Malwarebytes is warning users of a trail run of a variant of DetoxCrypto ransomware that is imitating the security vendor's software.
Researchers said there are a couple files of the ransomware going around although they are all broken in terms of functionality, download ability, and dropper URL, although there is no doubt that a fully functional version will appear in the near future, according to a Sept. 16 blog post.
It was also noted that the sample doesn't encrypt files which further suggests it may be a trial run or just a poorly coded malware, researchers said. The imitation file contains a type and misspells the firm's name as “Malwerbyte” which makes it easy to spot out as a fake. Although the saying goes that imitation is the sincerest form of flattery, Malwarebytes Lead Malware Intelligence Analyst Jerome Segura told that users should stay miles away from this piece of malware.
“Malware authors will often taunt security companies with hidden messages in their code, or also try to social engineer users by featuring the same company logo or name,” Segura said. “Fortunately, threat actors are not always very good with spelling, as was the case here, so that's something that should immediately raise a red flag, not to mention the fact that the malware file was not digitally signed.”
110 Reykjavik, Iceland