Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…...

Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets...

Scam compounds hiring “AI models” to seal the deal in deepfake video calls

Scam compounds in Southeast Asia have already become modern slave farms, trapping victims and forcing many of them to become scammers for them. Now they've added another type of worker to the mix: so-called AI models. These professional scammers conduct video calls with their targets, charming th...

The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses...

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers no...

Police Bust Crypto Scammers, Nab Smishing SMS Blaster Operator

Thai police arrest SMS Blaster operator in smishing scam and bust crypto laundering gang moving $30M monthly through…...

Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them...

Litecoin Security: How to Spot, Avoid, and Recover from Crypto Scams

It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning…...

Biggest Crypto Scam Tactics in 2024 and How to Avoid Them

Stay alert to crypto scams with our guide to 2024's top threats, including phishing, malware, Ponzi schemes, and…...

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs: Europol takes down criminal data hub Manson Market in busy month for law enforcement Americans urged to use encrypted messaging after large, ongoing cyberattack Crypto’s rising value likely to bring new wave of scams AI chatbot provider exposes 346,000 customer...

Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts

He just untangled a $243 million bitcoin theft, what may be the biggest-ever crypto heist to target a single victim. And he has never shown his face...

YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes

By Waqas Bitdefender's latest research reveals that crypto scams on YouTube are at an all-time high, with no sign of slowing down in the near future. This is a post from HackRead.com Read the original post: YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes...

SEC X account hacked to hawk crypto-scams

We have seen several high-profile accounts that were taken over on X formerly Twitter only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds ETFs. The latest victim in this line-up is the Securities and Exchange Commission SEC. The...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

YouTube shows ads for ad blocker, financial scams

After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental...

Stream-Jacking: Malicious YouTube Livestreams Aid Malware, Crypto Scams

By Deeba Ahmed Bitdefender reports a surge in Stream-Jacking attacks on popular YouTube channels, distributing crypto scams and information stealers such as Redline. This is a post from HackRead.com Read the original post: Stream-Jacking: Malicious YouTube Livestreams Aid Malware, Crypto Scams...

North Korean APTs Stole ~$400M in Crypto in 2021

Vast amounts of cash sloshing around in cryptocurrency markets are proving irresistible for cybercriminals and scammers of all kinds. From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors – often with dubious understanding o...

Bogus Cryptomining Apps Infest Google Play

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. They may have been removed, but researchers at Trend Micro noted...

A week in security (July 19 – July 25)

Last week on Malwarebytes Labs: Stopransomwaredotgov, a one-stop hub for ransomware resources Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT Remcos RAT delivered via Visual Basic US, EU, UK, NATO blame China for “reckless” exchange attacks HiveNightmare zero-day lets anyone be...