Tech support scam campaign targets Japanese visitors to PornHub

The Malwarebytes Threat Intelligence team has identified a malvertising campaign targeting Japanese users. The campaign they discovered was found to be using a cloaking technique to lure visitors of popular adult site PornHub to a decoy site at the domain mixhd.club. Cloaking Cloaking is a method...

Capcom Arcade Stadium’s record player numbers blamed on card mining

Some of my favourite retro video games are making waves on Steam, but not in the way you might think. Classics such as Strider, Ghosts n’ Goblins, and more are all available as content for Capcom Arcade Stadium. This is an emulator which lets you play 31 arcade games from the 80s/90s. The games...

Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either

Elon Musk is an incredibly popular target for scammers and spammers on social media. Attach his name to something he has no involvement in and watch it fly. Verified accounts on Twitter continue to be favourites for account compromise / fake Elon scams. Those often turn out to be Bitcoin related...

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on...

Cyber tips for safe online dating: How to avoid privacy gaffs, exploits, and scams

Research and reporting on this article were conducted by Labs writers Chris Boyd and David Ruiz. Dating apps have been mainstream for a long time now, with nearly every possible dating scene covered—casual, long-term, gay, poly, of the Jewish faith, interested only in farmers—whatever you're...

Web skimmer phishes credit card data via rogue payment service platform

Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant's checkout pa...

Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware

Today, Malwarebytes is announcing its participation in a joint effort to stop invasive digital surveillance: the Coalition Against Stalkerware. For years, Malwarebytes has detected and warned users about the potentially dangerous capabilities of stalkerware, an invasive threat that can rob...

Cyber insurance: here to stay, whether we like it or not

Cyber insurance has been a big talking point in infosec circles for many months now. We’ve mentioned it in passing ourselves a few times, usually in relation to ransomware attacks. This isn’t surprising; ransomware may not be the threat that brought cyber insurance to life, but it absolutely help...

International students in UK targeted by visa scammers

A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years. The scam works by presenting a threat to students’ immigration status and us...

A week in security (August 12 – 18)

Last week on Malwarebytes Labs, we took a look at the potential pitfalls of facial recognition technology, looked at ways domestic abuse survivors can secure their data, and explored the education threat landscape. We also kicked off a series looking at the Hidden Bee infection chain, and put...

A week in security (August 5 – 11)

Last week on Malwarebytes Labs, we explained how brain-machine interface BMI technology could usher in a world of Internet of Thoughts, why having backdoors is problematic, and how we can improve the security of our smart homes. To cap off Hacker Summer Camp week, the Labs team released a special...

Labs quarterly report finds ransomware’s gone rampant against businesses

Ransomware's back—so much so that we created an entire report on it. For 10 quarters, we've covered cybercrime tactics and techniques, covering a wide range of threats we saw lodged against consumers and businesses through our product telemetry, honeypots, and threat intelligence. We've looked at...

Facebook’s history betrays its privacy pivot

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised...

LoJack for computers used to attack European government bodies

Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate,...

Reversing malware in a custom format: Hidden Bee elements

Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can also be achieved by position-independent code—so-called shellcode. But when it comes to more complex elements or core modules, we almost take it for granted...

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software OSS ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a...

Vote for Malwarebytes Labs: European Security Blogger Awards 2018

It's nearly time for Infosec Europe 2018, and that means it's also time to consider voting for your favourite security blogs, podcasts, video channels, and more for the upcoming European Security Blogger Awards. Thanks to your generous votes, we've been fortunate enough to pick up the award for...

The data breach epidemic: no info is safe

By now it’s obvious that data security technology and protocols haven’t kept pace with the needs of consumers. Even as more people trust their most sensitive personal information to online apps and services, databases are routinely exposed. In 2017 alone, we learned about massive data breaches fr...

Singles’ Day deal seekers beware

Originally a day set aside for singles in China to be proud of their singlehood, Singles' Day has been transformed into what is arguably the world’s single largest e-commerce festival, thanks to the involvement of The Alibaba Group. In fact, the Alibaba Group alone reported $17.8 billion in sales...

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some...

Labs report: summer ushers in unprecedented season of breaches

In this edition of the Malwarebytes Cybercrime Tactics and Techniques report for the third quarter of 2017, we saw a number of high profile breaches targeting the personal information of hundreds of millions of people. While the Equifax breach may have dominated the news cycle, notable attacks...

A new kind of Apple phishing scam

In a recent blog post, Felix Krause revealed a method for phishing Apple ID passwords on iOS that would be quite indistinguishable from a real iOS password request. This got us thinking about the ramifications—how else could this tactic be used in the Apple ecosystem, and what kind of damage coul...

Make way for the GDPR: Is your business ready?

In Week 2 of National Cyber Security Awareness Month NCSAM, the spotlight is on businesses—particularly, their more profound need to take cybersecurity seriously in this age of breaches. And what better way for them to start this off than to think about how they can improve on handling and storin...

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity

This post was co-authored by David Sánchez and Jérôme Segura We recently came across a campaign targeting a Saudi Arabia Government entity via a malicious Word document which at first reminded us of an attack we had previously described on this blog. In our previous research, we detailed how an...

[Updated] Infected CCleaner downloads from official servers

Update 9/19/2017: Avast posted a clarification explaining what happened and giving a timeline of the events. One point we should take note of is that the breach preceded the take-over of Piriform by Avast. Users that are unsure whether they were affected by this and whether their data may have be...

Remediation vs. prevention: How to place your bets

Building a security environment for businesses these days is a gamble: layer on too much and your programs may be canceling each other out or causing redundancy and your leaders may be wondering why you're spending so much. Invest too little and get breached: it's snake eyes for you. Whether you...

Play Protect: Android’s new security system is now available

Play Protect, a security suite for Android devices, was originally introduced in mid-May of this year during the Google I/O conference. And in just a couple of months, the tech giant has made it available for all their mobile users. Play Protect is the amalgamation of Google’s Android security...

GitLab warns zero-click vulnerability could lead to account takeovers

GitLab has issued a warning about a critical vulnerability in GitLab Community Edition CE and Enterprise Edition EE. GitLab is an online DevOps platform that allows developers to collaborate on creating software. Organizations have a choice to install GitLab on their own servers or under GitLab’s...

Amazon Prime email scammer snatches defeat from the jaws of victory

More often than not, its our solemn duty on this site to keep you informed about the nature and tactics of dangerous, cunnning, and persistent cybercriminals. This is not one of those days. In fact, this is the oppposite of one of those days. This is about a passable spam email sent by a spammer...

2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions

MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection. The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat APT group with victims in over ...

KeePass vulnerability allows attackers to access the master password

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the...

Fake tractor fraudsters plague online transactions

The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks...

Update now! GitLab issues critical security release for RCE vulnerability

GitLab has released versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain important security fixes, and its recommended that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the...

Update Chrome now! Google issues patch for zero day spotted in the wild

Google updated the Stable channel for Chrome to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows , which will roll out over the comi...

Insecure password leads to Mangatoon data breach

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...

Update Chrome now: Four high risk vulnerabilities found

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released,...

Infamous dark net carding site UniCC to close

UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop for good, taking its affiliate site, LuxSocks, with it, too. According to Elliptic, a company that offers risk solutions for cryptoassets, the unknown UniCC administrators have made an...

Is your web browser vulnerable to data theft? XS-Leak explained

In recent news, IT security researchers from Ruhr-Universität Bochum RUB and the Niederrhein University of Applied Sciences have disclosed 14 new cross-site leak also known as XSLeak or XS-Leak attacks that can affects modern browsers, such as Google Chrome, Microsoft Edge, Mozilla Firefox, and...

New Mac malware raises more questions about Apple’s security patching

Apples reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apples security patching strategy. His findings showed a shocking number of cases where Apple patched a...

Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...

How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim

Back in November, gaming giant Capcom suffered a ransomware attack. In its press notification, it mentioned the various types of data potentially grabbed by their attackers. Things took an ominous turn when they refused to pay the ransom, and the group behind the attack said that was the wrong...

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probabl...

A week in security (April 26 – May 2)

Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators, talked to Malwarebytes CISO John Donovan on our Lock and Code podcast, and explored the latest deepfake happenings. We also dug into a supply chain attack, discussed threats from a...

Omegle investigation raises new concerns for kids’ safety

Social media site Omegle is under fire after an investigation found boys using the platform to expose themselves on camera, and adults exposing themselves to minors. Omegle users are paired with a random stranger who they can socialize with via text or video chat. An investigation by the British...

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he...

SolarWinds advanced cyberattack: What happened and what to do now

We learned more about the sophisticated attack first disclosed on December 8 when security firm FireEye reported it had been the victim of a state-sponsored adversary that stole Red Team assessment tools. On December 13 there was a new development when IT company SolarWinds announced it had been...

Black Friday 2020: How to shop safely online

Black Friday 2020 promises to be somewhat different from years gone by thanks to COVID-19. The annual surge of in-store chaos and trolley dashes isn’t compatible with social distancing, and so retailers will be looking to drive shoppers online. Friday 27th November is when things kick off this...

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS and iPadOS that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zer...