Beware of virus on fake MediaMonkey.store [edited]

Discussion about anything that might be of interest to MediaMonkey users.

Moderator: Gurus

TheUnmentioned
Posts: 1
Joined: Sun Aug 07, 2022 7:27 pm

Beware of virus on fake MediaMonkey.store [edited]

Post by TheUnmentioned »

Careful with this download folks (Online Threat Prevention): (DO NOT Open!!) Trojan.Hulk.Gen.1 So, it Triggered Multiple warnings and needed disinfected: "MediaMonkeyc.zip" this zip file available on the store link contains something NASTY. On the link mediamonkey.store Get MediaMonkey Today ->Standard Version->Get basic functionality->Free-->Download V5
C:\Users\XXXXX\AppData\Local\Temp\Temp1_MediaMonkeyc.zip\MediaMonkey\MediaMonkeySetup.exe=>(CAB Sfx g)=>SETUP_~2.EXE
I uploaded the file to VirusTotal and its conclusive (I'm a Security Architect/ Engineer and do this for a living) http://www.virustotal.com/gui/file/40e1 ... 00/details
Apparently... 9 security vendors flagged this file as malicious and there's some pretty trusted names on this list, like Microsoft.

Code: Select all

ALYac
Trojan.Hulk.Gen.1

Avast
Win32:RATX-gen [Trj]

AVG
Win32:RATX-gen [Trj]

ESET-NOD32
A Variant Of MSIL/TrojanDownloader.Agent.MUZ

Kaspersky
HEUR:Trojan-Downloader.MSIL.PsDownload.gen

Microsoft
Trojan:MSIL/Remcos.FWM!MTB

Rising
Malware.SwollenFile!1.DDB4 (CLASSIC)

Trapmine
Suspicious.low .ml.score

VIPRE
IL:Trojan.MSILZilla.22453
Also, date of the Malware file is 7/30/2022 @ 4:54am so this may have been out there for about a week-ish
Peke
Posts: 17446
Joined: Tue Jun 10, 2003 7:21 pm
Location: Earth
Contact:

Re: Virus on fake MediaMonkey.store

Post by Peke »

Hi,
TheUnmentioned wrote: Sun Aug 07, 2022 7:49 pm On the link mediamonkey.store Get MediaMonkey Today ->Standard Version->Get basic functionality->Free-->Download V5
Yeah, it looks like there's a fake MediaMonkey site that might have tricked you into downloading a fake version of MediaMonkey. We're doing our best to have the site shut down, but if you stick to downloading MediaMonkey from www.mediamonkey.com, you'll find that the downloads are all clean:

Latest Beta: https://www.virustotal.com/gui/url/dd38 ... 648b1eb502
Official Stable: https://www.virustotal.com/gui/url/8c2d ... 0ccfdc3875

Here's a link to the report of the downloaded ZIP file from the fake store:
https://www.virustotal.com/gui/file/283 ... 77118d1306
ZIP File is 521kb and extracted file is 362mb which by itself rise red flag and any security noob should recognize it as such.
Also if you check URL to download of file it will be flagged also https://www.virustotal.com/gui/url/27d9 ... /detection
TheUnmentioned wrote: Sun Aug 07, 2022 7:49 pm
(I'm a Security Architect/ Engineer and do this for a living)
I guess this just shows how easy it is, even for paranoid/security-conscious individuals, to be tricked. For all users: make sure that you download MediaMonkey from https://www.mediamonkey.com or another reputable site.

I've modified the topic to accurately reflect the threat. If you have any evidence that installs originating from our site contain malware, please report to us directly. Thanks.
Best regards,
Peke
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
Image
Image
Image
How to attach PICTURE/SCREENSHOTS to forum posts
rusty
Posts: 8393
Joined: Tue Apr 29, 2003 3:39 am
Location: Montreal, Canada

Re: Beware of virus on fake MediaMonkey.store [edited]

Post by rusty »

Good news. Google has removed the ad linking to the fake site.

-Rusty
Post Reply