

So far, the reality has not been far from the hype. Two years ago, a smart refrigerator was hacked and began sending pornographic spam while making ice cubes. Baby monitors have been used to eavesdrop on and even speak to sleeping (or likely not sleeping) children. In October 2016, thousands of security cameras were hacked to create the largest-ever Distributed Denial of Service (DDoS) attack against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, Netflix, and CNN. And in March 2017, Wikileaks disclosed that the CIA has tools for hacking IoT devices, such as Samsung SmartTVs, to remotely record conversations in hotel or conference rooms. How long before those are commandeered for nefarious purposes?

Privacy is also a concern with IoT devices. How much do you want KitchenAid to know about your grocery-shopping habits? What if KitchenAid partners with Amazon and starts advertising to you about which blueberries are on sale this week? What if it automatically orders them for you?

At present, IoT attacks have been relatively scarce in frequency, likely owing to the fact that there isn’t yet huge market penetration for these devices. If just as many homes had Cortanas as have PCs, we’d be seeing plenty more action. With the rapid rise of IoT device popularity, it’s only a matter of time before cybercriminals focus their energy on taking advantage of the myriad of security and privacy loopholes.

Security and privacy issues on the horizon

According to Forrester’s 2018 predictions, IoT security gaps will only grow wider. Researchers believe IoT will likely integrate with the public cloud, introducing even more potential for attack through the accessing of, processing, stealing, and leaking of personal, networked data. In addition, more money-making IoT attacks are being explored, such as cryptocurrency mining or ransomware attacks on point-of-sale machines, medical equipment, or vehicles. Imagine being held up for ransom when trying to drive home from work. “If you want us to start your car, you’ll have to pay us $300.”

It’ll be like a real-life Monopoly game.

Privacy and data-sharing may become even more difficult to manage. For example, how do you best protect children’s data, which is highly regulated and protected according to the Children’s Online Privacy Protection Rule (COPPA), if you’re a maker of smart toys? There are rules about which personally identifiable information can and cannot be captured and transmitted for a reason—because that information can ultimately be intercepted.

Privacy concerns may also broaden to include how to protect personal data from intelligence gathering by domestic and foreign state actors. According to the Director of National Intelligence, Daniel Coats, in his May 2017 testimony at a Senate Select Committee on Intelligence hearing: “In the future, state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks.”

In a nutshell, this could all go far south—fast.

So why are IoT defenses so weak?

Seeing as IoT technology is a runaway train, never going back, it’s important to take a look at what makes these devices so vulnerable. From a technical, infrastructure standpoint:

  • There’s poor or non-existent security built into the device itself. Unlike mobile phones, tablets, and desktop computers, little-to-no protections have been created for these operating systems. Why? Building security into a device can be costly, slow down development, and sometimes stand in the way of a device functioning at its ideal speed and capacity.
  • The device is directly exposed to the web because of poor network segmentation. It can act as a pivot to the internal network, opening up a backdoor to let criminals in.
  • There’s unneeded functionality left in based on generic, often Linux-derivative hardware and software development processes. Translation: Sometimes developers leave behind code or features developed in beta that are no longer relevant. Tsk, tsk. Even my kid picks up his mess when he’s done playing. (No he doesn’t. But HE SHOULD.)
  • Default credentials are often hard coded. That means you can plug in your device and go, without ever creating a unique username and password. Guess how often cyber scumbags type “1-2-3-4-5” and get the password right? (Even Dark Helmet knew not to put this kind of password on his luggage, nevermind his digital assistant.)

From a philosophical point of view, security has simply not been made an imperative in the development of these devices. The swift march of progress moves us along, and developers are now caught up in the tide. In order to reverse course, they’ll need to walk against the current and begin implementing security features—not just quickly but thoroughly—in order to fight off the incoming wave of attacks.

What are some solutions?

Everyone agrees this tech is happening. Many feel that’s a good thing. But no one seems to know enough or want enough to slow down and implement proper security measures. Seems like we should be getting somewhere with IoT security. Somehow we’re neither here nor there. (Okay, enough quoting Soul Asylum.)

Here’s what we think needs to be done to tighten up IoT security.

Government intervention

In order for developers to take security more seriously, action from the government might be required. Government officials can:

  • Work with the cybersecurity and intelligence communities to gather a series of protocols that would make IoT devices safer for consumers and businesses.
  • Develop a committee to review intelligence gathered and select and prioritize protocols in order to craft regulations.
  • Get it passed into law. (Easy peasy lemon squeezy)

Developer action

Developers need to bake security into the product, rather than tacking it on as an afterthought. They should:

  • Have a red team audit the devices prior to commercial release.
  • Force a credential change at the point of setup. (i.e., Devices will not work unless the default credentials are modified.)
  • Require https if there’s web access.
  • Remove unneeded functionality.

Thankfully, steps are already being taken, albeit slowly, in the right direction. In August 2017, Congress introduced the Internet of Things Cybersecurity Improvement Act, which seeks to require that any devices sold to the US government be patchable, not have any known security vulnerabilities, and allow users to change their default passwords. Note: sold to the US government. They’re not quite as concerned about the privacy and security of us civies.

And perhaps in response to blowback from social and traditional media, including one of our one posts on smart locks, Amazon is now previewing an IoT security service.

So will cybersecurity makers pick up the slack? Vendors such as Verizon, DigiCert, and Karamba Security have started working on solutions purpose-built for securing IoT devices and networks. But there’s a long way to go before standards are established. In all likelihood, a watershed breach incident (or several), will lead to more immediate action.

How to protect your IoT devices

 What can regular consumers and businesses do to protect themselves in the meantime? Here’s a start:

  • Evaluate if the devices you are bringing into your network really need to be smart. (Do you need a web-enabled toaster?) It’s better to treat IoT tech as hostile by default instead of inherently trusting it with all your personal info—or allowing it access onto your network. Speaking of…
  • Segment your network. If you do want IoT devices in your home or business, separate them from networks that contain sensitive information.
  • Change the default credentials. For the love of God, please come up with a difficult password to crack. And then store it in a password manager and forget about it.

The reason why IoT devices haven’t already short-circuited the world is because a lot of devices are built on different platforms, different operating systems, and use different programming languages (most of them proprietary). So developing malware attacks for every one of those devices is unrealistic. If businesses want to make IoT a profitable model, security WILL increase out of necessity. It’s just a matter of when. Until then…gird your loins.

ABOUT THE AUTHOR


Head of Content, Malwarebytes Labs

Wordsmith. Card-carrying journalist. Lover of meatballs.

Internet of Things (IoT) security: what is and what should never be

New Android malware could blow up your phone

New Android malware could blow up your phone

Lo lo lo Loapi Trojan could break your Android

Posted: December 19, 2017 by 

Kaspersky has found what they deem as a jack of all trades malicious app they call Trojan.AndroidOS.Loapi. Like the Trojan AsiaHitGroup we discovered last month on Google Play, this malware can do all the things—it’s a downloader, dropper, SMS Trojan, and can push ads all from the same malicious app. If left to its own devices, it could overheat the phone by taxing the processor, make the battery bulge, and essentially leave your Android for dead.

It seems creating Swiss army knife malware—lumping several uniquely malicious features into one catch-all malicious app—is becoming a trend. At least this time, the Loapi Trojan didn’t make it onto Google Play.

Loapi capabilities

For the purpose of hiding itself, Loapi poses (mostly) as a fake antivirus or, on the other end of the spectrum, adult content apps. It then asks for device administrator permissions to lock the screen of the mobile device, among other things. Furthermore, it takes the damage to another level by attempting to trick the user into thinking genuine anti-malware scanners are the real threat, and prompts to uninstall them if found. If that weren’t enough, it comes with a host of other features, including:

With everything going on in the background, Loapi puts an extreme load on the mobile device. This can lead to the Android literally blowing up from heat produced by the maxed-out processor and battery.

To state the obvious: This Loapi Trojan is quite nasty.

Darn it, tell me if you detect it or not already!

So, do we detect this monster? You bet we do! Our Malwarebytes for Android detection name is Android/Trojan.Dropper.Agent.BGT. You’ll be delighted to know that we’ve been on top of this bad boy since October.

In Malwarebytes for Android, detection of this infection is primarily done by our advanced deep scanner, which uses heuristic methodology to find malware, such as this Trojan, deeply embedded in the device. Deep scan is a feature in our Premium version. Therefore, if you want to stay protected in real time against Loapi, we recommend you upgrade to Premium after your free 30-day trial of Malwarebytes for Android. Stay safe out there!

ABOUT THE AUTHOR


Senior Malware Intelligence Analyst

Full time mobile malware researcher, part time endurance mountain bike athlete and world traveler. As nerdy about biking as he is about mobile malware.

Lo lo lo Loapi Trojan could break your Android

Registry Cleaners: Digital Snake Oil

Registry Cleaners: Digital Snake Oil

Registry Cleaners: Digital Snake Oil

Posted: June 23, 2015 by 
Last updated: October 19, 2016

 

A word on registry cleaners.

One of the most common complaints we see on our forums, and from our users, concerns a particular category of program called “Registry Optimizers” or “Registry Cleaners” or “Registry Defragmenters”. For this post, we will just refer to them as registry cleaners.

 

Who makes this software?

There are many software companies all over the world who make registry cleaners. Not all of them are included in our PUP classification. We will discuss why some get added to our PUP list later in this blog post, but for now, let’s look at what a registry cleaner is exactly in greater depth.

 

What is the registry?

Wikipedia defines it as

…a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems.

Think of it as a place where information about the programs you have installed on your computer is stored. Things like what options are enabled for programs, how they are setup, which user account can use them, and many other settings and preferences.

 

Where is the registry stored on my computer?

The registry is located in multiple places on your computer, and some of these places vary, depending on the version of Windows you are running. They are often referred to as registry hives.

If you really want to know where to find them, a quick Google search will tell you. You will notice that many of these searches give results that include the caveat that you shouldn’t touch the registry with an infinitely long pole.

Bad things happen when you make uninformed changes to the registry.

 

When were registries added to Windows?

Their introduction goes all the way back to Windows 3.1, so yeah… A long time ago.

 

Why would you need to clean it?

This is where we get to the heart of the problem. Many users swear by the performance differences they have experienced before and after running these types of programs.

We believe that this is mostly due to a computer version of the placebo effect. You watch the progress bar. The little lego blocks get stacked neatly. You get a report showing everything that is repaired… It’s all very satisfying.

All this makes what we are about to say very problematic. It might even make some readers angry…

Registry Cleaners are the digital equivalent of snake oil!

Snake oil is an expression that has come to refer any product with questionable or unverifiable quality or benefit.

You should not have to optimize, defragment, organize, streamline, clean, compress, fold, knit, wash, or color code your registry. Ever. Period. Nada. Zilch.

The potential performance enhancements resulting in the use of these programs are at best miniscule and unperceivable.

At worst, they could damage your computer so badly as to require a re-installation of the operating system.

 

Don’t believe us?

How about what Microsoft themselves have to say about registry cleaners?

This is what Microsoft has to say about registry cleaners:

Microsoft does not support the use of registry cleaners. Some programs available for free on the internet might contain spyware, adware, or viruses. If you decide to install a registry cleaning utility, be sure to research the product and only download and install programs from publishers that you trust. For more information, see when to trust a software publisher.

Microsoft is not responsible for issues caused by using a registry cleaning utility. We strongly recommend that you only change values in the registry that you understand or have been instructed to change by a source you trust, and that you back up the registry before making any changes.
Microsoft cannot guarantee that problems resulting from the use of a registry cleaning utility can be solved. Issues caused by these utilities may not be repairable and lost data may not be recoverable.

Before you modify the registry, make sure you back it up, create a restore point, and make sure that you understand how to restore the registry if a problem occurs.

That’s a pretty damning statement.

Does that mean that we will add all these programs to our PUP definitions? No, as we mentioned earlier, not all registry cleaners meet our PUP definition criteria.

We can tell you these programs are snake oil, but we’re not going to try and force you not to use them. We don’t condone forcing stuff onto people, but forcing programs onto users is exactly how a registry cleaner would wind up flagged as a PUP by Malwarebytes Anti-Malware

 

Let’s look at an example of how this happens.

Step 1

A software manufacturer partners with another software company that makes “bundlers” or “wrappers” to distribute their registry cleaner program. Let’s stick with the name bundlers for this example.

Bundlers put a bunch of programs together and offer the user these additional programs during the initial installation process. Sadly, many software companies do this, even some pretty big ones. We are not saying that all bundled software is malicious, only that this practice is rife for abuse.

(Not all PUP’s use a bundler, but the ones that do tend to misbehave…)

Remember, all the bundler wants to achieve is the maximum number of installations. It’s their business model. It’s how they get paid. It is also therefore not surprising that they would bend the rules as far as they can in order to achieve this.

(A side effect of surrendering the distribution of your program to a third-party is that you can then insulate yourself from their bad behavior… Right there we have an ethical quandary.)

 

Step 2

The bundler pre-populates the installation check box for several programs, including their partnered registry cleaner. They then seed the Internet with their bundled installer.

This can be through an affiliate marketing scheme to distribute the bundle, aggressive online adverts, or any number of other ways.

 

Step 3

A user, either seeking one of the other programs that are part of the bundler or deceived into installing it through “dark patterns”, double negatives, and confusing opt-out techniques winds up with the registry cleaner installed. Some of these software manufacturers will go so far as to have two versions of their programs.

  • An official one, available from their website, that reports a low error count, has opt-in partner program installations and looks innocuous.

 

  • An affiliate version, that has opt-out partner programs, a silent install, and an aggressive detection count. That version can only be found on the web during an active affiliate campaign. This is done so the software vendor can claim innocence and blame a rogue affiliate for the aggressive nature of the program.

 

Step 4

The registry cleaner runs as part of it’s installation, and/or configures itself to run at start up, perform a scan, and generate a report showing a large number errors found.

(Hint: Registry cleaners will ALWAYS find errors, even on a freshly installed operating system! The trick is that these software manufacturers are classifying events recorded in the registry as critical errors that require “fixing”.)

This program now runs at every start up, generating the “push for sale” popup, with the results of the scan and the numerous “errors”.

Sometimes the UI is designed to make the window difficult to close.

Sometimes the registry cleaner periodically displays the “push for sale” pop up AGAIN in the same session, despite the user having closed it and declined to purchase the software. They may use bubble notifications in the taskbar.

These types of behaviors are how we rate the aggressiveness of the registry optimizers in determining if a PUP classification is warranted.

 

Step 5

The user clicks on the fix button of the report, and is funneled to a purchase page for the registry cleaner. The user buys the software, alarmed at the numerous registry “errors” reported.

The bundler, affiliates, and the software manufacturer split the profits. The user has paid for a program that is at best useless, and at worst could damage the registry and make the computer unusable.

 

These are the PUP criteria that merit such a program be flagged as a Potentially Unwanted Program:

  • Malicious bundling
  • Pre-populated checkboxes, and the recently added
  • Registry Cleaners, Optimizers, Defragmenters.

 

You can find our complete PUP criteria classification page here.

The changes to our PUP classification took place as a result of listening to our user base.

We have seen the large number of complaints on forums about these programs. We have seen the deceptive methods they use to sneak onto computers in an effort to extract payment for non-existent errors detected by a program of little or no value.

We have revised our Potentially Unwanted Program stance in the past, and now have revised it again to include Registry Cleaners that exhibit these aggressive traits.

Presently our default behavior is to quarantine PUP’s. Unlike the programs that we classify as such, when using Malwarebytes Anti-Malware you decide what to keep or remove, and our free version provides you with full removal capabilities, should you chose the latter.

By pushing the limits of marketing techniques, by playing the numbers games on unwanted installations, by claiming innocence and blaming overzealous affiliates for repeated bad behavior, the purveyors of this digital snake oil will earn a well deserved potentially unwanted program classification.

Our vision statement at Malwarebytes is that “everyone has a fundamental right to a malware free existence,” and we mean to uphold it.

ABOUT THE AUTHOR

https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/

 

Pin It on Pinterest

Shares
Share This