How ransomware gangs are connected, sharing resources and tactics

Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a...

Report reveals the staggering scale of Business Email Compromise losses

Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didnt give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help. The...

What’s up with WhatsApp’s privacy policy?

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem?...

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency CISA issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture...

Malspam campaign caught using GuLoader after service relaunch

They say any publicity is good publicity. But perhaps this isnt true for CloudEye, an Italian firm that claims to provide "the next generation of Windows executables protection". First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to...

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan RAT associated with North Korea's Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was...

Are our police forces equipped to deal with modern cybercrimes?

“You should have asked for the presence of a digital detective,” Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file a report. After listening to his story, the police...

Mac adware is more sophisticated and dangerous than traditional Mac malware

As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows...

Vital infrastructure: emergency services

Organizations in the emergency services sector are there for the public to provide help when situations get out of hand or are too much to handle. This can be because the problem requires special tools and skills to use them, and the organizations are set up to provide assistance at short notice...

300 shades of gray: a look into free mobile VPN apps

The times, they are a changin'. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy a...

Your device, your choice: AdwCleaner now detects preinstalled software

For years, Malwarebytes has held firm to a core belief about you, the user: You should be able to decide for yourself which apps, programs, browsers, and other software end up on your computer, tablet, or mobile phone. Basically, it’s your device, your choice. With the latest update to Malwarebyt...

Malwarebytes helps take down massive ad fraud botnets

On November 27, the US Department of Justice announced the indictment of eight individuals involved in a major ad fraud case that cost digital advertisers millions of dollars. The operation, dubbed 3ve, was the combination of the Boaxxe and Kovter botnets, which the FBI—in collaboration with...

When Endpoint Detection and Response (EDR) is not enough

As cybercriminals continue to validate the reality that no prevention-based security control is going to stop every threat every time, companies are expanding beyond prevention-only approaches and closing the gap with endpoint detection and response solutions. But as we consider this strategy, on...

The state of Mac malware

Mac users are often told that they don't need antivirus software, because there are no Mac viruses. However, this is not true at all, as Macs actually are affected by malware, and have been for most of their existence. Even the first well-known virus—Elk Cloner—affected Apple computers rather tha...

419 scammer offers USD $60 million—and a free child

Scammers often come crawling out of the woodwork in all sorts of places you wouldn't necessarily expect. This is to their advantage when trying to keep suspicion in check; after all, we're pretty much pre-programmed to think 419 scams will only wander into our inboxes. Twitter, though? That's a...

Fake DHS email – “Give us $350 in the next 24 hours”

Who likes threats? Nobody, as it turns out. That hasn't stopped scammers from jumping on the menacing email train - next stop, your inbox. Every now and then, we see the 419 "Hitman deployed to kill you" missive doing the rounds. On a similar threatening note, we have a fake DHS notification...

Solution Corner: Malwarebytes for Android

People have become increasingly reliant on their mobile devices in recent years. Smartphones and tablets have revolutionized daily life. Unfortunately, such rapid growth has also attracted criminals, bringing Android up to par with Windows in terms of infection rates. Android threat landscape A...

A week in security (August 14 – August 20)

Last week, we gave some security tips for parents and kids aimed at the new school term. We also took a peek at the inside of the Kronos malware, focusing on how it works and protects itself. And, once again, we spotted a return of Locky ransomware with two new flavors at once, diablo6 and Lukitu...

Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual...

Ransomware review: October 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Apple releases emergency updates for two known-to-be-exploited vulnerabilities

On Friday April 7, 2023, Apple released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible because all three updates include important security fixes. The Cybersecurity and Infrastructure Security Agency...

DoppelPaymer ransomware group disrupted

Europol has announced it has arrested two suspected core members of the DoppelPaymer ransomware group. On 28 February, the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations FBI, apprehended...

Malware targets 30 unpatched WordPress plugins

If you make use of plugins on your WordPress site and you probably do, its time to take a good look at whats running under the hood. Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins. A long list of plugin problems If you own or operate a website...

URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users

Update: We were informed by Sick Codes that, although Signal already has a fix for this URI flaw here, it hasnt been pushed out to market yet. Well further update this post once there is new development. Theres a flaw in the way many of the worlds most popular messaging and email platforms—such a...

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine

This blog post was authored by Hasherezade, Ankur Saini and Roberto Santos Disk wipers are one particular type of malware often used against Ukraine. The implementation and quality of those wipers vary, and may suggest different hired developers. The day before the invasion on Ukraine by Russian...

A week in security (January 24 – 30)

Last week on Malwarebytes Labs: QNAP update stops Deadbolt ransomware, annoys some users, starts debate Big Mother is watching: What parents REALLY think about tracking their kids Update now! Apple patches another actively used zero-day Let’s Encrypt to revoke “mis-issued” certificates North...

Beware card skimmers this Black Friday

The UKs top cybercops are urging owners of small online shops to "protect their customers and profits" by guarding against card skimmers in the frenetic shopping period that starts with Black Friday, which lands on November 26 this year. The warning comes from the National Cyber Security Centre...

Phishing campaign goes old school, dusts off Morse code

In an extensive report about a phishing campaign, the Microsoft 365 Defender Threat Intelligence Team describes a number of encoding techniques that were deployed by the phishers. And one of them was Morse code. While Morse code may seem like ancient communication technology to some, it does have...

Apple confirms Macs get malware

Anyone following the court case between Epic and Apple is undoubtedly already aware of the "bombshell" dropped by Apples Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apples mobile device operating system, iOS, stated that "w...

Using iPhones and AirTags to sneak data out of air-gapped networks

Someone has found an extraordinary way to exfiltrate data by piggybacking data on the backs of unsuspecting iPhones. Say what? A researcher has found out that it is possible to upload arbitrary data from non-internet-connected devices by sending Bluetooth Low Energy BLE broadcasts to nearby Apple...

Why MITRE ATT&CK matters—Choosing alert quality over quantity

Round 3 Carbanak/FIN7 results evaluation Last month, the researchers at MITRE Engenuity released the results of their most recent ATT&CK Evaluation, offering businesses an opportunity to make informed choices about their own security needs. This year, by modeling the ATT&CK testing after attack...

FIN7 sysadmin behind “billions in damage” gets 10 years

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known...

Chrome users, here’s how to opt out of the Google FLoC trial

Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC—which is designed to respect peoples privacy more, as a detriment to user...

Don’t post it! Six social media safety sins to say goodbye to

If you or anyone you know is committing the below social media sins, it’s time to change that habit of an online lifetime. Even the most innocuous of things can cause trouble down the line, because everyone’s threat model is different. Unfortunately, people tend to realise what their threat model...

ProxyLogon PoCs trigger a game of whack-a-mole

As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...

Are TikTok’s new settings enough to keep kids safe?

TikTok, the now widely popular social media platform that allows users to create, share, and discover, amateur short clips—usually something akin to music videos—has been enjoying explosive growth since it appeared in 2017. Since then, it hasn’t stopped growing—more so during the current pandemic...

The most enticing cyberattacks of 2020

This is part one of a two-part series. To read about the strangest cybersecurity events of 2020, read our second story here. In 2020, we experienced a major shift. Much of the world pitched in to limit the spread of the coronavirus, with people changing their daily routines to include a mixture o...

The many ways you can be scammed on Facebook, part II

In part 1 of this article series, we looked at data mining schemes, scam ad campaigns, concert tickets scams, and PayPal fund transfer scams. Today, we continue to list down the other scams you might encounter on Facebook. Bitcoin trading scam Who would have thought that a "simple" phishing schem...

Fake COVID-19 survey hides ransomware in Canadian university attack

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, weve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishi...

It’s baaaack: Public cyber enemy Emotet has returned

It was never a question of "if" but "when". After five months of absence, the dreaded Emotet has returned. Following several false alarms over the last few weeks, a spam campaign was first spotted on July 13 showing signs of a likely comeback. The Emotet botnets started pushing malspam actively o...

5 tips for building an effective security operations center (SOC)

Security is more than just tools and processes. It is also the people that develop and operate security systems. Creating systems in which security professionals can work efficiently and effectively with current technologies is key to keeping your data and networks secure. Many enterprise...

Explained: What is containerization?

Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children's toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course,...

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven't already...

Instagram story spam claims free Apple Watch

I have to admit, I'm not 100 percent sure who Elton Castee is. "Who's that?" you ask? Digging around revealed that he's big on YouTube, has done some films, and raises money for dogs, which is very cool. He's also popular on Instagram, with 400k+ followers. With that in mind, we've seen a few...

Parenting in the Digital World: a review

Before I became a new mum not so long ago, I did the best I could to prepare myself to take care of my little one by reading a lot books. From learning how to discern possible meanings behind baby's various cries to finding out what you can and can't feed your baby once they begin eating solids. ...

Maybe you shouldn’t use LinkedIn

UPDATE: 4/6/2018 LinkedIn reached out for comment on the article, and we'd like to clarify our position based on their concerns. They wrote: Members control their connections, who can see them including keeping them private if they wish and only first degree connections can get access to your...

Presenting: Malwarebytes Labs 2017 State of Malware Report

2017 was a tumultuous year in politics, media, gender, race—and cybersecurity didn’t beat the rap. Last year was full of twists and turns in the cybercrime world, with major outbreaks, new infection methods, and the evolution of the cryptocurrency crime industry. In aiming to make sense of the...

A week in security (July 10 – July 16)

Last week, we took a look at some of your malware infection stories, took a stroll through the basics of PowerShell, explored a piece of .NET malware, and shone the spotlight on the Petya ransomware family. Elsewhere, the following stories were taking place: Latest updates for Consumers...

Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. Zero-day vulnerabilities are discovered by attackers before the software company itself - meaning the vendor has zero days to fix them. Both the two...