Malwarebytes (software)

For the company, see Malwarebytes.

Malwarebytes (formerly Malwarebytes Anti-Malware, abbreviated as MBAM) is a cybersecurity software suite for Microsoft Windows,^[7] macOS, ChromeOS, Android, and iOS that finds and removes malware.^[8][9] Made by Malwarebytes Corporation, it was first released in January 2006. This is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

Malwarebytes
Developer	Malwarebytes Inc.
Initial release	January 2006; 19 years ago (2006-01) (as RogueRemover)
Stable release	Windows 5.4.5 / December 1, 2025; 17 days ago (2025-12-01)[1] macOS 5.19 / November 19, 2025; 29 days ago (2025-11-19)[2] Android & ChromeOS 5.19.2 / November 11, 2025; 37 days ago (2025-11-11)[3] iOS 5.21 / November 27, 2025; 21 days ago (2025-11-27)[4]
Operating system	Windows 7 and later, macOS 10.12 and later,[5] Android 9.0 and up, iOS 17 and later, ChromeOS[6]
Platform	IA-32, x86-64
Size	Windows: 287 MB Android: 42.5 MB
Available in	30 languages
List of languages Bulgarian, Catalan, Chinese (Traditional), Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Slovak, Slovene, Spanish, Swedish, Turkish and Vietnamese
Type	Anti-malware
License	Proprietary (Freemium)
Website	malwarebytes.com

Overview

Malwarebytes is primarily a scanner that scans and removes malicious software, including rogue security software, adware, and spyware.^[10] Malwarebytes scans in batch mode, rather than scanning all files opened, reducing interference if another on-demand anti-malware software is also running on the computer.^[11][12]

Malwarebytes antivirus has four plans: Free, Standard, Plus, and Ultimate.^[8] The free edition functions purely as an on-demand scanner. It can remove existing malware but lacks continuous realtime protection, so users must launch scans manually to stay secure. Premium plans add real-time protection and scheduled scanning, blocking malicious websites, scanning files and memory automatically, and performing daily "Threat scans" of memory, startup items, the registry, and file system objects, alongside other advanced scan modes.^[8]

In 2020, Malwarebytes introduced its own virtual private network solution, Malwarebytes Privacy, built on the WireGuard protocol.^[13][14]

In 2023, the software suite was expanded through the integration of technology acquired from Cyrus, a privacy services provider. This added automated digital footprint scanning and tools for submitting personal data removal requests.^[15][16]

That same year, Identity Theft Protection became available as an optional component that could be added to any Malwarebytes plan.^[17]

In 2024, the functionality of the software was expanded again following the acquisition of AzireVPN, adding another virtual private network service to the privacy features available to users.^[18]

Also in 2024, Malwarebytes released Personal Data Remover, which scans data broker platforms and people-search sites, assists users in removing exposed personal information, and provides ongoing privacy monitoring.^[19] The company additionally introduced the Digital Footprint Portal, a free tool that analyzes online sources for data linked to a user’s email address and offers guidance on improving privacy protections.^[20]

In 2025, the product was further expanded with the addition of Scam Guard, an AI-based mobile tool designed to identify potentially fraudulent messages and links.^[21]

Artificial intelligence

Malwarebytes uses artificial intelligence by integrating behavior-based machine-learning models into its malware detection engines.^[22]

In early 2025, reviewers noted that the Katana engine had been updated to include more advanced AI-driven and machine-learning approaches, allowing it to recognise malware families that had not yet been catalogued and improving its ability to address newly emerging forms of malicious software.^[23]

Further assessments in 2025 reported that Malwarebytes made broader use of heuristic analysis and machine-learning components to enhance the detection of evolving threats, contributing to more comprehensive behaviour-based protection within its consumer products.^[24][25]

Security vulnerabilities

On February 2, 2016, Project Zero discovered four vulnerabilities in the Malwarebytes flagship product, including lack of server-side encryption for update files and lack of proper payload signing within encrypted data; the combination of which allowed an attacker to recompile the encrypted payload with exploits.^[26] Malwarebytes responded one day before disclosure in a blog article detailing the extreme difficulty in executing these attacks, as well as revealing that the announced server-side and encryption issues were resolved within days of private disclosure and were not outstanding at the time Project Zero published their research.^[27] Malwarebytes also published information on how to protect current users until a patch was released. This event also resulted in the establishment of a formal bug bounty program by Malwarebytes, which offers up to $1,000 per disclosure as of 2018^[update], depending on severity and exploitability.^[28]

Dispute with IObit

On November 2, 2009, Malwarebytes accused IObit, a Chinese company that offers similar products, of incorporating the database of Malwarebytes Anti-Malware (and several products from other vendors, which were not named) into its security software IObit Security 360.^[29][30] IObit denied the accusation and stated that the database is based on user submissions, and sometimes the same signature names that are in Malwarebytes get placed into the results.^[30][31]

IObit stated that the company did not have enough time to filter out the signature names that resembled those used by Malwarebytes. They also said that Malwarebytes did not have convincing proof and declared that the databases were not stolen. After the declaration from IObit, Malwarebytes issued a reply describing IObit's denial as "unconvincing".^[29] CEO Marcin Kleczynski told Softpedia that Malwarebytes served DMCA notices to CNET’s Download.com, MajorGeeks and SoftLayer, and that those hosts removed the IObit files as a result.^[32] IObit responded that it had removed the disputed signatures and updated its database after the allegations were raised.^[33]

See also

• Internet security