Copycat Site Serves Up Raccoon Stealer

Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors. According to the security firm itself, the attackers set up the domain “malwarebytes-free.com” with a domain registrar in Russia in...

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on...

Malwarebytes AdwCleaner Code Issue Vulnerability (CNVD-2020-23411)

Malwarebytes AdwCleaner is a utility program from the American company Malwarebytes. The program is mainly used to scan and remove pre-installed software such as advertisements from Windows computers. A code issue vulnerability exists in Malwarebytes AdwCleaner version 8.0.3. The vulnerability ca...

CVE-2020-11507

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded...

CVE-2020-11507

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded...

CVE-2020-11507

CVE-2020-11507 relates to Malwarebytes AdwCleaner 8.0.3 and describes an Untrusted Search Path vulnerability that can lead to arbitrary code execution with SYSTEM privileges if a malicious DLL is loaded. Affected software: Malwarebytes AdwCleaner 8.0.3. Root cause: untrusted DLL search path handl...

CVE-2020-11507

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded...

Coronavirus scams, found and explained

Coronavirus has changed the face of the world, restricting countless individuals from dining at restaurants, working from cafes, and visiting their loved ones. But for cybercriminals, this global pandemic is expanding their horizons. In the past week, Malwarebytes discovered multiple email scams...

International Women’s Day: awareness of stalkerware, monitoring, and spyware apps on the rise

Nine months ago, Malwarbytes recommitted itself to detecting invasive monitoring apps that can lead to the excessive harm of women—most commonly known as stalkerware. We pledged to raise public awareness, reach out to advocacy groups, and share samples and intelligence with other security vendors...

Introducing Lock and Code: a Malwarebytes Labs podcast

Intrepid Labs readers might be happy to know that we're stepping into territory long-requested and desired: we're launching a podcast. Malwarebytes researchers and reporters are on the front lines of cybercrime, delivering both fast-breaking news and thoughtful features on our blog to raise...

Malwarebytes Anti-Malware Remote Code Execution (CVE-2019-6739)

A remote code execution vulnerability exists in Malwarebytes Anti-Malware. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by enticing a us...

Android Trojan xHelper uses persistent re-infection tactics: here’s how to remove

We first stumbled upon the nasty Android Trojan xHelper, a stealthy malware dropper, in May 2019. By mid-summer 2019, xHelper was topping our detection charts—so we wrote an article about it. After the blog, we thought the case was closed on xHelper. Then a tech savvy user reached out to us in...

Malwarebytes Labs releases 2020 State of Malware Report

Today is Safer Internet Day—and what better way to celebrate/pay homage than to immerse yourself in research on the latest in malware, exploits, PUPs, web threats, and data privacy? It so happens we've got just the right content to kick-start the party because today we released the results of our...

Adposhel adware takes over browser push notifications administration

Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the...

Lifeline Assistance Phone Users Targeted with 'Uninstallable' Adware

Government-funded, low-cost cell phones are shipping with pre-installed malware aimed at bombing users with unwanted ads, according to researchers. The UMX U686CL Android-based phone, which is made available to low-income citizens in the U.S. via the Lifeline Assistance Program for $35, uses a...

CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

Design/Logic Flaw

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

CVE-2019-19929

CVE-2019-19929 describes an Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 . The issue allows arbitrary code execution with SYSTEM privileges when a malicious DLL is loaded by the product. Affected component is the AdwCleaner installer/runtime loader, with the root ca...

CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...