Malwarebytes Alleges Signature Database Theft by IOBit

A recent forum post on Malwarebytes by the CEO of the company Marcin Kleczynski, has leveled serious allegations against IOBit. The CEO has uncovered evidence against IOBit, a security firm from China, and leveled charges that they are stealing proprietary malware and signature databases from Malwarebytes.

Marcin elaborated throughout the post how Malwarebytes spotted the database theft, and accumulated more evidence, which further  strengthens  their claim against IOBit.

We came across a post on the IOBit forums that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes Anti-Malware software using the exact naming scheme we use to flag such keygens: Don’t.Steal.Our.Software.A.

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes Anti-Malware v1.39\Key_Generator.exe, 9-30501

Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.

The above discovery led the Malwarebytes team to conduct several other tests. Most of the tests were created using fake malware signatures and were promptly copied over by IOBit.

We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! — the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results.

We scanned the file with our own Malwarebytes Anti-Malware software and indeed it was flagged as “Don’t.Steal.Our.Software.A”. We scanned it with IOBit using their current build and database version and it was flagged as the same “Don’t.Steal.Our.Software.A”. We have included their log file and a screenshot of the detection. You can verify by yourself using the dummy executable and their most recent database.

From the looks of it, most of the evidence suggest that, there is indeed a database theft. Malwarebytes also suggested that IOBit has been using proprietary information from other security vendors, without giving out specific names. Malwarebytes plans to pursue legal action against IOBit. Thanks @BillP.

Disclaimer: These are allegations from Malwarebytes. We do not endorse the fact, till they are proven by law. This post is written to make people aware of the ongoing controversy.

One thought on “Malwarebytes Alleges Signature Database Theft by IOBit”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>