A week in security (October 10 - 16)

Last week on Malwarebytes Labs: Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21 White House unveils Blueprint for an AI Bill of Rights Credential stuffers take aim at Final Fantasy XIV players Meta accuses apps of stealing WhatsApp accounts Smart lights...

Bogus job offers hide trojanised open-source software

Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech...

Welcome to high tech hacking in 2022: Annoying users until they say "yes"

Last week we learned that ride-sharing giant Uber's defences had been unpicked by an attacker with a novel take on social engineering: Fatigue. Fatigue attacks play on the often repetitive nature of certain security procedures and failsafes. Do you hate having to punch in a password on your login...

Scammers send fake 'Energy Bills Support Scheme' texts

Watch out for an energy-themed scam being sent out via SMS. The message plays on energy price fears, similar to what weve seen previously. Scam alert. I just received this text. Click through and it looks very official. Its a scam. The £400 energy bill discount is automatic, you dont need to...

Apple puts the password on life support with passkey

The "passwordless future" is something many internet users--and a great majority of the cybersecurity industry--have hoped for. Now Apple is about to make those hopes a reality. With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its passwo...

Instagram receives record fine of $400M for abuse of children's data

Ireland's Data Protection Commissioner DPC, the lead regulator in Europe for Meta and other tech giants, has slapped Instagram with a fine of €405M--roughly equivalent to $402M--following an investigation on how the company handled children's data. In the investigation that started in 2020, the D...

How to set up an iPhone for your kids

Thanks to Thomas Reed for his expertise and guidance. This is it. After much hemming and hawing, you've finally given in and bought your child their first smartphone, which you plan to give to them before the school year starts. But before you give it to them, it's worth sitting them down to talk...

Final Fantasy 14 players targeted by QR code phishing

Final Fantasy 14, the smash-hit online role playing game, is under fire from scammers. The attack is a devious way to try and compromise player accounts, making use of free item promises and bogus QR codes. As the game is a constantly changing service, its almost impossible to keep up with new...

Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18

In 1993, the video game developers at id Software released Doom, a first-person shooter that placed a nameless protagonist into the fiery depths of hell, equipped with an arsenal of weapons to mow down imps, demons, lost souls, and the intimidating "Barons of Hell." In 2022, the hacker Sick Codes...

How to secure a Mac for your kids

If you want to know how to secure your Mac so your kids can use it safely, I can help. In 2018 I decided to give my kids an old Apple laptop to share, and I documented the steps I took to secure it. They were still a few years short of their tenth birthdays, and it was their first computer, so I...

Spying on the spies. See what JavaScript commands get injected by in-app browsers

Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...

$6 million heist targets video game skin trading site

An incredibly popular digital item trading site has suffered a spectacular loss at the hands of wily attackers. According to Bleeping Computer, CS Money lost out on $6 million via just 20,000 pilfered items. How did this happen, and why are digital items so popular in the first place? The digitiz...

How to secure a Windows PC for your kids

With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using. In our "Back...

CISA and FBI issue alert about Zeppelin ransomware

The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA have released a joint Cybersecurity Advisory CSA about Zeppelin ransomware. The advisory contains indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with...

Viral video drives malvertising on social media platform

This blog post was authored by Jerome Segura Viral content shared on social media is highly coveted since it gets a lot of impressions and engagement. Unfortunately, the people who push this kind of content don't always have the best of intentions. We recently identified a malvertising campaign o...

A week in security (August 1 – 7)

Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids...

Radioactivity monitoring and warning system hacked, disabled by attackers

The Spanish police arrested two people under the accusation of tampering with the Red de Alerta a la Radiactividad RAR. The RAR is part of the Spanish national security systems and in use to monitor gamma radiation levels across the country. The network is managed, operated and maintained by the...

“Orwellian in the extreme” food store installs facial recognition cameras to stop crime, faces backlash

A convenience shop chain is under fire and facing legal charges for installing cameras with facial recognition software in 35 of its branches across the UK. The cameras analyze and convert video face captures into biometric data. The data is compared with a database of people who have committed...

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...

Endpoint security for Mac: 3 best practices

If you’re one of the 50% of small and medium-sized businesses SMBs that use Mac .devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor. Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that...

Verified Twitter accounts phished via hate speech warnings

Verified Twitter accounts are once again under attack from fraudsters, with the latest phish attempt serving up bogus suspension notices. Hijacking verified accounts on any platform is a big win for fraudsters. It gives credibility to their scams, especially when the accounts have large following...

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts...

Criminals are applying for remote work using deepfake and stolen identities, says FBI

The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII personally identifiable information. A deepfake is essentially created or modified media image, video, or audio, often with the help of artificial intelligence AI and machine...

Conti ransomware group’s pulse stops, but did it fake its own death?

The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware...

Interpol’s First Light operation smashes crime on a global scale

A large-scale Interpol operation has resulted in arrested and ill-gotten gains seizures galore. Operation First Light took place between March and May of this year. It involved 76 countries taking social engineers and telecommunications fraudsters to task, with multiple wins for those involved...

Stealthy Symbiote Linux malware is after financial institutions

Symbiote, a new "nearly impossible to detect" Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a...

Awful 4chan chat bot spouts racial slurs and antisemitic abuse

“A robot may not injure a human being or, through inaction, allow a human being to come to harm” Science fiction readers, and many others, will recognize Asimov’s first law of robotics. After reading about a bot called GPT-4chan I was wondering whether we should include: “A bot may not insult a...

Ransomware Task Force priorities see progress in first year

This blog is part of our live coverage from RSA Conference 2022: US President Joseph R. Biden Jr., The White House, and law enforcement agencies across the world paid close attention last year when a group of more than 60 cybersecurity experts launched the Ransomware Task Force, heeding the group...

Runescape phish claims your email has been changed

A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email and the scam behind it are perfect examples of one of the more reliable tactics in the world of phishing—fooling a victim into thinking they need to take some action ...

Cardiologist moonlighted as successful ransomware developer

The US has charged a 55-year-old French-Venezuelan cardiologist from Venezuela with "attempted computer intrusions and conspiracy to commit computer intrusions". This was revealed in an unsealed complaint in a federal court in Brooklyn, New York. Moises Luis Zagala Gonzales worked as a ransomware...

How to spot the signs of a virtual kidnap scam

Threats and bluster play a key role in most online attacks: Ransomware has its ransom note; trolls threaten to ramp up the pressure; tech support scammers insist your PC needs urgent assistance. Some take it a step further, leaning in with a more direct approach, ranging from death threats to...

Virtual credit cards coming to Chrome: What you need to know

When youre buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US...

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...

Call of Duty cheats can expect embarrassment with new anti-cheat feature

In-game cheats are about to have an even harder time of things in triple AAA titles such as Call of Duty. Activision’s “Ricochet” software - a kernel level driver anti-cheat system - has added another twist to the tale of how players are protected via a new system called “Cloaking”. Making all ne...

Beware of fake Twitter philanthropists offering to put $750 into your Cash App account

Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people helping out those who need it. The help is random, and often focused around performing a task like listening to a podcast or simply retweeting...

A week in security (April 4 – 10)

Last week on Malwarebytes Labs: Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09 YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised Successful operations against Russian Sandworm and Strontium groups targeting...

Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...

Globant suffers network breach due to LAPSUS$ compromise

Globant, an IT and software development firm with offices all around the globe, admitted in a press statement Wednesday that it has suffered a breach in its network. Affected data includes but may not be limited to some source code and certain project documentation of clients. "We have recently...

Nvidia, the ransomware breach with some plot twists

On February 25, news broke about a cyberattack on Nvidia, America’s biggest microchip company, which saw parts of its business taken offline for two days. Soon after, the ransomware group LAPSUS$ claimed responsibility and threatened to leak 1 TB in exfiltrated data. You would think that while th...

Biden wants stronger privacy protections, no targeted ads for children

On March 1, US President Joe Biden gave his first State of the Union Address SOTU speech to Congress. In it, Biden highlighted the dire need to get help for teens with mental health issues. He demanded tech companies implement more robust privacy protections for kids and teens using their online...

Don’t let scammers ruin your Valentine’s Day

Today is Valentines Day, so we thought wed show you how cybercriminals use special times like this one for phishing attacks. Our Valentines story starts with a victim receiving an email message. The email urges them to open an attached file, and also contains well formatted content that tries to...

Google sued over deceptive location tracking

Four Attorneys General AG from the District of Columbia and the states of Indiana, Texas, and Washington have filed separate lawsuits agains Google for allegedly misleading its users into believing that they are no longer tracking their location when they deliberately pause the "Location History"...

Phishers on the prowl with fake parking meter QR codes

QR codes come and go as a threat. The last time we wrote about them they were causing problems at gas stations, and by sheer chance this latest outing shares vehicular related subject matter. Law enforcement in the US is sounding the alarm regarding parking meters. A quick refresher QR Quick...

Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected

Two-factor authentication 2FA has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of...

$10m of funds goes missing in what appears to be a cryptocurrency rug-pull

There’s a lot of concern in the cryptocurrency realm at the moment. A yield farming platform "utilizing arbitrage to gain optimal yield with low risk" has gone AWOL. Site down, Twitter account deleted, no word from the team behind it explaining what happened. Worst of all, some $10 million worth ...

What is IP sniffing?

IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network. IP sniffers intercept the...

FBI traces and grabs back $150 million theft that was turned into bitcoins

On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit. On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the...

Microsoft disrupts China-based hacking group Nickel

Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. On December 2, the Microsoft Digital Crimes Unit DCU filed pleadings with the US District Court for the Eastern District of Virginia seeking authority to take control of the sites that it...

What is facial recognition?

Facebook recently announced it would give up on its facial recognition system. Facebook, or Meta, was using software to automatically identify people in images posted to its social network. Since facial recognition has become an increasingly toxic concept in many circles and Facebook was having...