A look into the global drive-by cryptocurrency mining phenomenon

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser. JavaScript-based mining is cross-platform compatible and works on all modern...

Traditional AV solutions shown ineffective in real-time global heat map

It's no secret that antivirus technology AV has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to...

Our computers, ourselves: digital vs. biological security

Though by night I fight malware alongside the rest of the Malwarebytes research team, by day I work as a doctoral student in Immunobiology at Yale University, where I study the development of the immune system in your bone marrow. This grants me a unique perspective, as I’ve studied both the...

BadRabbit ransomware strikes Eastern Europe

A new strain of ransomware called BadRabbit is spreading through Eastern Europe. Likely created by the same authors as the Petya/Not Petya ransomware outbreak in June, BadRabbit ransomware uses a website to drop a fake Flash update and then drops its payload. Click to view slideshow. Countries we...

When an “Outstanding” rating from CNET isn’t enough

The editors at respected tech site CNET/Download.com recently awarded Malwarebytes for Windows with an “outstanding” rating of 4.5 stars out of five. In the review, editor Tom McNamara recommended Malwarebytes because the scanning engine is of “high quality,” it works well with Windows 10, and do...

Why is Malwarebytes blocking CoinHive?

If you've encountered a Malwarebytes web protection block for coinhive.com over the last few weeks, you are either glad about it, angry about it, or don't really care. Since September 19, the second most frequently blocked website for our customers has been coinhive.com, and when we observe that...

Exhibition: it-sa Nuremberg

Scroll down for the German version of this post. Since 2009, security professionals, developers, and product providers have shared their ideas and platforms at it-sa, a security exhibition in the Exhibition Centre in Nuremberg, Germany. This year, it-sa featured 629 exhibitors including...

Labs report: summer ushers in unprecedented season of breaches

In this edition of the Malwarebytes Cybercrime Tactics and Techniques report for the third quarter of 2017, we saw a number of high profile breaches targeting the personal information of hundreds of millions of people. While the Equifax breach may have dominated the news cycle, notable attacks...

Solution Corner: Malwarebytes for Mac

Mac users have been told for years: Macs don't get viruses. Even Apple said so, in their famous Get a Mac ads that aired a decade ago. Wow, that's so cool! It's good to know we're all safe. Now, on a different topic, can you tell me why Safari is going to a Russian search engine instead of Google...

Locky ransomware returns to the game with two new flavors

We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with a new extension, but went dark again for...

A week in security (July 31 – August 6)

Last week we explored some basic PowerShell commands, dived into the new methods used by TrickBot, and wrote at length about the Magnitude exploit kit redirection chain. Our teams were busy at both BlackHat and DefCon, and outside of those famous hallways, we also took time to fire up some basic...

Black Hat USA 2017 Recap

What do you get when you put hackers, gambling, and dogs together? Black Hat USA 2017 …and a random zoo conference happening next door. Last week, we wrapped up another successful trip to Las Vegas for Black Hat. For those of you who couldn’t make it or had too much Vegas fun and need a reminder ...

Mobile Menace Monday: Malicious clicker with extra maliciousness included

A new malicious clicker has emerged onto third-party app stores. Chinese in origin, the malicious app uses heavy obfuscation and poses as a battery optimizer app. We classify is as Android/Trojan.Clicker.hyj. Click to view slideshow. Hide what’s inside To obfuscate its code, Clicker.hyj uses an A...

The state of ransomware among SMBs

In a report conducted by Osterman Research and sponsored by Malwarebytes, more than 1,000 small and medium-sized businesses were surveyed in June 2017 about ransomware and other critical security issues. What we discovered was surprising—ransomware authors aren’t only targeting enterprise...

Adware the series, the final: Tools section

So far in this series, we have handed you some methods to recognize and remediate adware. We used this diagram as a guideline. During this journey, we have touched upon several free tools that we used to get some insight on what type of infection we were dealing with and where the adware could be...

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...

Learning PowerShell: The basics

I bet I went about learning PowerShell the wrong way, so I may need your help, readers of this blog. If only to organize my knowledge and use it for the fight against malware and not just to figure out how it was used in malware. The first serious look I had at PowerShell was when I was trying to...

EternalPetya and the lost Salsa20 key

We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. The research is still in progress, and the full report will be published soon. In this post, we will focus on some new important aspects of the current malware. The low-level attac...

A week in security (June 19 – June 25)

Last week, we expanded on all the different technologies that Malwarebytes uses to break the attack chain and our Incident Response solution. We also warned you about a Roblox Robux generator scam and a phish targeting customers of Barclays Bank. Below are notable news stories and security-relate...

Solution Corner: Malwarebytes Incident Response

Unless you’ve been stuck at a fiery music festival, I don’t need to tell you the threat landscape is constantly evolving and that threats have become increasingly sophisticated at evading detection. Recent Malwarebytes Labs reports, including the 2017 State of Malware shine a light on just how fa...