441 matches found
Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing…...
QuickBooks popup scam still being delivered via Google ads
Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We've seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a pho...
Advertisers are pushing ad and pop-up blockers using old tricks
Despite the countermeasures some services are taking against well-known ad blockers, lots of people now use one. This is no doubt due to increased privacy concerns around online tracking, along with the growing number of ads per site. And where there is money to be made, you’ll find social...
Warning: Online shopping threats to avoid this Black Friday and Cyber Monday
.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id1206714424da-98margin-top:0px;margin-bottom:var--global-kb-spacing-xl, 4rem;.kb-row-layout-id1206714424da-98 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id1206714424da-98 .kt-row-column-wrap...
A week in security (November 4 – November 10)
Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...
Large eBay malvertising campaign leads to scams
Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared...
Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer
A malvertising campaign is exploiting Meta's platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…...
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute an information stealer known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs...
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. WarmCookie, observed being used for initial access and persistence, offers a means for continuous long-term access to compromised environments and is used...
Google Search user interface: A/B testing shows security concerns remain
For the past few days, Google has been A/B testing some subtle visual changes to its user interface for the search results page. You may only get the new UI for certain types of searches or based on your current geolocation. This test is not to be confused with but could part of a previously...
Large scale Google Ads campaign targets utility software
After what seemed like a long hiatus, we've observed threat actors returning to malvertising to drop malware disguised as software downloads. The campaign we identified is high-impact, going after utility software such as Slack, Notion, Calendly, Odoo, Basecamp, and others. For this blog, we...
A week in security (September 2 – September 8)
Last week on Malwarebytes Labs: Lowe’s employees phished via Google ads Planned Parenthood partly offline after ransomware attack "Hello pervert" sextortion scam includes new threat of Pegasus—and a picture of your home How to avoid election related scams London’s city transport hit by...
Lowe’s employees phished via Google ads
In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowes has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits. Lowes employees who searched for "myloweslife" during th...
Fake Canva home page leads to browser lock
In a previous blog post, we showed how fraudsters were leveraging features from the very company Microsoft they were impersonating. We continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to...
Fraudulent Slack ad shows malvertiser’s patience and skills
In the past year alone, we have reported almost five hundred unique malvertising incidents related to Google search ads. While it can be difficult to attribute each incident to a specific threat actor, we usually notice similarities between campaigns. Some malvertisers go to great lengths to bypa...
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...
Dozens of Google products targeted by scammers via malicious search ads
In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Googles entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and...
Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges
A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency NCA has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau aka Maksym Silnikov, 38, went by the onli...
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack...
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites...