Risky business: survey shows majority of people use work devices for personal use

There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway i.e. more online shopping and more streaming TV/movies. Other changes are more extreme and we’...

Fintech industry developments, differences between Europe and the US

“Put your money in the bank and you can watch it grow.” If there is a statement that shows us how much the financial world has changed it’s this one. With the introduction of negative interest, companies and consumers with a large amount of liquid assets are looking for a different way to handle...

Cloud workload security: Should you worry about it?

Due to the increasing use of the cloud, organizations find themselves dealing with hybrid environments and nebulous workloads to secure. Containerization and cloud-stored data have provided the industry with a new challenge. And while you can try to make the provider of cloud data storage...

Stalkerware advertising ban by Google a welcome, if incomplete, step

On Friday, July 10, Google announced it would no longer allow advertising for spyware and similar surveillance technology—often referred to as “stalkerware”—on its platform. The change is a welcome step by one of the largest, most powerful companies in online advertising, but a close read of the...

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...

Exhibition: it-sa Nuremberg

Scroll down for the German version of this post. Since 2009, security professionals, developers, and product providers have shared their ideas and platforms at it-sa, a security exhibition in the Exhibition Centre in Nuremberg, Germany. This year, it-sa featured 629 exhibitors including...

Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

A week in security (April 12 – April 18)

Last week on Malwarebytes Labs: Text scams grow to steal hundreds of millions of dollars Apple patches security vulnerabilities in iOS and iPadOS. Update now! Hi, robot: Half of all internet traffic now automated "I sent you an email from your email account," sextortion scam claims "Follow me" to...

QR codes sent in attachments are the new favorite for phishers

Recently we’ve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercrimina...

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the...

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. To check if you’re using the latest software version, go to Settings or System Settings General Software Update. It’s also worth turning on Automatic Updates if you haven’t...

Fake funeral “live stream” scams target grieving users on Facebook

Some scammers have the morals of an alley cat. But some sink even lower. Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details. These...

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more

A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...

Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?

Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once aga...

Microsoft AI “Recall” feature records everything, secures far less

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but its one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence AI technology to...

TikTok comes one step closer to a US ban

The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...

60% of small businesses are concerned about cybersecurity threats

According to a recent poll by the US Chamber of Commerce, 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about...

Facebook spied on Snapchat users to get analytics about the competition

Social media giant Facebook snooped on Snapchat users network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. Thats according to a court document filed March 23, 2024. The document mentions Facebook’s so-called In-App Action Panel IAAP program,...

ThreatDown achieves perfect score in latest AVLab assessment

ThreatDown has once again earned a perfect score in AVLabs January 2024 real-world malware detection tests, marking the eleventh consecutive quarter in achieving this feat. Let’s delve into the details of the test and how ThreatDown outperformed competitors in exhaustive testing. The AVLab...

Predator spyware vendor banned in US

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of...

Airbnb scam sends you to a fake Tripadvisor site, takes your money

One of my co-workers who works on Malwarebytes’ web research team just witnessed a real life example of how useful his work is in protecting people against scammers. Stefan decided to visit Amsterdam with his girlfriend, and found a very nice and luxurious apartment in Amsterdam on Airbnb. In the...

Change Healthcare outages reportedly caused by ransomware

On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Chan...

AI-generated voices in robocalls are illegal, rules FCC

The Federal Communications Commission FCC has announced that calls made with voices generated with the help of Artificial Intelligence AI will be considered “artificial” under the Telephone Consumer Protection Act TCPA. Effective immediately, that makes robocalls that implement voice cloning...

Facebook fatal accident scam still rages on

Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English. I have seen two different types in German. First Facebook scam...

State of Malware 2024: What consumers need to know

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. As home users, many of the threats we cover will only affect you second hand, such as disruptions after a company suffers a ransomware attack, or when your...

Malicious ads for restricted messaging applications target Chinese users

An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google...

Malwarebytes wins every MRG Effitas award for 2 years in a row

ThreatDown Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware in the most recent anti-malware efficacy assessment results for the Q3 2023 evaluation performed by MRG Effitas, a world leader in independen...

2024 State of Ransomware in Education: 92% spike in K-12 attacks

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...

How to recognize AI-generated phishing mails

Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers arent very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. However, now...

Meta whistleblower says company has long ignored how it sexually endangers children

At a Senate hearing, a Meta whistleblower has revealed some shocking numbers around children’s experiences of its platforms. Arturo Béjar, a former engineering director at Meta, testified before the US Congress on Tuesday. Not only did he share his own daughters’ experience suffering harassment o...

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

When you think about the word "cyberthreat," what first comes to mind? Is it ransomware? Is it spyware? Maybe it's any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. In the future, though, what many businesses migh...

Avoid this "lost injured dog" Facebook hoax

Facebook users are advised to be wary of posts involving injured dogs receiving treatment at a vet surgery, or pets sitting next to people post-operation adorned with bandages and plaster casts. The dog-themed missives all follow a similar format, with the primary change between them being the...

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

As we raise a glass to toast Malwarebytes' 15th anniversary of boldly venturing into the realm of business cybersecurity, we're feeling nostalgic. It's time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes' evolution. From modest beginnings to becoming a...

Beware: Fake IRS tax email delivers Emotet malware

Tax season is upon us and, as with every year, we're seeing tax scammers rearing their heads. Below, we have an example of a tax scam currently in circulation along with some suggestions for avoiding these kinds of attacks. An IRS W-9 tax form scam A Form W-9 is a form you fill in to confirm...

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

The rise of multi-threat ransomware

Today we have a ten minute YouTube expedition into the murky world of ransomware. In the video, "The rise of multi-threat ransomware" embedded below, I cover a couple of key talking points that always seem to come up in conversation. Single, double, triple? The video covers how ransomware made th...

How to protect your business from supply chain attacks

Threat actors know that attacking the supply chain is not just a smart strategy but also a winning one. When American store Target found a Trojan designed to steal card details on its POS point-of-sale systems in 2013, no one expected that the route into its secure environment was its heating,...

[updated]Ransomware money laundering operation disrupted, founder arrested

The US Department of Justice DOJ has released information about the arrest of Anatoly Legkodymov, the founder and majority owner of a cryptocurrency exchange called Bitzlato, on money laundering charges. Legkodymov, a Russian national who lives in China, is accused of processing over $700 million...

Google to support the use of Rust in Chromium

In a blog by the Chrome security team we learned that the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium. This is good news because Rust is a so-called memory-safe programming language. So using it in a widespread program like Chrome and the other...

Raspberry Robin worm used as ransomware prelude

Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive. First spotted in September 2021, it was typically introduced into a network through infected removable drives, often USB devices. Now the worm has been foun...

Warning: "FaceStealer" iOS and Android apps steal your Facebook login

Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaini...

Android and iOS leak some data outside VPNs

Virtual Private Networks VPNs on Android and iOS are in the news. Its been discovered that in certain circumstances, some of your traffic is leaked so it ends up outside of the safety cordon created by the VPN. Mullvad, the discoverers of this Android "feature" say that it has the potential to...

APT28 attack uses old PowerPoint trick to download malware

Researchers at Cluster25 have published research about exploit code that's triggered when a user moves their mouse over a link in a booby-trapped PowerPoint presentation. The code starts a PowerShell script that downloads and executes a dropper for Graphite malware. Graphite is named after...

Erbium stealer on the hunt for data

Theres a new slice of malware-as-a-service doing the rounds, although its actual newness is somewhat contested. The stealer, called Erbium, was first spotted on forums back in July 2022, but it seems nobody is quite sure when it started being deployed and snagging victims. Nevertheless, it is now...

British Airways customers targeted in lost luggage Twitter scam

Getting back into the travel habit? Jumping on a plane soon? Experienced a bit of a luggage disaster and looking for help on social media? Watch out, because a lack of prior research could prove very costly. Word has spread of a bogus Twitter account pretending to be a customer support channel of...

Tech support scammers target Microsoft users with fake Office 365 USB sticks

Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If its not a Bill Gates themed lottery spam mail in your mailbox, its a fake Excel...

How IT teams can prevent phishing attacks with Malwarebytes DNS filtering

Phishing attacks are a persistent threat to businesses globally. According to Verizon, 82 percent of data breaches in 2021 involved the human element--with phishing attacks making up over 60 precent of these. And if it aint broke, dont fix it: threat actors have only continued to use phishing to...

Lock down your Neopets account: Data breach being investigated

Bad news for players of long-time virtual pet management title Neopets. Word is spreading of a compromise claimed to have accessed around 69 million user accounts. This compromise, posted to a hacking forum, is said to include both the database and around 460 MB of compressed source code from...

Amazon Photos vulnerability could have given attackers access to user files and data

Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a users unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data...