Malvertising: This cyberthreat isn’t on the dark web, it’s on Google

On the internet, people need to worry about more than just opening suspicious email attachments or entering their sensitive information into harmful websites—they also need to worry about their Google searches. That’s because last year, as revealed in our 2024 ThreatDown State of Malware report,...

Ransomware review: February 2024

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Warning from LastPass as fake app found on Apple App Store

Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this w...

How to tell if your toothbrush is being used in a DDoS attack

Its not...

A week in security (January 29 – February 4)

Last week on Malwarebytes Labs: CISA: Disconnect vulnerable Ivanti products TODAY FBI removes malware from hundreds of routers across the US "You have blood on your hands." Senate Committee calls for action by social media giants to protect children online Tax season is here, so are scammers Moth...

10 things to do to improve your online privacy

1. Set up two-factor authentication Do this for as many of your online accounts as you can, especially the major ones like your email and social media accounts. Two-factor authentication 2FA adds an extra step of protection and makes it much harder for attackers to login as you. We recommend usin...

Ransomware review: January 2024

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

US government is snooping on people via phone push notifications, says senator

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apples servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by...

A week in security (November 06 – November 12)

Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes...

Ragnar Locker ransomware group taken down

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. The take down action was carried out between 16 and 20 October. During the actio...

Google’s Bard conversations turn up in search results

Google is coming under scrutiny after people discovered transcripts of conversations with its AI chatbot Bard are being indexed in Google search results. Bard is Googles answer to ChatGPT, and allows users to have conversations with an AI. Services like these have attracted a lot of attention,...

Watch out, this LastPass email with "Important information about your account" is a phish

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are havin...

Smart chastity device exposes sensitive user data

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...

Malwarebytes acquires Cyrus Security

Today, I am absolutely thrilled to share some exciting news: Malwarebytes is officially welcoming Cyrus Security into our family. This acquisition signifies an exciting chapter in our journey, and I wanted to share why this development is so special, and what it means for the millions who trust...

Zoom clarifies user consent requirement when training its AI

Changes in the terms of service TOS of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom Video Conferencing has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things are...

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

Film companies lose battle to unmask Reddit users

An interesting case marking the limits of what data big business can expect to dig up has concluded its day or to be more accurate, many days in court. Ars Technica reports that film companies have lost their battle to make social site Reddit identify anonymous users discussing piracy. No fewer...

FAQ: How does Malwarebytes ransomware rollback work?

As the old cybersecurity saying goes: "Its not if, but when." Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again were reminded that ransomware can slip past even the best defenses...

From Malvertising to Ransomware: A ThreatDown webinar recap

Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising--the practice of embedding malicious code within legitimate online advertisements--and the epidemic of ransomware attacks affecting businesses globally. Presented by Mark Stockley, security...

"Free" Evil Dead Rise movie scam lurks in Amazon listings

Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in...

5 facts to know about the Royal ransomware gang

When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they'd rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings. In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195...

A week in security (May 8-14)

Last week on Malwarebytes Labs: The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11 Ransomware review: May 2023 Brightline breach hits at least 964,000 people, US records show Ransomware attack on MSI led to compromised Intel Boot Guard private keys Fake system update drops...

"BingBang" flaw enabled altering of Bing search results, account takeover

Researchers from Wiz have discovered a way to allow for search engine manipulation and account takeover. The research in question focuses on several Microsoft applications, with everything stemming from a new type of attack aimed at Azure Active Directory. Azure Active Directory is a single sign-...

[Updated April 3] 3CX desktop app used in a supply chain attack

Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. The 3CX Desktop App is a Voice over Internet Protocol VoIP type of application which is available for Windows, macOS, Linux and mobile. Many large corporations use it internally to make calls, vie...

ChatGPT happy to write ransomware, just really bad at it

This morning I decided to write some ransomware. I've never done it before, and I can't code in C, the language ransomware is mostly commonly written in, but I have a reasonably good idea of what ransomware does. Previously, this lack of technical skills would have served as something of a barrie...

Hackers threaten to leak STALKER 2 assets if devs don’t heed demands

Ukrainian game developer GSC Game World has announced it was breached by Russian hacktivists who stole assets related to the much-awaited game STALKER 2: Heart of Chernobyl. A message from GSC Game World team pic.twitter.com/rqRM0tFZmO -- S.T.A.L.K.E.R. OFFICIAL @stalkerthegame March 12, 2023...

LockBit ransomware demands $2 million for Pierce Transit data

The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

TikTok car theft challenge: Hyundai, Kia fix flaw

Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affect...

ION starts bringing customers back online after LockBit ransomware attack

ION Group, a financial software firm, is reportedly beginning to bring clients back online after being hit by a ransomware attack late last week. The Russian-linked LockBit ransomware group claimed responsibility for attacking a division of ION Group, which affecting 42 clients in Europe and the...

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...

4 ways to protect your privacy while scrolling

Privacy is a right that is yours to value and defend. Article 8 of the Human Rights Act protects your right to respect for your private and family life. One of the pillars of the article is that personal information about you including official records, photographs, letters, diaries, and medical...

T-Mobile reports data theft of 37 million customers in the US

T-Mobile has announced that an attacker has accessed "limited types of information" on customers. It says it is informing impacted customers. According to the press release, no passwords, payment card information, social security numbers, government ID numbers or other financial account informati...

Polite WiFi loophole could allow attackers to drain device batteries

Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now,...

A week in security (January 1 - 8)

Last week on Malwarebytes Labs: Why does technology no longer excite us? Lock and Code S04E01 New device? Here's how to safely dispose of your old one LastPass updates security notice with information about a recent incident Okta breached last month, no customers compromised Update VPN Plus Serve...

A week in security (October 24 - 30)

Last week on Malwarebytes Labs: Lock and Code: A gym heist in London goes cyber Healthcare site leaks personal health information via Google and Meta tracking pixels An odd kind of cybercrime: Gift vouchers, medical records, and...food Cisco warns of ISE vulnerability with no fixed release or...

An odd kind of cybercrime: Gift vouchers, medical records, and...food

Someone with a gift for technology but a nasty habit of using it for very bad things has been spared from going to jail with a suspended sentence. Peter Foy, 18 at the time of his antics, racked up a remarkable, and slightly peculiar, list of compromises before being brought before the court. A...

Healthcare site leaks personal health information via Google and Meta tracking pixels

Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information PHI, with Google and Meta Facebook. Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and provides...

Former cop abused unrevoked system access to extort women

When Bryan Wilson, a former Louisville Metropolitan Police Department LMPD officer in Kentucky, pleaded guilty to cyberstalking charges in June, details of his crime weren't revealed. Now they have. A new court document discloses facts about how he stole sexually explicit photos and videos from...

Microsoft breach reveals some customer data

Microsoft customers find themselves in the middle of a data breach situation. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. This miscongifuration resulted in the possibility of "unauthenticated access to some...

Thermal cameras could help reveal your password

Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands ...

Only half of teens agree they "feel supported online" by parents

Not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need. Those are some of the latest findings from joint research conducted this summer by Malwarebytes and 1Password, which we have published tod...

Exchange servers abused for spam through malicious OAuth applications

Microsoft has published a security blog about an investigation into an attack in which threat actors used malicious OAuth applications to abuse Exchange servers for their spam campaign. The threat actor behind this attack has been active for many years, and has been running spam campaigns using...

5 things to teach your kids about social media

With children now back at school, its time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all thei...

Facebook engineers aren't sure where all user data is kept

If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook...

The North Face hit by credential stuffing attack

The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a "large-scale" credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers?...

A week in security (September 5 – 11)

Last week on Malwarebytes Labs: Phishers use verified status as bait for Instagram users Microsoft will disable Basic authentication for Exchange Online in less than a month Zero-day puts a dent in Chrome's mojo Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability Don't...

Microsoft will disable Basic authentication for Exchange Online in less than a month

Microsoft has posted a reminder on the Exchange Team blog that Basic authentication for Exchange Online will be disabled in less than a month, on October 1, 2022. The first announcement of the change stems from September 20, 2019. With so much warning you might expect organizations to be ready, a...

What is a keylogger?

A blog post published earlier this year posed the question "Is Grammarly a keylogger?" I have personally had people reference that post and ask me to add detection of Grammarly to Malwarebytes. The answer has always been, "no." Whether or not you like what Grammarly does, Grammarly is not a...

James Webb telescope images used to hide malware

A rather unique approach to spread malware using the popularity of the James Webb telescope images has been identified by the Securonix threat research team. The malware is being spread by a phishing campaign that includes a Microsoft Office attachment. Similar to traditional Office macros, the...