A week in security (February 5 – February 11)

Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers. We also covered several methods of stealing cryptocurrencies, including on...

Tech support scammers find new way to jam Google Chrome (updated)

Update 1 2018-02-07: This issue with Google Chrome was reported here and merged here. Update 2 2018-02-07: Firefox and Brave seem to be affected by this bug as well both vendors were informed. During the past quarter we have noted an increase in fake browser alerts pushing tech support scams. Mos...

A week in security (January 29 – February 04)

Last week on Labs, we looked into PUPs stealing and using mainstream logos of security and tech companies to further gain user trust, GandCrab and Scarab ransomware variants in the wild, and a new Mac malware called OSX.CreativeUpdater that can be distributed via MacUpdate. We also profiled...

How cryptocurrency mining works: Bitcoin vs. Monero

Ever wondered why websites that are mining in the background don’t mine for the immensely hot Bitcoin, but for Monero instead? We can explain that. As there are different types of cryptocurrencies, there are also different types of mining. After providing you with some background information abou...

Fireball arrests made

Following some arrests in China, we may see a decrease in the amount of adware and adfraud hailing from the Rafotech labs. According to some reports 250 million machines may have been infected with one variant or another of Rafotechs’ products. We have shared some information about the potential...

Solution Corner: Malwarebytes Endpoint Protection

We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint...

A week in security (Jun 05 – Jun 11)

Last week, we interviewed our very own Pieter Arntz to get to know him a little better. We also touched on the importance of HTTPS and focused on a new social engineering scheme that triggers on mouse movement. We also took a deeper look at LatentBot, a Trojan that is being distributed by the RIG...

Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software

During our recent threat hunting activities, we found EtherRAT malware being distributed by a website with a strange homepage. This homepage allowed us to discover a vast malicious infrastructure distributing malware, malicious documents, remote desktop software, and phishing pages. EtherRAT is a...

Fake verification pages are stealing Steam accounts from players

Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...

Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety

A damaging new report from Ofcom, the UK's communications regulator, has delivered a stark verdict: TikTok and YouTube's content feeds are "not safe enough" for children. This isn't just another regulatory slap on the wrist. Ofcom is putting out a wake-up call for anyone working in cybersecurity,...

May 2026 Patch Tuesday: no zero-days but plenty to fix

This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsof...

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

Microsoft Office zero-day lets malicious documents slip past security checks

Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classifie...

Stalkerware apps go dark after data breach

A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation. Now Malwarebytes has learned that the company has taken down other apps too. Back in February, news emerged of a stalkerware app compromise...

AI is getting “creepy good” at geo-guessing

If you are worried about revealing your exact location—or if you maybe even fib about it at times—there are some good reasons to worry about what is visible in background photos, because Artificial Intelligence AI is getting very good at guessing where you are based on the smallest of clues. And...

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Both vulnerabilities allowed an attacker to bypass the memory...

Hi, robot: Half of all internet traffic now automated

If you sometimes feel that the internet isn't the same vibrant place it used to be, you're not alone. New research suggests that most of the traffic traversing the network isn't human at all. Bots software programs that interact with web sites have been ubiquitous for years. But in its 2025 Bad B...

“I sent you an email from your email account,” sextortion scam claims

In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a...

A week in security (April 7 – April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

Security expert Troy Hunt hit by phishing attack

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldest—and most proven—scams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunt’s chosen newsletter provider Mailchimp, scammers stole roughly...

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

The genetic testing company 23andMe filed for bankruptcy on Sunday, announcing that, in searching for financial stability through its sale to a new owner, the business will continue operating as normal, including in how customer data is handled. “The company intends to continue operating its...

Millions of stalkerware users exposed again

There are many reasons not to use stalkerware, but the risk of getting exposed yourself seems to be a recurring deterrent, according to a new investigaton. As we have reported many times before, stalkerware-type apps are coded so badly that it’s possible to gain access to the back-end databases a...

20 million OpenAI accounts offered for sale

A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. Post by emirking A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to...

A week in security (January 6 – January 12)

Last week on Malwarebytes Labs: Dental group lied through teeth about data breach, fined $350,000 AI-supported spear phishing fools more than 50% of targets US Cyber Trust Mark logo for smart devices is coming GroupGreeting e-card site attacked in "zqxq" campaign Massive breach at location data...

US Cyber Trust Mark logo for smart devices is coming

The White House announced the launch of the US Cyber Trust Mark which aims to help buyers make an informed choice about the purchase of wireless internet-connected devices, such as baby monitors, doorbells, thermostats, and more. The cybersecurity labeling program for wireless consumer Internet o...

Is nowhere safe from AI slop? (Lock and Code S05E27)

This week on the Lock and Code podcast … You can see it on X. You can see on Instagram. It's flooding community pages on Facebook and filling up channels on YouTube. It's called "AI slop" and it's the fastest, laziest way to drive engagement. Like "click bait" before it "You won't believe what...

Our Santa wishlist: Stronger identity security for kids

Sorry for the headline, but we have to get creative to get anyone to read an article on a Friday like this one, even if it is an important story. As we enter the holidays and parents begin to rest after another hectic year of shopping for their kids, Malwarebytes Labs wants to draw some attention...

Task scams surge by 400%, but what are they?

An unfamiliar type of scam has surged against everyday people, with a year-over-year increase of some 400%, putting job seekers at risk of losing their time and money. The emerging threat is delivered in "task scams" or "gamified job scams." While these scams were virtually non-existent in 2020,...

TikTok ban in US: Company seeks emergency injunction to prevent it

TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US. Back in March, the House of Representatives passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance agreed to give up its share of the immensely popular...

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers...

Pinterest tracks users without consent, alleges complaint

Pinterest has received a complaint from privacy watchdog noyb None of your business over the unsolicited tracking of its users. Pinterest allows you to pin images to virtual pinboards; useful for interior design, recipe ideas, party inspiration, and much more. It started as a virtual replacement...

Lowe’s employees phished via Google ads

In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowes has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits. Lowes employees who searched for "myloweslife" during th...

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs: Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign Fake Canva home page leads to browser lock Telegram CEO Pavel Durov charged with allowing criminal activity CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets SMS...

Meta to pay $1.4 billion over unauthorized facial recognition image capture

Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.” The prime reason for the initial lawsuit that led to the...

CrowdStrike update at center of Windows “Blue Screen of Death” outage

A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” BSOD, grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more. The incident itself is not the...

iPhone users in 98 countries warned about spyware by Apple

In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users...

Authy phone numbers accessed by cybercriminals, warns Twilio

Twilio has warned users of the Authy multi-factor authentication MFA app about an incident in which cybercriminals may have obtained their phone numbers. Twilio said the cybercriminals abused an unsecured Application Programming Interface API endpoint to verify the phone numbers of millions of...

(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminal...

US residents targeted by utility scammers on Google

Back in February, we reported on malicious ads related to utility bills electricity, gas that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following...

How to remove a user from a shared Android device

Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user. For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your...

How to remove a user from a shared Mac

There will be times when you need to remove a user from a device. In this article well show you how to remove a user from a Mac. For a better understanding its good to understand the difference between an actual user of the device and a "sharing only user." On a Mac, you can use Sharing Only User...

Wireless carriers fined $200 million after illegally sharing customer location data

After four years of investigation, the Federal Communications Commission FCC has concluded that four of the major wireless carriers in the US violated the law in sharing access to customers’ location data. The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for...

FBI warns online daters to avoid “free” online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information...

How to protect yourself from online harassment

It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game. But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the...

How to back up your Windows 10/11 PC to OneDrive

They say the only backup you ever regret is the one you didnt make. Starting in Windows 10, the operating system OS now comes with a built-in tool to back up your files, themes, some settings, many of your installed apps, and your Wi-Fi information. First, you’ll need to sign in with your Microso...

Malicious meeting invite fix targets Mac users

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine...