I just finished trying to do my best to clean up a tech scam attack that Malwarebytes let through on my parent's computer. As a result they are out $2000 from a gift card scam. But the thing is, this never should have happened. They were running Malwarebytes but yet the classic "Windows Defender" box appears, locking out the computer with a phone number to call. Extremely dissapointed that this happened - and want to make sure this got reported so Malwarebytes can fix whatever whole these scammer drove through.
The site that triggered this was templateroller.com, and it appears that a page on that site was compromised. I did not go hunting for the specific URL, as I didn't want to trigger the same vulnerability on my system, but apprently just VISITING that compromised page (nothing was downloaded) generated the pop-up/lockout screen and the bogus Windows Defender scam. While the site itself did not appear to be blocked by Malwarebytes (guess it is a legitimate site?), the fact that Malwarebytes let a payload like this through is unacceptable. Guessing it was a malware ad - but web protection was on, so what the heck happened?
I'm extremely dissapointed in Malwarebytes - I trusted the platform, and that it would protect the vulnerable. But yet here we are, and all I have to show by trusted Malwarebytes are two frazled parents who have been running around town due to scammers, losing $2000 worth of lost gift cards, and all because the system I TRUSTED to keep them safe failed them.
This threat isn't "new" - but the fact that Malwarebytes let this happen is definately new - or at least unexpected, and unacceptable.