Fake Malwarebytes Installation Files Distributing Coinminer | Avast

On Friday, August 21, 2020, we began detecting fake Malwarebytes installation files containing a backdoor that loads a Monero miner based on XMRig onto infected PCs. The most prevalent filename under which one of the installation files is being distributed is “MBSetup2.exe”. Avast has protected nearly 100K Avast and AVG users from the fake installation files, which are mostly  spreading in Russia, the Ukraine, and Eastern Europe. As of yet, we do not know where or how the fake installation file is being distributed, but we can confirm that the installation files are not being distributed via official Malwarebytes channels, which remain trusted sources. 

Leave a Reply