Verify Malwarebytes for Mac hasn't been tampered

Version 11

    We do not publish checksums of Malwarebytes for Mac on our website, for a couple reasons. First, checksums are a poor method of verifying the integrity of an app. If you suppose that a hacker has replaced the app on a developer’s website with a hacked copy, then the checksum could just as easily have been replaced.

     

    Second, keeping checksums updated is a pain.

     

    A code signature is a far better option. Code signatures can be validated independently, and are an important aspect of security on macOS. Both the Malwarebytes for Mac installer and the app are cryptographically signed.

     

    Verifying the installer

     

    To verify the installer for Malwarebytes 3.0 prior to installation, perform the following steps:

     

    • Open the Malwarebytes-3.x.y.zzz.dmg file that you downloaded from our website.
    • Open the Terminal app (found in the Utilities folder in the Applications folder)
    • Execute the following command in the Terminal:

            pkgutil --check-signature "/Volumes/Malwarebytes/Install Malwarebytes 3.pkg"

    • Note: if the installer is in a different location, you can insert the path to the installer by dragging the .pkg file onto the Terminal window.

     

    If the output of this command says that the package is invalid, it has been tampered with and should not be installed.

     

    In addition, if the output shows anything other than Malwarebytes Corporation (GVZRY6KDKR) as the first entry in the certificate chain, then the installer has been tampered with and re-signed by someone else, and should not be installed.

     

    Verifying the application

     

    To verify that the application itself has not been modified, the following steps will be required.

     

    • Open System Preferences from the Apple menu, then click the Security & Privacy icon
    • If "Allow apps downloaded from" is set to "App Store":
      • Unlock the Security & Privacy settings by clicking the lock in the bottom left corner of the window
      • Temporarily set "Allow apps downloaded from" to "App Store and identified developers
    • Open the Terminal app (found in the Utilities folder in the Applications folder)
    • Execute the following command in the Terminal:

           codesign -dvvv /Applications/Malwarebytes.app

    • Then execute the following command:

       spctl --assess --verbose=4 /Applications/Malwarebytes.app

    • (Note that, if the application is in a different location, you can insert the path to the app by dragging it onto the Terminal window.)
    • If you changed the "Allow apps downloaded from" setting, you can change it back now

     

    The output from the first command should indicate that the authority is Malwarebytes Corporation (GVZRY6KDKR). The second command will output the following if the application's signature is valid:

    /Applications/Malwarebytes.app: accepted

    source=Developer ID

     

    If the application has been tampered with, it will instead display:

    /Applications/Malwarebytes.app: invalid resource directory (directory or signature have been modified)