Cylance Accused of Distributing Fake Malware Samples To Customers To Close Deals

New submitter nyman19 writes: Ars Technica reports how security vendor Cylance has been distributing non-functioning malware samples to prospective customers in order to "close the sale[s] by providing files that other products wouldn't detect" According to the report: "A systems engineer at a large company was evaluating security software products when he discovered something suspicious. One of the vendors [Cylance] had provided a set of malware samples to test -- 48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a 'next generation' endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question -- and found that seven weren't malware at all."

Fraud

[mfh]

Jail time for anyone involved, or we will keep seeing fauds like this in the IT safety community. I have no tolerance for unethical people in this business and neither should you!

Not surprising at all...

[Midnight_Falcon]

I was looking at next-gen AV solutions and came across Cylance. I saw a demo of their software -- which consisted of two VMs, one running AVG and another Cylance. The AVG one only got about 20% of samples picked by the sales peson from VirusTotal. Cylance got 100%.

Why?

Because Cylance uses the VirusTotal API! So, of course it would get all these samples..using simple SHA1 hash checksums.

Their sales team seems to focus on low-skill (read: fix the copier, what's devops?) IT departments with smoke and mirrors tactics like this. I called it out right away, and went with a competing product. But based on that scammy behavior, this doesn't seem far off.