Enterprise SEO Cloud Crawler Flagged by Malwarebytes Browser Guard

🚨 CYBERSECURITY: I’m working on enterprise SEO projects. I was comparing cloud crawlers such as SiteBulb Cloud, Lumar, OnCrawl, and Jet Octopus.

My goal? To perform comprehensive technical SEO audits and analyze up to 10 million URLs simultaneously. Log file analysis not needed because I will use an enterprise stack: Elasticsearch + Kibana + Beats + Logstash.

Anyway, while researching, I discovered that Jet Octopus had been flagged by the cybersecurity firm Malwarebytes via its popular Browser Guard extension which has 8,000,000 Chrome users and 493,911 Firefox users. That’s a LOT of active users!

For those unfamiliar with cyber threats or ancient history, a trojan horse is a malicious software that disguises itself as a legitimate program to:

⛔ Install other malware
⛔ Damage or deleting files
⛔ Create a backdoor for remote access
⛔ Use your computer to be part of a botnet
⛔ Steal sensitive data (passwords, credit card details, etc.)

⚠️ Such severe warnings can impact the financial performance of companies being flagged. Their websites are blocked. The brand’s trustworthiness and credibility instantly go down. Prospects and customers are legitimately scared. They do NOT click through. The conversion rates immediately go down. And the company loses money.

🔴 I would react as quickly as possible because there might be a serious security issue. But could it be something else? Actually… YES!

❌ This could also be a WEAPONIZED FALSE POSITIVE caused by malicious actors targeting Jet Octopus by sending all the wrong signals to different cybersecurity firms through a combination of sophisticated techniques.

I just tested using Google and Bing. I’ve tested on different operating systems and multiple web browsers. Same result. Logical because the flagging happens at the web browser extension level.

After a series of tests on Chrome (Desktop), the simple organic search query “𝘑𝘦𝘵 𝘖𝘤𝘵𝘰𝘱𝘶𝘴” on Google Search triggered the warning… without even clicking on the .com domain name! 👀

I reported this incident directly to the companies concerned. Serge, the CTO of Jet Octopus, immediately reacted to my Linkedin post (on a Saturday night).

That’s a pretty interesting case; we never had any malware or any other phishing scripts on the website.
Neither Google nor Bing doesn’t mark Jet Octopus as a problematic website.
We gonna contact Malwarebytes for this false positive case.
thanks for pointing to this

— Serge Bezborodov

My comment reply

I mentioned the possibility of a weaponized false positive because I suspect it could be intentional. This could be the OPPOSITE of a heuristic evasion! With almost 10 million active Browser Guard users, this could escalate because Malwarebytes data is highly credible.

And some malicious actors are now targeting SEO professionals. Completely different but here is the article Jérôme Segura and I co-authored a few days ago… and the target was Semrush!

— Elie Berreby

To read the article I mentioned, this time regarding a Google Ads scam, search for

“Semrush impersonation scam hits Google Ads”

UPDATE: Jérôme Segura, Senior Director of Research at Malwarebytes, replied to my post and notified my followers that their cybersecurity firm had escalated the issue internally.

Less than 12 hours later, Serge Bezborodov, the CTO of Jet Octopus, got the confirmation (via JPopovic on the Malwarebytes forum) that the flagging + block would be removed! Mission accomplished 🙂