Dropbox problems—turned out to be a fake app

I downloaded what purported to be the latest version of DropBox and paid the fee ($15). Version 3.0.4 (4449). I can’t figure out how to use it yet, but I began to wonder whether it’s a fake. If I click on the profile button it says “Sing out” rather than “Sign out” and below that the word “Actions” is misspelled “Acctions.”

I just want to move a bunch of photos I have uploaded into a folder and share them with the office I volunteer for.

Do I need to get rid of this thing?

Sounds odd.

Dropbox is free for 2GB of storage. More than that and you have to sign up for a plan. I can’t get the US version but the UK plans are here.

The latest stable version is 220.4.4126.

It looks like I indeed downloaded a fake. I deleted every file I could find related to it. I then navigated more carefully to the DropBox site, downloaded the free copy and installed it. It now looks and functions like the old version.

Looks like i’m out $15. Hope it didn’t leave anything nasty on my iMac.

1 Like

I would encourage you to run Malwarebytes too, just in case this fake Dropbox installed some malware deep within the system.

1 Like

Is there still a free version of Malwarebytes? What I’m seeing looks pretty pricey.

FWIW, I needed to send a bunch of photos through Dropbox last night after not using it for 2 or 3 years, and in the process downloaded a new version with no request for payment. The version of Dropbox on my Mac evidently took me to the right place needed for the upgrade.

Is there still a free version of Malwarebytes? What I’m seeing looks pretty pricey

Yes as I said earlier but it is limited to 2GB. Also a three device limit.

EDIT duh! some reason I missed the “Malwarebytes”…apologies

Found the free version. It didn’t find anything amiss on my iMac.

And you likely gave your credit card information to a scammer. Need likely ask for a new card. And if a debit card lock it ASAP.

1 Like

If you don’t mind telling us, how were you led to a scam download? Did a link appear at the top of a Google search? Or did you follow a hyperlink in an email? Or was it something else?

(I’m asking both to help anybody who reads this thread in the future and because there’s a related recent discussion about scam phone numbers)

1 Like

Yes, it was an official-looking link at the top of a Google search.

3 Likes

AppDelete does a good job of getting rid of an app and associated files.

I wouldn’t trust Google results without doing some extra checking of the results. Using DuckDuckGo, I get the correct result:

2 Likes

You can still run manual scans for free, but you have to be really careful not to fall for the nagware aspect, which has been increasing.

“Official looking” is not hard for any Tom, Dick, or Harry to accomplish. Always check the URL of any download page very carefully. I always go straight to the publisher’s site if it’s not an App Store offering.

4 Likes

Someone really ought to sue Google for being complicit in these scams. The only way they’re going to end is if the search engines start being a little more careful about the advertising they accept and the misuse of trademarks.

2 Likes

In addition to getting a new credit card number, make sure you change your dropbox password - presumably you tried to enter that into the fake software and gave your password to the scammers. They may have access to all your files.

1 Like

Never managed to do anything with the fake. No password.

You’ve learned a valuable lesson. Pay attention to details when installing software. Use the App Store when possible and go direct to 3rd party developer websites to install software. For example, you should have just gone right to dropbox.com and downloaded the official software.

Was the installer a PKG file or a DMG?

Mothers Ruin has wonderful apps to inspect PKGs and App Bundles as well as binaries.

DMG images where you mount and drag and drop to /Applications have everything contained inside the app bundle. (usually) so deleting an app from /Applications is very likely to remove it entirely except for some trace items in ~/Library, etc.

While PKG files are far more dangerous they contain a hierarchal tree of full paths where the files will be copied. It can also run any sort of script or binary executable. Inspecting pkg installers is a must in corporate IT.

Supply chain attacks are becoming more common. Bad actors could have replaced the official PKG with a malicious one, etc. So we always test everything before deploying it to user Macs.