about ICQ ...

[Hammer777]

Ars Tech and many others have warned about using this software since the Russian regime took it over.  Since it is now REQUIRED by RF law for citizens to install it on their computers there, that should be one 'red alert.'  That it is now a spyware/malware vector should make any user installing it more than a little nervous.

Shouldn't Malwarebytes flag this as a security risk during a scan?

[exile360]

Greetings,

If you wish to report an item as a potential threat to the Malwarebytes Research team, please create a new topic in the appropriate area of the Research Center, making sure to follow any instructions and guidelines explained in the pinned topic of the area you will be posting in.

With that said, I am personally of the opinion that it probably depends greatly on whether or not Malwarebytes sells their products in Russia as it probably wouldn't make much sense to flag an instant messenger as a threat if it is required to be installed on all devices in the country.  That would be similar to flagging something like Google Chrome as a threat because it is a known monitoring/tracking/advertising/spying tool used by Google to gather mass data from the world and profit through advertising.  Technically, Google Chrome does pose a major threat to a user's privacy (as does Windows 10, MS Edge, Facebook, Amazon, most governments, most major corporations and of course all the marketers/advertisers and data brokers), but that doesn't necessarily mean that the most popular browser on the planet should be categorized as PUP or malware by Malwarebytes; instead, it is up to the security/tech community aware of the issues and potential risks to inform the public of the potential risk and for the public to determine whether or not it is acceptable and either use a different solution, change legislation in their resident country to stop such practices, or to petition Malwarebytes to classify the application as PUP.  That said, Malwarebytes does already block many of Google's tracking and advertising servers (along with many others from other companies and data collection entities) through tools such as Malwarebytes Browser Guard, however I do not know if or how Malwarebytes would block any hypothetical spying by any government, whether through a particular application like ICQ or through any other means.  I believe users of internet connected devices need to take the security and privacy of their data and activity seriously and using good security tools is a big part of doing so, as is practicing safe browsing habits and being careful about what they install on their devices.

I hope this helps, and if there is anything else we might assist you with please let us know.

Thanks

[alvarnell]

I would certainly hope that anti-malware software vendors are not flagging software as a security risk solely because of it’s country of origin / ownership without testing that indicates the nature of any security issue proven to exist. 

[exile360]

Yes, and it should be quite easy to determine if an IM app is connecting to any servers it shouldn't be or sending any data it shouldn't be.  I'm sure there will be plenty in the tech/security field using Wireshark and the like to monitor how the application communicates so if there are any actual issues to be alerted to, I'm certain we'll be hearing about it before long.

[Hammer777]

As stated in the very first line of my post, that part of the equation is already a done deal. ICQ is a threat, no ifs/ands/buts.

[alvarnell]

I know you allege that in you post, but you didn’t give us any proof. I searched the ArsTechnica site for a recent article and found nothing at all. There seem to be several forum discussions on various aspects some time ago, but I don’t really have time to try to digest it all. 

Again, you are more than welcome to submit it to the Research Center for consideration, but if you want to continue a discussion here, we’re going to need more than just your word that it’s a threat and to what extent.

[exile360]

Yes, this area is for suggesting ideas for the program, not for Research to add items to the threat database.  That area is the Research Center I already linked to above.  If you want to submit an item as a potential threat, create a post there in the appropriate area along with the info requested in the pinned topics within that area (link to VirusTotal scan for the file etc.).

[alvarnell]

I can help you with part of that. Here's the VirusTotal results link: 

https://www.virustotal.com/gui/file/57c8a47cde31fc782f0d5c2dd4d9af26d5a1cfb6a8424e1907c482439ed04158/detection.

And you might want to consider making your same case to Apple Product Security since it's available from the App Store:

https://apps.apple.com/us/app/icq-new-messenger-chat/id665877304?mt=12.