A week in security (May 19 – May 25)

Last week on Malwarebytes Labs: Lumma information stealer infrastructure disrupted Stalkerware apps go dark after data breach Scammers are using AI to impersonate senior officials, warns FBI 23andMe and its customers’ genetic data bought by a pharmaceutical org Malware-infected printer delivered...

Stalkerware apps go dark after data breach

A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation. Now Malwarebytes has learned that the company has taken down other apps too. Back in February, news emerged of a stalkerware app compromise...

Mobile device monitoring services do not authenticate API requests

Overview The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability. These services and their associated apps can be used to perform non-consensual,...