4709 matches found
Credential-stealing malware disguises itself as Telegram, targets social media users
A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware...
How to avoid being scammed this Valentine’s Day
With Valentines Day approaching, you can be sure that the scammers will want to take advantage of lovebirds everywhere. From romance scams and sextortion, to fake dating sites and phishing campaigns, heres how to avoid a sting in the tail this Valentines Day. Romance scams Stories of online roman...
Ransomware targets Edge users
Unless youve been hiding under a rock for the last twenty years, youve probably heard the one about "keeping your software up to date". Applying software updates promptly is arguably the single most useful thing you can do to keep yourself secure online, and vendors, experts, pundits, and blogs...
Update now! Mozilla fixes security vulnerabilities in Firefox 94
In a security advisory, Mozillas announced that several security issues in its Firefox browser have been fixed. Several of these vulnerabilities were listed as having a high impact. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures CVE database. Its...
Microsoft warns about phishing campaign using open redirects
The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links. Open redirects have been part of the phisher’s arsenal for a long time and it is a proven method to trick victims into...
TikTok pays $92 million to end data theft lawsuit
TikTok, the now widely popular social media platform that allows users to create, share, and discover, short video clips has been enjoying explosive growth since it appeared in 2017. Since then, it hasn’t stopped growing—more so during the current pandemic. While we can no longer categorize TikTo...
Get a head start on defending against tax scams
It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 201...
Lock and Code S1Ep21: Lesson planning your school’s cybersecurity with Doug Levin
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a...
California’s Prop 24 splits data privacy supporters
California’s data privacy house is divided. On the Golden State’s November ballot this year is the question as to whether to amend California’s barely-two-year-old data privacy law, the California Consumer Privacy Act. Far from the first attempt to change the fledgling law, Proposition 24 sets...
Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about "security hubris," the simple phenomenon in which businesses are less secure th...
Sextortion scammers getting creative
We've covered sextortion before, focusing in on how the core of the threat is an exercise in trust. The threat actor behind the campaign will use whatever information available on the target that causes them to trust that the threat actor does indeed have incriminating information on them. They...
When spyware goes mainstream
Stealware. Surveillanceware. Stalkerware. These are terms alternately used to effectively identify a file-based threat that has been around since 1996: spyware. More than two decades later, consumer or commercial spyware has gone mainstream, and the surprising number of software designed, openly...
Back to school cybersecurity: hints, tips, and links for a safer school year
It's that time of year again when parents are slowly gearing up for a new school term. Some schools have a strict policy of only using their own pre-approved lab devices, while others allow students to bring their own devices. Whatever the plan, it's never too early to start thinking about some o...
A week in security (January 29 – February 04)
Last week on Labs, we looked into PUPs stealing and using mainstream logos of security and tech companies to further gain user trust, GandCrab and Scarab ransomware variants in the wild, and a new Mac malware called OSX.CreativeUpdater that can be distributed via MacUpdate. We also profiled...
Cookies: Should I worry about them?
Starting off the new year, many of us are worried about cookies—how many we ate over the holidays and how we're going to avoid them in the break room, for example. With so much cybercrime and data theft swirling around like daily bomb cyclones, there's more than a few folks worried about the kind...
Magnitude EK actor goes for Bitcoin multiplier scam (updated)
It is well known that hot commodities tend to attract scammers and online criminals. The continuous rise of Bitcoin over the past year valued at over USD $7,188 at the time of writing is generating frenzy amongst fans of cryptocurrencies as well as those watching from the sidelines. While the...
All rise! Mind these digital crimes and arm yourself against them
Have you noticed that, in this year alone, headlines are inundated with words that contain "cyber"? Cybercrime. Cyberattack. Cybersecurity. Cyberwarfare. The cyber. Okay, that was last year. Frankly, with so much going on, we hardly remember a time when the term "cyber" seemed quaint and a little...
Announcing Malwarebytes Endpoint Protection, a next-generation antivirus replacement for businesses
Six months ago, we announced Malwarebytes 3.0, a next-generation antivirus replacement for home users. Today, I am happy to announce Malwarebytes Endpoint Protection, its equivalent for businesses. Malwarebytes Endpoint Protection includes an easy to deploy, scalable cloud platform that allows yo...
Fake virus alerts are invading mobile games
Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: " Your device is infected!" " Your iCloud is full!" " Your account is restricted for watching porn!" Some games can be played for free if you agree to watch ads, and in others y...
Yarbo responds to robot flaws that could mow down their owners
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...
Why we’re still not doing April Fools’ Day
People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture, but people's day-to-day scam experience is easier to recognize: Our research found that 44% of people say they encounter mobile scams every single...
What privacy? Perplexity wants your data, builds browser to track you and serve ads
AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too. The company is planning to launch its own browser, called Comet, next month. But what does this mean for your privacy? Launched in 2022, Perplexity AI is an AI-powered searc...
Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail
A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the...
BayMark Health Services sends breach notifications after ransomware attack
BayMark Health Services, Inc. BayMark notified an unknown number of patients that attackers stole their personal and health information. BayMark profiles itself as North America’s largest provider of medication-assisted treatment MAT for substance use disorders helping tens of thousands of...
Affirm says Evolve Bank data breach also compromised some of its customers
Buy now, pay later payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K, submitted to the Securities and Exchange Commission SEC, Affirm states: “Because the...
Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more
A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
Google’s Chrome changes make life harder for ad blockers
Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places theyve been ...
Why car location tracking needs an overhaul
Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware...
A week in security (April 29 – May 5)
Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...
Watch out for tech support scams lurking in sponsored search results
This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored". They...
Kaiser health insurance leaked patient data to advertisers
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications...
Should you share your location with your partner?
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued location...
New Facebook photo rule hoax spreads
Some hoaxes on Facebook are years old, but like a cat with nine lives they keep coming back again and again. This is certainly the case with this most recent hoax. Fact-checking site Snopes is reporting on a hoax that concerns Metas use of our photos, messages and other posts on Facebook. Users a...
PikaBot malware on the rise: What organizations need to know
A new type of malware is being used by ransomware gangs in their attacks, and its name is PikaBot. A relatively new trojan that emerged in early 2023, PikaBot is the apparent successor to the infamous QakBot QBot trojan that was shut down in August 2023. QBot was used by many ransomware gangs in...
Why ransomware gangs love using RMM tools—and how to stop them
One of the most alarming trends our ThreatDown Intelligence team has noticed lately is the increased exploitation of legitimate Remote Monitoring and Management RMM tools by ransomware gangs in their attacks. RMM software, such as AnyDesk, Atera, and Splashtop, are essential for IT administrators...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
Patch now! Roundcube mail servers are being actively exploited
The Cybersecurity & Infrastructure Security Agency CISA has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by...
Nitrogen shelling malware from hacked sites
Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. Its signature move is using Python and DLL side-loading to connect to the attackers command and control server. In this blog post, we look at a recent Nitrogen campaign and...
In conversation: Bruce Schneier on AI-powered mass spying
For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out locations...
“The mother of all breaches”: 26 billion records found online [Updated]
Security researchers have discovered billions of exposed records online, calling it the "mother of all breaches". However, the dataset doesnt seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data...
A true tale of virtual kidnapping: Lock and Code S05E02
This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...
How does ThreatDown Vulnerability Assessment and Patch Management work?
Maintaining updated systems and applications is a challenge for any IT team—especially considering the sheer volume of vulnerabilities organizations must find and prioritize on a rolling basis. ThreatDown Vulnerability Assessment VA, now included for free in every ThreatDown bundle, simplifies th...
New MetaStealer malvertising campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodity in the criminal space, so much so that there is competition between various groups. Threat actors have primarily used malspam as an infection vector...
How to stop fake System notifications on macOS
Scammers are abusing an Apple feature that allows websites to create push notifications that look like theyre coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked. Years ago we warned our...
Introducing Advanced Device Control: Shielding businesses from USB threats
With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature. Heres the breakdown: When a USB device is connected, ThreatDown now doesnt just control...
A week in security (October 30 – November 5)
Last week on Malwarebytes Labs: Apache ActiveMQ vulnerability used in ransomware attacks YouTube launches "global effort" to block ad blockers Should you allow your browser to remember your passwords? Atlassian: "Take immediate action" to patch your Confluence Data Center and Server instances Wha...
2.6 million DuoLingo users have scraped data released
An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...
Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023
MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q1 2023. Malwarebytes Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware. These result...
Rheinmetall attacked by BlackBasta ransomware
On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...