Why Malwarebytes communicates to your Mullvad

If you have Malwarebytes, check your version number.

disclaimer

Everyone has their own opinion, however, this is an official partner of Mullvad, I assume the Mullvad team is smart about the brands they productively partner with.

Malwarebytes for Windows communicates with a server in Sweden
host.ipv4.am.i.mullvad.net

During my exploration of Lulu alternatives such as Little Snitch
(thanks to the creator of this thread, yesterday I decided to get to know about that product in practice)

I found that the MacOS version (5.4.1) does the same thing.

What could this be related to?

The first thing that comes to mind:


source

I was able to stop the connections using a firewall.

But what should I do if using a firewall is not an option?

Users do not have this latest version of Malwarebytes installed by auto-updates

First of all, let me know if this topic was useful for you, it motivates me to continue or try other formats.

thank you
  • yes
  • heard about it, but it was interesting
  • no
0 voters

And now the main thing:


2 options if you are using Malwarebytes and do not have a firewall that can suppress unnecessary connections caused by the bug.
(add more options, I would be glad, юмор приветствуется)

  1. If you manually download and install the latest version 5.5.3 the connections stop

  2. additionally try this option,
    check for updates manually by going to Malwarebytes menu → Check for updates.

It may be necessary to make a check in the settings that you are interested in demo versions, but let me remind you that
knowledge on PG helped me realize the importance of stable versions

I suggest you consider solutions that include manual management of Internet traffic.

2 Likes

This is most likely due to that the “Privacy VPN” of malwarebytes is using Mullvad servers.

Generally speaking i would not recommend to use any AV on windows other than Defender/Windows Security.

1 Like

This is definitely due

A software bug

Aryna, from Malwarebytes staff confirmed.

Even if you bought a license without VPN and Malwarebutes VPN is disabled, connections still happen.

Additionally, I found incoming connections wrom the same IP address to the device (ICMP protocol)

from:

Mullvad Daemon with root privileges.

macOS wifivelocityd

why?!

probably for this reason

“wifivelocityd” is part of the macOS WiFiVelocity framework. It is responsible for collecting statistics of the WiFi network quality. This process may contact your router and Apple servers, probably in order to determine over-all network throughput or latency.

For all those who stick to the gradations of Common Threats

I would like to remind you that there are threat models like:

the server to which they connect is in Malmo.


according to information from browser leaks

good Find!