PUP warning

[Claudi]

Hello,

Today, I got two unexpected PUP warnings while I used MBAM 1.2.5 for Mac to scan my hard drive.

Warning #1 refers to a Mac app called 7zX. I use 7zX since early 2013 and believe it to be completely harmless.

According to VirusTotal, both the executable and the whole installation image are probably harmless.

The warning I saw today in MBAM did not come up before October 2016. The first time it came up for me was with MBAM 1.2.5 for Mac and a v151 signature file.
I just went back to 1.2.4 (but still with v151 signatures) to double-check; it gave me the same warning.

Warning #2 refers, interestingly, to the configuration file (property list) of the 7zX app.

There is sufficient evidence for both PUP warnings to be likely false positives.
What would be the best course of action for me to prevent either warning from coming up in the future?

 

Thanks and kind regards,
Claudia

log.txt

7zX.app.zip

Library_Preferences_com_sixtyfive_7zX_plist.zip

[treed]

Claudi,

7zX has been obtained by, and is now being distributed by, Genieo Innovations, LLC, a very prolific and disreputable adware- and malware-developer. As such, we feel our customers should be aware that this app is not trustworthy any longer.

You are welcome to ignore that advice, of course. At this time, there's no way to permanently add files to an exclusion list on the Mac, but if you need to remove other threats and don't want to remove 7zX, simply uncheck the 7zX files.

[Claudi]

Hi Thomas,

Thanks a lot for taking your time and explain the situation.
I’m relieved to learn that the 7zX app is currently harmless, at least for now. Just as a precaution, I have now removed 7zX from my system as per your recommendation. That way, I’ll be on the safe side in case the app should ever get updated with a new unwanted or malicious feature.

I do appreciate how Malwarebytes is keeping an eye on the market and having MBAM alerting users of such changes in ownership.

That said, on the other hand I consider myself a highly responsible person. For example, working on a compromised machine would be a no-go for me. There was an obvious contradiction between MBAM’s warning yesterday and all the other evidence; for example, I had every reason to assume the apps’ binary was never modified since I installed it.

This was the exact kind of uncertainty that caused me to spend my entire Friday afternoon looking for the root cause of MBAM’s warning, looking for any source I have possibly trusted too much, hunting for a possible entry point for malware caused by my own negligence or oversight. I was essentially led to believe my machine was infected by a rootkit; how else could the app’s binary have suddenly turned malicious while its hash stayed the same since three years?

Is there a reason why MBAM chooses not to state a clear reason for the PUP warning? The level of detail that you gave in your last reply would be more than sufficient. This would minimize uncertainty on the users’ side, keep them from wasting time looking for a nonexistent malware entry point, and ensure that users continue to put their trust into MBAM’s results in the future.

Does MBAM for Mac have such a feature on its roadmap?

I do understand there may be perfectly good reasons that it doesn’t; however, I’m curious to know.

Thanks and kind regards, Claudia

[treed]

Right now, we don't have information about these kinds of threats online anywhere. It's difficult to maintain descriptions of absolutely everything we detect, but we should be able to put info on the more common infections online at some point in the future.

[Claudi]

Alright, that makes sense. Thank you for following up!