Malwarebytes and Chinese hackers

[androidappme]

Something I noticed in this video was they have Malwarebytes and yet Malwarebytes didn't detect anything on their pc.

Or are you working with them?

Or is it just that they use Malwarebytes?

[Firefox]

Hello and

Well its hard to say since we do not have all the information and samples they tested.

One thing right off the bat that I can see, is that they are obviously using an outdated version of Malwarebytes.

[David H. Lipman]

What you see are mostly web pages. However the control workstation used to access a RAT did show MBAM Pro active. The server or manager end may not be detected. It is the RAT that is seen on compromised systems, not the administrative server or manager side software. If MalwareBytes' Malware Researcher's could get a hold of that software I'm sure that signatures would be created. It is the client side or RAT that is most seen and detected.

Watching the video leaves many questions such as the time frame the video was generated and the version of MBAM Pro. plus what signatures were used at the time of the video.

There are just too many variables to draw a complete conclusion.

Note also Mandiant was hired by the NY Times (NYT) to research who had hacked into the NYT network. It has been alleged that APT1 is a malicious actor(s) of Unit 61398 of China's People's Liberation Army (PLA). If true, we are not talking about day-2-day common off the shelf malware but most likely state created malware specifically targeting victims. Thus the software may have a very small scope of distribution and thus not seen and subsequently not detected by MBAM. Often those that are seen by MalwareBytes' are subsequently detected but there may be a time differential between the malicious release of the software and the files being found and submitted to MalwareBytes' for detection.

The China's PLA has been known to use Chinese Universities students and the Chinese hacker community to perform data acquisition, hacking and hactivism on behalf of China's government and this has been an ongoing issue since the Hainan Island incident a dozen years ago.

[androidappme]

I hope Mandiant reveals more details about it so that Malwarebytes can detect them.

*&^(*) China

They mentioned that they used a VPN. I wonder which one.

So much for blocking VPNs in China.

[David H. Lipman]

Details are not samples and while Mandiant may be a company dealing with COMSEC, they may not deal with malware to harvest samples and provide them to MalwareBytes' or other vendors in the anti malware community.