CVE-2019-6739

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

CVE-2019-6739

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

CVE-2019-6739

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

CVE-2019-6739

CVE-2019-6739 affects Malwarebytes Anti-Malware (v3.6.1.2711). A vulnerability in URI handling within certain schemes allows remote code execution when a user visits a crafted web page. The root cause is improper sanitization of special characters in URIs, enabling arbitrary code execution in the...

Fake Instagram Apps on Google Play Harvest User Logins

Three apps on Google Play claiming to help Instagram users amass followers have been found stealing usernames and passwords for the social photo service. The fake apps were uncovered by Malwarebytes, and are still available, according to Nathan Collier, a security researcher with the firm. “As th...

Awakening the beast: BatMobi adware

On February 12, a patron of the Malwarebytes Forum alerted us of an issue with ad redirects that seemed to come out of nowhere. An outcry from other commenters filled the forum thread, all experiencing the same redirects to the same exact websites. Our web protection team traced the offending...

A week in security (March 11 – 17)

Last week on Malwarebytes Labs, we looked at the Lazarus group in our series about APT groups, we discussed the introduction of Payment Service Directive 2 PSD2 in the EU, we tackled Google’s Nest fiasco, and the launch of Mozilla's Firefox Send. In addition, we gave you an overview of the...

Emotet revisited: pervasive threat still a danger to businesses

One of the most common and pervasive threats for businesses today is Emotet, a banking Trojan turned downloader that has been on our list of top 10 detections for many months in a row. Emotet, which Malwarebytes detects as Trojan.Emotet, has been leveled at consumers and organizations across the...

A week in security (March 4 – 11)

Last week, Malwarebytes Labs released its in-depth, international data privacy survey of nearly 4,000 individuals, revealing that every generation, including Millennials, cares about online privacy. We also covered a novel case of zombie email that involved a very much alive account user, delved...

Google Chrome zero-day: Now is the time to update and restart your browser

Update 2019-03-21 A proof of concept for CVE-2019-5786 was published by Exodus Intel. In our earlier post we exercised caution before claiming we would have blocked this zero-day, but we can now say with confidence that an older version of Malwarebytes 1.12.1.122 would have mitigated this attack:...

A week in security (February 18 – 24)

Last week on Malwarebytes Labs, we explored the world of crack hunting, gave you a 101 on the world of bots and their threats and advantages, and took a look at some clever phishing scams. We also explained how a Mac fends off malware, posted a handy “lazy person's guide to cybersecurity,” and du...

Malwarebytes Anti-Malware URI Handler Remote Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Anti-Malware. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs...

New critical vulnerability discovered in open-source office suites

A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions. In...

Analyzing a new stealer written in Golang

Golang Go is a relatively new programming language, and it is not common to find malware written in it. However, new variants written in Go are slowly emerging, presenting a challenge to malware analysts. Applications written in this language are bulky and look much different under a debugger fro...

Interview with a malware hunter: Jérôme Segura

In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A...

A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)

Potentially Unwanted Programs PUPs: the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from...

Improved Fallout EK comes back after short hiatus

Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...

Underminer exploit kit improves in its latest iteration

One of the most interesting exploit kits we track is also a bit of an elusive one, and as such does not receive the same scrutiny as its RIG and Fallout counterparts. Underminer was mentioned in our Fall 2018 round up, and at the time was using CVE-2018-8174 Internet Explorer and CVE-2018-4878...

A week in security (December 3 – 9)

Last week on Malwarebytes Labs, we gave readers an FYI on multiple breaches that affected Humble Bundle, Quora, and Dunkin' Donuts, to name a few. This follows the announcement from Marriott about a four-year-long breach that impacted half a billion of its patrons. We also pushed out the report,...