CRW

Home Wiki

Malwarebytes

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Contents7
  1. Consumer impact summary
  2. Incidents
  3. Privacy VPN (2020)
  4. Privacy Policy
  5. Data collection
  6. See also
  7. References

⚠️ Article status notice: This article has been marked as incomplete

This article needs additional work for its sourcing and verifiability to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. In particular:

  1. Product page should be changed to product page of the VPN or to the company page. Content is inconsistent.
  2. Article is written as original research and needs more references.
  3. Take this as a tone warning for lack of neutrality.

This notice will be removed once the issue/s highlighted above have been addressed and sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the discord and post to the #appeals channel.

Learn more ▼

This Article Requires Additional Verification

This article has been flagged due to verification concerns. While the topic might have merit, the claims presented lack citations that live up to our standards, or rely on sources that are questionable or unverifiable by our standards. Articles must meet the Moderator Guidelines and Mission statement; factual accuracy and systemic relevance are required for inclusion here!

Why This Article Is In Question

Articles in this wiki are required to:

  • Provide verifiable & credible evidence to substantiate claims.
  • Avoid relying on anecdotal, unsourced, or suspicious citations that lack legitimacy.
  • Make sure that all claims are backed by reliable documentation or reporting from reputable sources.

Examples of issues that trigger this notice:

  • A topic that heavily relies on forum posts, personal blogs, or other unverifiable sources.
  • Unsupported claims with no evidence or citations to back them up.
  • Citations to disreputable sources, like non-expert blogs or sites known for spreading misinformation.
How You Can Improve This Article

To address verification concerns:

  • Replace or supplement weak citations with credible, verifiable sources.
  • Make sure that claims are backed by reputable reporting or independent documentation.
  • Provide additional evidence to demonstrate systemic relevance and factual accuracy. For example:
    • Avoid: Claims based entirely on personal anecdotes or hearsay without supporting documentation.
    • Include: Corporate policies, internal communications, receipts, repair logs, verifiable video evidence, or credible investigative reports.

If you believe this notice has been placed in error, or once the article has been updated to address these concerns, please visit the Moderator's noticeboard, or the #appeals channel on our Discord server: Join here.


Malwarebytes
Basic Information
Release Year 2007
Product Type Anti-virus, Software
In Production Yes
Official Website https://malwarebytes.com/


Malwarebytes is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by Malwarebytes Corporation. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a scanner.

Consumer impact summary

Overview of concerns that arise from the conduct towards users of the product (if applicable):

  • User Freedom
  • User Privacy
  • Business Model
  • Market Control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


Incidents

This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the Malwarebytes category.

Privacy VPN (2020)

In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:[1]

One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.

However, Malwarebytes VPN used to be based on Mullvad VPN until June 2025 and various open source tools,[2] and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner[3]. The software is based on open source code, used without contributing back:

These are the embedded dependencies:

Privacy Policy

Malwarebytes Privacy Policy contains various privacy concerning points:[2]

  • Operates under the EU Privacy Shield (declared illegal by the ECJ in July 2020)
  • The Data Retention section states:

    We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.

  • The International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework section violates the GDPR:

    Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.

Data collection

Malwarebytes is collecting the following data via its different products:[2]

  • A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address
  • The type of connection (dialup/broadband/satellite/mobile)
  • The ISP through which the connection is made
  • The organization to which the IP address is licensed
  • The operating system the program is installed on
  • The system language in use on that system
  • The processor architecture (i.e., 32- or 64-bit)
  • The file system in use (i.e., FAT32)
  • Information from the Windows Security/Action Center, including security settings and programs installed or in use
  • Information about other Malwarebytes program settings and how they are configured
  • Information about the use of the software or services ("Log Data")

The Functional Data section of the privacy policy states:

We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.

Malwarebytes website also contains ads, trackers and third-party cookies.[7] Also, on each webpage, a seemingly harmless GIF file (https://genesis.malwarebytes.com/api/v1/wai.gif) is being loaded. The GIF returns JSON data, which is possibly being used for fingerprinting.[2]

See also

Link to relevant theme articles or companies with similar incidents.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


References

  1. "Introducing Malwarebytes Privacy". Malwarebytes Labs. 23 Apr 2020. Archived from the original on 26 Dec 2025. Retrieved 15 Mar 2025.
  2. 2.0 2.1 2.2 2.3 Voisin, Julien (10 Oct 2021). "Malwarebytes' privacy VPN is Mullvad in a shady trenchcoat". Artificial truth. Archived from the original on 8 Dec 2025. Retrieved 15 Mar 2025.
  3. "Partnerships and Resellers". Mullvad. Archived from the original on 27 Jan 2026. Retrieved 15 Mar 2025.
  4. "OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities". Tenable. Archived from the original on 8 Sep 2025. Retrieved 15 Mar 2025.
  5. "openssl@1.1.0 vulnerabilities". snyk. Archived from the original on 8 Jul 2025. Retrieved 15 Mar 2025.
  6. "pcre vulnerabilities". snyk. Archived from the original on 8 Jul 2025. Retrieved 15 Mar 2025.
  7. "malwarebytes.com — Blacklight Search Results". The Markup. Archived from the original on 8 Jul 2025. Retrieved 13 Jul 2025.
Filed under