4709 matches found
Ransomware: February 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...
Twitter makes the leap to Tor
Tor is getting another visibility boost for people who may not otherwise come into contact with it. The reason: an attempt to navigate increasing amounts of censorship. What is Tor? The Tor network is something designed to keep communications anonymous. A variety of tools exist to make use of it,...
A week in security (February 28 – March 6)
Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...
Four key cybersecurity practices during geopolitical upheaval
Russia’s continued invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war. Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomwa...
CISA calls for urgent action against critical threats
In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency CISA warns that every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. The warning specifically reminds readers of...
Cybercriminals’ friend VPNLab.net shut down by law enforcement
Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available. Led by the Central Criminal Office of the Hannover Police Department in Germany, the coordinated operation took place in Germany itself, the...
Some Android users can disable 2G now and why that is a good thing
The Electronic Frontier Foundation EFF has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and devi...
Card skimmers strike Sotheby’s in Brightcove supply chain attack
Over 100 real estate websites have been compromised by the same web skimmer in a supply chain attack. So what happened? On Monday, January 3, Palo Alto said it had found a supply chain attack that used a cloud video platform to distribute skimmer campaigns. The attacker injected the skimmer’s...
Careful! Uber flaw allows anyone to send an email from uber.com
On New Years Eve, Seif Elsallamy @0x21SAFE on Twitter, a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with "@uber.com", just like the one below:...
Purple Fox rootkit now bundled with Telegram installer
The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. Its not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for...
5 security lessons from 18 months of working from home
A little more than 20 months ago, many people around the world were asked or instructed to work from home to help slow the spread of COVID-19. It caused a seismic change to the way we all do business. Now, our latest research reveals how IT decision makers security concerns have been changed by...
Click “OK” to defeat MFA
Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that...
Massive faceprint scraping company Clearview AI hauled over the coals
Life must be hard for companies that try to make a living by invading people’s privacy. You almost feel sorry for them. Except I dont. The UK’s Information Commissioner’s Office ICO—an independent body set up to uphold information rights—has announced its provisional intent to impose a potential...
Hackers all over the world are targeting Tasmania’s emergency services
Emergency services—under which the police, fire, and emergency medical services departments fall—is an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well...
CronRAT targets Linux servers with e-commerce attacks
There’s an interesting find over at the Sansec blog, wrapping time and date manipulation up with a very smart RAT attack. The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web...
Could Apple’s new MacBooks signal a change in direction on security?
Apple recently announced a new line of completely overhauled MacBook Pros. Much has been written about their new design, new chips, new displays, new keyboards etc, but I thought I detected something else that might be new about these MacBooks too: A new approach. The updated laptops may be the...
Phone screenshots accidentally leaked online by stalkerware-type company
pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones. pcTattleTale markets itself as "employee and child monitoring software" that is undetectable by the device user, but it can also be used to spy on spouses and partners. It allows its...
Surviving college distance learning during the pandemic: a cybersecurity guide
Social distancing, the wearing of face masks, practicing hand hygiene, and disinfecting often-touched surfaces have become human necessities during the pandemic era. For schools, theyve also had to adapt quickly to incorporate distance learning methods that let students continue their studies. Bu...
New Android P includes several security improvements
According to the Android developer Program Overview, the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months Q3 2018. The end of the Android P beta program is approaching, with the first release candidate built and...
Online security tips for Valentine’s Day: how to beat the cheats
Valentine's Day is upon us once more, and so are lots of dating-friendly security tips. Read on and secure your profile, alongside one hopes the love of your life. 1. Not so hot singles in your area Many dating apps have geotagging enabled, regardless of whether you created your profile on a...
Tech support scammers find new way to jam Google Chrome (updated)
Update 1 2018-02-07: This issue with Google Chrome was reported here and merged here. Update 2 2018-02-07: Firefox and Brave seem to be affected by this bug as well both vendors were informed. During the past quarter we have noted an increase in fake browser alerts pushing tech support scams. Mos...
Explained: security certificates
As a result of my PowerShell series 1,2,3, where I used the handling of certificates as an example, mainly because I wanted a method to keep track easier of which certificates were being added by malware, I've have received some questions about how security certificates work and how they stopped...
Fireball arrests made
Following some arrests in China, we may see a decrease in the amount of adware and adfraud hailing from the Rafotech labs. According to some reports 250 million machines may have been infected with one variant or another of Rafotechs’ products. We have shared some information about the potential...
Adware the series, part 6
In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...
A week in security (Jun 05 – Jun 11)
Last week, we interviewed our very own Pieter Arntz to get to know him a little better. We also touched on the importance of HTTPS and focused on a new social engineering scheme that triggers on mouse movement. We also took a deeper look at LatentBot, a Trojan that is being distributed by the RIG...
ChatGPT produced graphic violent images that shocked researchers
AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how to make ChatGPT produce explicit material. Mindgard, a company that tests AI engines for weaknesses, found that ...
Fake domain renewal emails trick website owners into paying scammers
You receive an email warning that your website's domain name is about to expire. Renew now, it says, or your website and email could stop working. The link opens a professional-looking page that already knows your domain name, displays your registrar and expiry date, and starts a countdown timer...
Rokarolla Android malware can take over your phone and steal banking logins
Researchers have analyzed a new Android banking Trojan called Rokarolla. It can effectively take over a device, steal banking and crypto login details from more than 200 apps, and quietly monitor much of what you do on your phone. On an infected device, Rokarolla steals banking and crypto login...
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software
During our recent threat hunting activities, we found EtherRAT malware being distributed by a website with a strange homepage. This homepage allowed us to discover a vast malicious infrastructure distributing malware, malicious documents, remote desktop software, and phishing pages. EtherRAT is a...
Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)
This week on the Lock and Code podcast … If you weren't taking deepfakes seriously before, it's too late now to ignore them. According to new research from Malwarebytes, one in three people who use AI every day said it's okay to generate pornography of people without their consent. Nearly 10 year...
Meta’s face-recognition code raises new concerns about smart glasses
Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...
A week in security (June 1 – June 7)
Last week on Malwarebytes Labs: Your phone called. It needs a cleanup. Fake BlueWallet steals passwords, accounts, and crypto from Macs Fake virus alerts are invading mobile games 23andMe exposed genetic information of millions, lawsuit says These convincing copyright notices are designed to stea...
23andMe exposed genetic information of millions, lawsuit says
California has sued the former shell of DNA testing company 23andMe over alleged security failures and misleading statements surrounding its 2023 data breach. On May 27, 2026, Attorney General Rob Bonta filed suit in San Francisco Superior Court against Chrome Holding Co., the company now handlin...
Your Windows PC has a security deadline in June 2026
A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The good news: If you...
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
Sometimes you spot posts on social media that make you wonder if any moderation takes place at all. Which is concerning, because two- thirds of all online shopping scams now start on Facebook and Instagram. Online shopping scams are alarmingly common and have become one of the most frequently...
Fake Google Antigravity downloads are stealing accounts in minutes
Somebody went looking for Google’s new Antigravity coding tool this week, clicked download, ran the installer, and got exactly what they thought they were getting. Antigravity installed cleanly. A shortcut appeared on the desktop. The application opened and worked. Nothing looked or felt wrong. B...
NSFW app leak exposes 70,000 prompts linked to individual users
MyLovely.AI, an AI “artwork” generation platform, has reportedly been compromised, affecting 106,362 registered users. The AI girlfriend app allows users to generate personalized NSFW content and engage in real-time conversations with AI-generated personas, often sharing highly personal prompts a...
Apple patches WebKit bug that could let sites access your data
Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites. What is it? The patched WebKit vulnerability is described as: “A cross-origin issue in the Navigation API was addressed with...
This Android vulnerability can break your lock screen in under 60 seconds
A vulnerability in Android devices can allow attackers to gain access to a phone in less than a minute. The vulnerability, tracked as CVE-2026-20435, affects certain MediaTek SoCs System-on-a-Chip using Trustonic’s TEE Trusted Execution Environment. That may sound rare, but reportedly that’s abou...
Scam Guard for desktop: A second set of eyes for suspicious moments
Scams aren’t so obvious anymore. They're well-written, have working grammar, and can lead victims to very convincing branded webpages. Scammers increasingly use AI tools to clone sites and create highly sophisticated scams at scale, so don't expect to rely on spotting obvious typos anymore. That’...
Flock cameras shared license plate data without permission
Mountain View, California, pulled the plug on its entire license plate reader camera network this week. It discovered that Flock Safety, which ran the system, had been sharing city data with hundreds of law enforcement agencies, including federal ones, without permission. Flock Safety runs an...
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
This week on the Lock and Code podcast … This is the story of the world's worst scam and how it is being used to fuel entire underground economies that have the power to rival nation-states across the globe. This is the story of "pig butchering." "Pig butchering" is a violent term that is used to...
Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer
Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer AMOS. Both Grok and ChatGPT were found to have been abused in these attacks. Forensic investigation of an AMOS alert showed the infection...
Reddit’s new AI-powered tools scan your posts to serve you better ads
Reddit has introduced two Artificial Intelligence AI tools which will use Reddit comments, posts, and conversations to help sellers make the most of the community. Reddit is a social media platform and online forum where users can share and discuss content across a wide range of topics. The...
Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities...
What does Facebook know about me? (Lock and Code S06E11)
This week on the Lock and Code podcast … There's an easy way to find out what Facebook knows about you—you just have to ask. In 2020, the social media giant launched an online portal that allows all users to access their historical data and to request specific types of information for download...
Zero-day attacks on browsers and smartphones drop, says Google
Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech. Zero-day vulnerabilities ar...
“Follow me” to this fake crypto exchange to claim $500
A type of crypto scam that we reported about in 2024 has ported over to a new platform and changed tactics—a bit. Where the old scams mostly reached me on WhatsApp, the same group of scammers is now using Direct Messages on X. However, the same old trick of "accidentally" sending you login detail...
Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”
Horn tooting time: We're excited to say we've earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET. PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on...
Child predators are lurking on dating apps, warns report
Using a dating app? Beware of your potential partner's motives. A report from Edinburgh University warns that child abusers are using these apps to find single parents with vulnerable children. The Searchlight 2025 report, from the University's Childlight Global Child Safety Institute, analyses t...