What is FakeMBAM Backdoor

FakeMBAM Backdoor is malware that allows malicious actors to install additional malware onto an infected computer. This particular backdoor malware is disguised as a Malwarebytes installer, and according to Avast, appears to be distributed via automatic updates for a torrent client Download Studio and three adblockers (NetShield Kit, My AdBlock, Net AdBlock). Users with these programs installed would get an automatic update that would download and silently execute the FakeMBAM Backdoor. FakeMBAM Backdoor

Once FakeMBAM Backdoor is executed, malicious actors behind it would be able to install additional malware onto the infected computer. That additional malware could be anything, from a data-stealing trojan and file-encrypting ransomware to a cryptominer. At this time, it appears that FakeMBAM Backdoor installs a miner trojan which uses the infected computer’s resources to mine for cryptocurrency.

It appears that Download Studio is a legitimate program, or as legitimate as torrent programs get. Same for the three adblockers. It’s possible that the developers of these programs are entirely innocent, and someone managed to get into their systems to distribute this backdoor. However, it’s also possible that the malware was purposely spread by the developers behind Download Studio.

How did FakeMBAM Backdoor enter a computer?

It appears that FakeMBAM Backdoor is downloaded by torrent client Download Studio and adblockers NetShield Kit, My AdBlock, and Net AdBlock. The malware was pushed as an automatic update and would initiate silently in the background. If more cautious users were to check the supposed update, they would see an installation wizard for supposedly Malwarebytes. Users who are familiar with Malwarebytes may notice that it does not look like the legitimate installer, but it would be enough to convince many users.

Download Studio appears to be a popular torrent client, particularly among Russian-speaking users, as it provides a lot of content in Russian. Just like all torrent platforms, it offers copyrighted content for free, making it popular among those pirating movies, TV shows, etc. The adblockers aren’t particularly known but still have many users. Thus, the malicious update carrying FakeMBAM Backdoor could have reached thousands of users, whose computers may now be vulnerable to a serious malware infection. If a computer is not protected by an anti-virus program, users may not even be aware that the malware is present. Though mining trojans are quite noticeable because they negatively affect the computer’s performance, sometimes to the point that the computer may become unusable.

FakeMBAM Backdoor would install additional malware

The name backdoor malware is pretty literal because the malware essentially opens a door for other malware to enter. All kinds of malware could be installed, including data-stealing trojans, ransomware and miners. It appears that the FakeMBAM Backdoor drops a miner trojan payload, which is probably the least harmful infection.

Mining malware use the infected computer’s resources to mine for cryptocurrency. This isn’t particularly harmful to the computer long term but it does affect it. Because the computer’s resources are used to the max to mine the cryptocurrency, your computer will slow down quite noticeably, programs will take a long time to launch and crash all the time, and you’ll notice other performance issues. This is quite annoying at the moment but usually does not cause long-lasting damage. Nonetheless, since you’re not the one benefiting from the mining malware, there is absolutely no reason why you should put up with this. The sooner you get rid of the miner, the better.

FakeMBAM Backdoor removal

It is strongly suggested to use an anti-virus program to remove FakeMBAM Backdoor. Unless you know exactly what you’re doing, manual FakeMBAM Backdoor removal would be difficult. It would also be a good idea to leave the anti-virus program running on the computer, as it would prevent future infections that can enter in a similar way to FakeMBAM Backdoor. Had anti-virus been installed, it would have immediately alerted you about suspicious behavior.

FakeMBAM Backdoor is detected by the majority of anti-virus programs:

  • Malwarebytes – Trojan.FakeMBAM
  • Kaspersky – Trojan.Win32.Miner.asxhr
  • Microsoft – Trojan:Win32/CryptInject!MSR
  • ESET – Win32/Agent.ACHY
  • BitDefender – Trojan.Miner.CQ
  • Avast/AVG – Other:Malware-gen [Trj]
  • Emsisoft – Trojan.Miner.CQ (B)


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Leave a Reply