"Anti-Ransomware" App Real MWB app or Fake?

[Chenjesu]

I have had Malwarebytes on my phone (A Lenovo Moto Z Play) for a few weeks now and haven't had any issues but while using the podkicker app something looking like the app's scanner and saying Malware bytes on it came up saying that it was checking for Ransomware and had a close button on the bottom which looked a little bit off so I tried going back or opening the launcher and it wouldn't let me do either.  At most it would flicker for a fraction of a second and I could see podkicker but then would come back.  I had to do a hard reset of the phone to get out of it.

 

When it started up again a grey icon with a similar M to MalwareByte's but in light grey and titled "Anti-Ransomware" popped up on my main screen but when I opened up the launcher it wasn't listed there.  I should have done a screen capture but I was just about to go to sleep and when I selected on it it just gave me the option to remove the icon, and I did it without thinking.  I did notice there was no uninstall option when I did this.

 

So either A) This is a legitimate part of Malware Bytes and it's not functioning properly which if that's the case is likely going to cause some other people to get worried since they didn't install that app and it popped up out of nowhere and couldn't be closed.

 

or B) It's malware.

 

I uninstalled Malware Bytes and reinstalled it, updated and ran a scan and it found nothing.

 

Oh and it's on Verizon, running Android 7.1.1 and the phone isn't rooted

Edited February 5, 2018 by Chenjesu

[mbam_mtbr]

Hi @Chenjesu,

This warning may have come from our advanced ransomware scanner.  Apps that have elevated privileges and that have been installed using side loading (anything installed outside of Google Play) are flagged as potential ransomware.

Installation from outside the Play Store plus elevated privileges are big red flags. Therefore, we warn our customers that a suspicious app was installed that displays ransomware like properties. It’s up to the user to ignore our warnings or not.

Ransomware is particularity dangerous, and this warning gives users the ability to cut it off before it’s too late.

If you think it's malware, you can send us a Apps Report.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

Thanks for reaching out,

Nathan

[Chenjesu]

It looked more like a scan in progress than a warning.  The big thing that sent up the red flag for me was the new icon showing up but the fact that it didn't have an uninstall option was weird.  Is that grey M (styled like malware byte's) icon yours for anti-ransomware? 

I waited a day to see if it would do this same thing but that never happened and nothing came up on MalwareBytes scans.  Sorry I can't send any reports I've already done a factory reset.

 

[mbam_mtbr]

Hi @Chenjesu,

Without a screenshot or Apps Report, it would be hard to tell.  Hopefully the factory reset fixed your issues.

Nathan

[darrellr5044]

i have same problem

[mbam_mtbr]

Hi @darrellr5044,

Could you explain more in depth what particular issues you are having?

Nathan

[Zen67]

Hello!

I think I have a clue as to what Chenjesu and darrellr5044 are talking about as I too have an app icon similar to the Malewarebytes app icon however this icon has a wrench in it. When I tap on the icon it asks me to use google docs or another program to open it. I've included screenshots, what the "app" icon looks like, what it wants me to open with and a message with "instructions?". The icon just appeared, I don't know what to do with it or know if it's legit.

Is this a Malewarebytes product? Is this instructions to remove "ransomware".

I did remove firefox just in case

[mbam_mtbr]

Hi @Zen67,

You must have accidentally triggered our anti-ransomware remediation.  This can be done two ways: 

1) SMS command (if feature is activated)

2) Plug/unplug headset into headset jack 4 times in 10 seconds

My guess you either did the later, or your headset jack is going. Personally, if it's the jack I'd try cleaning with rubbing alcohol and cotton swab.

The HTML is so you can see which apps are on the remediation list whilst in safe mode since only system apps can run in safe mode (thus, Malwarebytes for Android will not).

Nathan