Jump to content

Ensuring MalwareBytes Anti-Malware for Mac doesn't get infected right after download or installation ?


Recommended Posts

Hello everyone,

 

I would like to clarify a crucial point. I have recently been pointed towards your Malwarebytes Anti-Malware for Mac product as I am currently trying to make sure my Mac isn't infected, part of a broader security haul-up I'm currently into. I'm very impressed with your product as well as the Mac blog articles that you have, the majority of which I have read in the recent days. Thanks a lot !

 

- I wanted to know if it is possible that MalwareBytes Anti-Malware for Mac could get infected immediately after download or installation, and therefore making it report false or corrupted scan results or just not scan correctly at all. 

The origin of this question is that a while back when I was still a Windows user, it was possible to have your antivirus that got infected and therefore corrupted, that's why we could have some "emergency" floppy disks made to scan at boot for example, in order to ensure a safer scan. 

I was wondering if Malwarebytes Anti-Malware for Mac is safe from this kind of situation.

 

- I'm also wondering if it's possible to have a similar "external" way to scan a Mac for safer results ?

 

- I was also wondering if there are any types of virus such as these on mac ? The kind that can infect your antivirus or spread to all files, then spreading to my Apple Time Capsule for example.

 

At the moment Malwarebytes Anti-Malware for Mac reports that it doesn't find anything on my Mac. However I am still wondering about the corruption possibility as mentioned above and I would like to just validate these results. 

 

- I'm also running Avast Mac Security 2015, and I got several warnings in the past, that were apparently blocked by Avast. But this means my Mac got exposed somehow, which is why I'm trying to make sure everything is OK. I've included a PDF with screenshots of the names of those threats, screenshoted from Avast's report, 1 screenshot per page.

Which also makes me ask you: can MalwareBytes Anti-Malware for Mac run alongside Avast Mac Security 2015 without them preventing each other from working correctly ?

 

Thanks a lot for your help !

Avast.pdf

Link to post
Share on other sites

  • Staff

Malwarebytes Anti-Malware for Mac is a codesigned app, which means that any tampering would cause the code signature to fail, and Mac OS X would not allow it to run. Technically, it would be possible for a hacker to distribute a modified copy through some other site, with a modified code signature, if you didn't download it directly from us. If that's something you're concerned about, open the Terminal (found in the Utilities folder in the Applications folder) and enter the following command:

codesign -dvv /path/to/Malwarebytes/app

If you don't know the correct path to the Malwarebytes Anti-Malware app, you can drag it and drop it on the Terminal window… this inserts the path to the app in the command, so you don't have to type it.

If the resulting output has a line like this, it was signed by us and hasn't been tampered with:

Authority=Developer ID Application: Malwarebytes Corporation (GVZRY6KDKR)

Most apps these days are signed in this manner.

Currently, there are no viruses – meaning malware that injects itself into other files and spreads by itself – for the Mac. All current Mac malware lies firmly in the realm of the trojan horse, meaning that it relies on the user to open a bad app or installer to infect the system, and it doesn't spread further from there. The prevalence of codesigning on Mac OS X makes viral behavior very hard to achieve.

Malwarebytes Anti-Malware for Mac should work just fine alongside Avast. It certainly won't interfere with Avast, and none of our testing shows that Avast interferes with our software either.

Link to post
Share on other sites

Hello Treed, Thanks a lot for your detailed reply, i feel more relaxed now ! Awesome trick to check the codesignature ! There was indeed a line as you described, I'm not surprised as I got the app from your site but still felt interesting to check it out.

  • I understood your explanation of the absence of viruses on Mac and their usual way of spreading not being valid on Mac. However I have another question. I use a Time Capsule for my backups and I am considering updating my Macbook Pro Late 2011 from Mavericks to El Capitan, mainly to enjoy future security updates and also to get the new System Integrity Protection (SIP). If I perform a clean install from a bootable USB stick and then restore my files and data from the Time Capsule, and let's say there is a hypothetical malware on the Time Capsule, could it be transferred back to the clean install while restoring ? 
  • What about the threat warnings I got with Avast's live protection while browsing the net, that I included in the PDF as a group of screenshots ? Would not having Avast gotten me infected automatically or would these just ask me to install some gadget, at which point safe computer habits would have made me close those sites immediately ?
  • I also read your article about XCodeGhost and I was wondering if MalwareBytes Anti-malware for Mac was scanning for it and if it is included in the app's list ? Is it possible to find a regularly updated list of what malwares are scanned for by your app in human-readable format on your site ? I looked everywhere but didn't find it, maybe it's proprietary ?
  • Also do you know of any definitive app list of xcodeghost-infected iOS apps (and possibly OSX apps ?) on the net ? I've read in many articles I read that up to 3,500 apps could be exposed but never found a list that mentions more than around 35/50 apps. 

Thanks a lot for your help and time ! Have a good one ! 

Link to post
Share on other sites

  • Staff

If you are transferring from a backup of an infected system, then you could certainly re-infect the clean system in doing so, depending on what is restored from the Time Capsule. There's no good way to remove malware from a Time Machine backup, though... if you touch those backups with anything other than Time Machine, it will corrupt them, potentially ruining the entire set of backups. Just make sure you've backed up a system that is clean of any adware or malware, then make sure you restore from that point in time.

There's nothing that could have infected you without your assistance these days. The things Avast blocked would only have been a threat if you had opened them.

XcodeGhost is something that Malwarebytes Anti-Malware for Mac will scan for, but we can't scan iOS for XcodeGhost-created apps. Unfortunately, I'm not aware of any definitive list of those apps, but they mostly were distributed in China. If you're outside China, you're very unlikely to have ever seen one.

We don't currently have any definitive public list of every Mac threat we scan for. We do want to work on something like that, it's just a matter of having the time to work on it. :)

Link to post
Share on other sites

Thanks for your reply and help Treed ! 

Regarding the XcodeGhost app, I indeed had one app from the list, however I don't know if the French App Store I got it from had an infected version such as the one on the Chinese App Store. 

Regarding the malware issue, I would like to send you some screenshots by private message, I got what looks like a tcp port scan on 10 ports, out of nowhere, I hope you don't mind ! Thanks a lot !

Link to post
Share on other sites

  • Staff

If you had a known XcodeGhost-infected app, and it was on your phone around the time that XcodeGhost was discovered, it may have been infected. Unfortunately, the only way to really be sure that your iOS device is clean now is to restore it to factory defaults, without restoring anything from backups. There's no way to scan iOS.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.