4709 matches found
Fake Netflix, Coca-Cola, and FIFA job scams target marketers
Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including...
Elite network says it was hacked after members’ personal data was left exposed
Some organizations exist to be exclusive. They're invite-only, and discreet, the kind of place where the membership directory is the product. Dialog, the exclusive network founded by billionaire investor and PayPal co-founder Peter Thiel, whose members include a sitting NATO commander, two US...
Thousands of D-Link routers under control of AryStinger botnet
Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end‑of‑life D‑Link routers and some network-attached storage NAS devices, turning them into a distributed scanning and proxy network that attackers can use to hide their activity and launch...
AI: Threat, tool, or both?
Public attitudes toward Artificial Intelligence AI are changing, and we wanted to understand why. A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. Peop...
Meta’s AI support bot happily handed Instagram accounts to hackers
Customer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram...
Fake Claude search results lure Mac users into ClickFix attack
Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...
Microsoft says Edge’s plaintext password behavior is “by design”
Some time ago, we discussed whether you should allow your browser to remember your passwords. In that article we mentioned the importance of encryption. “ With a browser password manager, someone with access to your browser could see your passwords in clear text, although Windows can be set to as...
If a fake moustache can fool age checks, is the Online Safety Act working?
A report based on a survey by the UK’s Internet Matters shows that much of the responsibility for managing the online safety of children still falls on families. The Online Safety Act came into effect in July, 2025, and the report explores what has changed in the online lives of UK families since...
A week in security (March 23 – March 29)
Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...
Microsoft Authenticator could leak login codes—update your app now
A vulnerability in Microsoft Authenticator for both iOS and Android CVE-2026-26123 could leak your one-time sign-in codes or authentication deep links to a malicious app on the same device. Deep links are predefined URIs Uniform Resource Identifiers that allow direct access to an activity in a we...
New ClickFix wave infects users with hidden malware in images and fake Windows updates
Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...
McDonald’s AI bot spills data on job applicants
McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password “12345.”...
Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online
When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...
Android users bombarded with unskippable ads
Researchers have discovered a very versatile ad fraud network—known as Kaleidoscope—that bombards users with unskippable ads. Normally, ad fraud is not a concern for users of infected devices. They might experience some sluggish behavior on their device, but often that’s the extent of it. Ad frau...
“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data
Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...
On world password day, Microsoft says fewer passwords, more passkeys
And we agree. If there is a cybersecurity themed day that we would like to get rid as soon as possible it’s world password day. Sorry, old friend, but you’re outdated, and it looks like your days are numbered. Let's switch to passkeys. To quote Microsoft: “As the world shifts from passwords to...
Apple AirPlay SDK devices at risk of takeover—make sure you update
Researchers found a set of vulnerabilities in Apple’s AirPlay SDK that put billions of users at risk of their devices being taking over. AirPlay is Apple's proprietary wireless technology that allows you to stream audio, video, photos, and even mirror your device's screen from an iPhone, iPad, or...
Hertz data breach caused by CL0P ransomware attack on vendor
The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...
A week in security (March 24 – March 30)
Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks "This fraud destroyed my life." Man ends up with criminal record after ID was stolen Moving from WhatsApp to Signal: A good idea? Security expert Troy Hunt hit by phishing attack Booking.com phish uses fake...
Android zero-day vulnerabilities actively abused. Update as soon as you can
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, th...
Data brokers should stop trading health and location data, new bill proposes
Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international...
A week in security (November 4 – November 10)
Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...
Google Manifest V3 and Malwarebytes Browser Guard
We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, theres no need for you to worry...
Dangerous monitoring tool mSpy suffers data breach, exposes customer details
In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor ...
US bans Kaspersky, warns: “Immediately stop using that software”
The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the...
Financial sextortion scams on the rise
“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charli...
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
How to remove a user from a shared Android device
Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user. For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your...
A week in security (May 6 – May 12)
Last week on Malwarebytes Labs: Dell notifies customers about data breach DocGo patient health data stolen in cyberattack Desperate Taylor Swift fans defrauded by ticket scams Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10 Last week on ThreatDown:...
Signal to shield user phone numbers by default
Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal h...
Known ransomware attacks up 68% in 2023
Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is "Big Game" ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast...
AI likely to boost ransomware, warns government body
The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...
Google failing to scrub abortion access in location history, study claims
Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that. The findings, which wer...
Microsoft disables ms-appinstaller after malicious use
In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that its turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a devic...
The sound of you typing on your keyboard could reveal your password
As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...
Battling a new DarkGate malware campaign with Malwarebytes MDR
First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...
Meta and TikTok consider charging users for ad-free experience
According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions...
The privacy perils of the Metaverse
A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. T...
Smart chastity device exposes sensitive user data
A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...
Alert Prioritization and Guided Remediation: The future of EDR
Sleepless nights, missed threats, a deluge of notifications--the common symptoms of the bane of IT teams everywhere: Alert fatigue. Out of the litany of problems IT teams face every day, alert fatigue might be among the most pressing--especially considering that 30 percent of EDR alerts are ignor...
A week in security (August 7 - August 13)
Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...
Google’s “browse privately” is nothing more than a word play, lawyers say
Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as tha...
Microsoft Teams used in phishing campaign to bypass multi-factor authentication
Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data--be it email addresses, credit card numbers, or even medical records. There are the users--unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into...
Proposed Massachusetts law to ban sale of your mobile location data
Cellular location phone data may be banned from sale in the state of Massachusetts, under a proposed law set to ruffle some data broker feathers. The selling of location data has long been a point of contention for privacy experts. As with so much bulk user data, claims of anonymity from the...
How kids pay the price for ransomware attacks on education
Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met. We have to wonder how greedy any...
Malvertising: A stealthy precursor to infostealers and ransomware attacks
This article is based on research by Jerome Segura, Senior Director of Threat Intelligence at Malwarebytes, who oversees data collection from spam feeds and telemetry to identify the most relevant threats. Malvertising, the practice of using online ads to spread malware, can have dire...
Ransomware attackers email bemused students as leverage for a payout
The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...
New Discord username policy raises user privacy fears
Discord, the Voice over IP VoIP and instant message communications tool, is changing how usernames function in a major way soon. Many users are not keen on this change at all. What is going on over there, and why are so many people concerned about the upcoming alterations? When Discord launched...
The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11
Ransomware is becoming bespoke, and that could mean trouble for businesses and law enforcement investigators. It wasn't always like this. For a few years now, ransomware operators have congregated around a relatively new model of crime called "Ransomware-as-a-Service." In the...