6 sure signs someone is phishing you—besides email

There are several common and, unfortunately, frequently successful avenues of attack that cybercriminals can use to part you from your personal contact and financial information. These phishing attack methods include email, phone calls, corrupted software or apps, social media, advertisements, an...

A month of giveaway spam on Twitter

We've observed a low level spam campaign working its way through Twitter, with just under 2,000 posts visible on public search since September 1. Click to enlarge The posts promote what appears to be CBD oil. For those who don't know And I was one of them—still not sure if this oil is supposed to...

The many faces of omnichannel fraud

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential client...

Mac App Store apps are stealing user data

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. This is referred to as exfiltrating the data. Some of this data is actuall...

Trojans: What’s the real deal?

The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for Trojan is, in fact, their big wooden horse thingy vs. computer infections or dubious businesses. Sorry, fictional ancient Greek warriors. It’s not that we don't think you'...

Internet Safety Month: How to manage your child’s online presence

When you hear the term "reputation risk management," you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off. As companies grow, so...

A week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be...

General Motors suffers credential stuffing attack

American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and...

Stolen Nvidia certificates used to sign malware—here’s what to do

As we wrote on March 3, 2022 Nvidia, was recently attacked by the LAPSUS$ ransomware group. The ensuing data leak included two of NVIDIA’s code signing certificates. Those certificates are now being used to sign malware. Leaked signing certificates from major vendors like Nvidia come with huge...

[updated]QNAP update stops Deadbolt ransomware, annoys some users, starts debate

Earlier this week 25 January, 2022 news broke that a ransomware group was targeting QNAP Network Attached Storage NAS devices. The threat actors claimed the attack was based on a zero-day vulnerability specific to the devices. Today QNAP® Systems, Inc. QNAP pushed out an automatic, forced, update...

Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of t...

What does WiFi stand for?

We use WiFi to connect to the Internet, but what is it, and what does it stand for? How does it have such a catchy name, and why do we sometimes have a weak Internet connection with a strong WiFi signal and vice versa? Read on to answer these questions and more. What does WiFi mean? Many people...

A week in security (April 19 – 25)

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the...

REvil ransomware’s calling, and it’s not good news

The REvil ransomware AKA Sodinokibi, which operates as a Ransomware as a Service is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposur...

Why Data Privacy Day matters: A Lock and Code special with Mozilla, DuckDuckGo, and EFF

You can read our full-length blog here about the importance of Data Privacy Day and data privacy in general Today is a special day, not just because January 28 marks Data Privacy Day in the United States and in several countries across the world, but because it also marks the return of our hit...

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect...

A week in security (August 19 – 25)

Last week on Malwarebytes Labs, we reported on the presence of Magecart on a type of poker software; outlined how the Key Negotiation of Bluetooth KNOB attack works; followed the money on a Bitcoin sextortion campaign; looked back at DEF CON 27; and reported on continuing ransomware attacks on...

Compromising vital infrastructure: water management

It’s probably unnecessary to explain why water management is considered part of our vital infrastructure, but it's a wider field than you might expect—and almost every one of its components can be integral to our survival. We all need clean water to drink. As much as I like my coffee, I can't mak...

When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained

Gone are the days when eavesdropping is just the stuff of spies and the town gossip. In fact, it has evolved to become everyone’s favorite pastime. Thanks to the internet, it is exponentially easier now more than ever to idle by and catch juicy information than to press your ear against your...

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for...

Investors concerned about smartphone addiction; Apple responds with new webpage

Hot on the heels of an open letter from investors urging Apple to do more to protect children from smartphone addiction, the tech giant has recently dedicated a page on their website to families. The "Families" page, which can be accessed at apple.com/families, contains tools parents can use to s...

International Women’s Day: Women in tech share their stories

From the metoo movement to Oprah's Time's Up speech to the women's marches on cities throughout the world—it's been a banner year for women's rights. And on this International Women's Day, we wanted to do more than pay lip service to the changes in feminist dialogue. After all, tech is an industr...

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained multiple components that were not-so-new. Among the exploits, the newest was from 2016. Avzhan is also not a recent malware—the compilation timestamp of the...

Silence is golden partner for Truebot and Clop ransomware

A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...

WPGateway WordPress plugin vulnerability could allow full site takeover

Theres been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out...

A week in security (Nov 29 – Dec 5)

Last week on Malwarebytes Labs: CronRAT targets Linux servers with e-commerce attacks Hackers all over the world are targeting Tasmania’s emergency services Massive faceprint scraping company Clearview AI hauled over the coals Most people aren’t upgrading to Windows 11: Not the end of the world...

The Olympics: a timeline of scams, hacks, and malware

The 2020 Olympics are, after a bit of a delayed start, officially in full swing. So too is the possibility for scammers to crawl out of the woodwork. And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games ha...

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

Ransomware’s Russia problem

This blog post was written in collaboration with members of the Threat Intelligence Team. Last week, US news outlet NBC News caused a stir with an article proclaiming that the REvil ransomware used in the recent, colossal Kaseya supply-chain attack was "written to avoid computers that use Russian...

DNS-over-HTTPS takes another small step towards global domination

Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...

How to choose the best VPN for you

If you’ve been shopping for a VPN service in 2021, you’ve probably noticed how many providers are available. Using a personal VPN has grown in popularity in recent years, and for good reason. You may no longer be asking, “Should I use one,” but rather, “Which one should I choose?” The answer migh...

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this...

A week in security (January 25 – January 31)

January 28 was Data Privacy Day, but for Malwarebytes Labs, it was Data Privacy Week. As such, were packed with more privacy coverage than you can shake a stick at, starting with some practical steps on how to make your online life private and secure, and why privacy is core to a safer internet. ...

Instagram clamps down on fake messages with anti-phishing tool

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the...

Facial recognition technology: force for good or privacy threat?

All across the world, governments and corporations are looking to invest in or develop facial recognition technology. From law enforcement to marketing campaigns, facial recognition is poised to make a splashy entrance into the mainstream. Biometrics are big business, and third party contracts...

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendis...

Mobile Menace Monday: top five scariest mobile threats

In the spirit of this upcoming Halloween season, we thought we'd provide you with a list of the top five scariest mobile threats in our book. The list is organized from least to most haunting, based on my own humble opinion gathered from several years as a mobile threat researcher. Of course, my...

Official Cardi B website plagued by spammers

We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B or rather, for her web development team. At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see...

What’s in the spam mailbox this week?

We've seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look? The FBI wants to give you back your money First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you...

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being...

A week in security (May 28 – June 3)

Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...

A week in security (March 19 – March 25)

Last week, we looked at the growing problem of smartphone addiction, how link rot is continually slicing down portions of the web, and the theft of our intellectual property. We also explored the landscape of DDoS problems, and tackled a Stephen Hawking 419 scam. Other news What can only really b...

IMPORTANT: Web blocking / RAM usage announcement

On January 27, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it. For...

RIG exploit kit campaign gets deep into crypto craze

There isn't a day that goes by without a headline about yet another massive spike in Bitcoin valuation, or a story about someone mortgaging their house to purchase the hardware required to become a serious cryptocurrency miner. If many folks are thinking about joining the 'crypto craze' movement,...

10 tips for safe online shopping on Cyber Monday

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season. In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social...

New Android Trojan malware discovered in Google Play

A new piece of mobile malware has been discovered in Google Play masquerading as multiple apps: an alarm clock app, a QR scanner app, a compass app, a photo editor app, an Internet speed test app, and a file explorer app. According to Google Play data, all were last updated between October and...

A week in security (November 6 – November 12)

After coming out victorious in a case against PUPs, Malwarebytes CEO Marcin Kleczynski has this to say: We fought for our users and we won. -- Marcin Kleczynski @mkleczynski November 9, 2017 And my, do we feel like champions! You can read more about this here. Last week, we looked into the...

More trouble in Google Play land

This is not a good week for Google, it seems. After our mobile security experts repeatedly discovered adware on several apps on the Google Play store, our friends at Symantec have unearthed at least eight malicious apps that are found capable of adding affected mobile devices to a botnet. Accordi...

Equifax aftermath: How to protect against identity theft

Who here is scrambling around in the aftermath of the recent breach at Equifax to figure out if you've been compromised? Who here is wondering what to do about it if you are? If you're one of the 143 million Americans whose data was accessed by cybercriminals, then you probably raised your hand...