在伪,必威平台APP我们经常检查应用德tection as Potentially Unwanted Programs (PUPs). These are programs that exhibit a wide variety of bad behaviors, but aren’t actually outright malware. Unfortunately, there are many supposed antivirus programs that fit this category.

Following user reports, we began researching a piece of software named CyberByte Antivirus to determine whether it was a PUP. In our initial research, we found that CyberByte met several aspects of our PUP detection criteria, and we made the decision to begin detecting it as such.

这些违规之一是Cyber​​byte充当开源Clamav引擎的包装器(其数据库中没有全面的MAC签名),因为要求免费支付免费防病毒引擎的付款是潜在的危险信号。但是,除了Clamav之外,他们似乎还使用了另一台引擎。

After further examination, we noticed that there was something awfully familiar about CyberByte’s scans—specifically, the names of the threats it was looking for as part of its “quick scan.”

Among antivirus companies, names of various threats tend to vary, sometimes quite widely. For example, something we call Adware.Crossrider might be called Trojan.Crossrider, OSX/adAgent, or Other:Malware-gen by other防病毒计划。In the case of CyberByte, the names we saw scrolling by during a scan were our own Malwarebytes detection names.

最近为Mac使用恶意软件的任何人都可能会必威平台APP注意到trojan.steamstealer.csgo是它扫描的第一个威胁。Cyber​​byte的“快速扫描”始于完全相同的威胁,这似乎是非常不可能的巧合。

trojan.steamstealer.csgo并不是恶意软件独有的名称。必威平台APP但是,随着扫描的进行,很容易看到除Malwarebytes以外的其他供应商未使用的许多威胁名称。必威平台APP

我们立即怀疑Cyber​​byte偷走了我们的知识产权以增强Clamav引擎。但是,似乎他们无法完全复制我们的扫描引擎,因为“快速扫描”仅检测到Malwarebytes所做的一小部分文件。必威平台APP

需要进一步的证据,因此我们上周在检测中添加了一个虚拟规则。We added a rule that would detect a particular folder—one that should never exist, and that you’d have to jump through hoops to create on a modern Mac system—as “Adware.DSMS” (meaning, “Don’t Steal My Software”).

星期一早上,在测试系统上,我们创建了虚拟文件夹,然后在该系统上安装并更新了Cyber​​byte。在使用Cyber​​byte进行了“快速扫描”后,我们抓到了它作为Adware.dsms检测到的虚拟文件夹,证明这不仅是一次性盗窃。Cyber​​byte显然已经建立了一个系统,以持续盗窃我们的知识产权。

这不是骗子第一次偷走我们的知识产权。早在2009年艾奥比特(Iobit)被抓住了我们的知识产权。一个名为的程序另一个清洁工也做了同样的事情

For this reason, we have changed our detection of CyberByte from PUP.CyberByte to OSX.FakeAV. We are taking actions to stop this infringement and protect our intellectual property.