WhatsApp spear phishing campaign uses QR codes to add device

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations NGOs, according to new details revealed by Microsoft. The group, which Microsoft tracks...

BayMark Health Services sends breach notifications after ransomware attack

BayMark Health Services, Inc. BayMark notified an unknown number of patients that attackers stole their personal and health information. BayMark profiles itself as North America’s largest provider of medication-assisted treatment MAT for substance use disorders helping tens of thousands of...

Google Chrome AI extensions deliver info-stealing malware in broad attack

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence AI tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate...

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and...

“Hilariously insecure”: Andrew Tate’s The Real World breached, 800,000 users affected

Andrew Tate's online education platform The Real World—formerly known as Hustlers University—has been hacked and user data has been stolen. Hacktivists flooded the primary chatroom with emojis as proof that they had breached the site. After this they shared approximately 794,000 usernames of,...

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...

A week in security (October 21 – October 27)

Last week on Malwarebytes Labs: 100 million US citizens officially impacted by Change Healthcare data breach Pinterest tracks users without consent, alleges complaint After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data LinkedIn bots and spear...

Upload a video selfie to get your Facebook or Instagram account back

Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts...

Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals

Your television is debuting the latest, most captivating program: You. In a report titled “How TV Watches Us: Commercial Surveillance in the Streaming Era,” the Center for Digital Democracy CDD spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern...

Exposing the Facebook funeral livestream scam (Lock and Code S05E21)

This week on the Lock and Code podcast … Online scammers were seen this August stooping to a new low—abusing local funerals to steal from bereaved family and friends. Cybercrime has never been a job of morals calling it a "job" is already lending it too much credit, but, for many years, scams...

Radiology provider exposed tens of thousands of patient files

An anonymous person has disclosed that they gained online access to a radiologist's platform that hosted patient information using stolen credentials. I-MED Radiology is Australia’s leading medical imaging provider. Their clinics offer a range of imaging procedures including MRI, CT, x-ray,...

A week in security (September 23 – September 29)

Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the vir...

iOS 18 is out. Here are the new privacy and security features

On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements. One of the most promising new features is the new Passwords app. Built on the foundation of Apple's password management system Keychain, Passwords makes ...

Scammers advertise fake AppleCare+ service via GitHub repos

Weve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository...

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

After using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the “Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the infamous Pegasus spyware and adding pictures of your home environment. They do thi...

Toyota confirms customer and employee data stolen, says breach at third party to blame

Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the...

Stolen data from scraping service National Public Data leaked online

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “National Public Data” which was allegedly breached by a cybercriminal group by the name of...

Magniber ransomware targets home users

If you’ve been following any news about ransomware, you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And its back, with full force,...

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

How AI will change your credit card behind the scenes

Many companies are starting to implement Artificial Intelligence AI within their services. Whenever there are large amounts of data involved, AI offers a way to turn that pile of data into actionable insights. And theres a big chance that our data are somewhere in that pile, whether they can be...

“No social media ’til 16,” and other fixes for a teen mental health crisis, with Dr. Jean Twenge: Lock and Code S04E10

This week on the Lock and Code podcast… You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological experiment, ...

A week in security (April 1 – April 7)

A list of topics we covered in the week of April 1 to April 7 of 2024 Last week on Malwarebytes Labs: 60% of small businesses are concerned about cybersecurity threats Cookie consent choices are just being ignored by some websites Bing ad for NordVPN leads to SecTopRAT Jackson County hit by...

Deepfake Taylor Swift images circulate online, politicians call for laws to ban deepfake creation

Deepfake images of Taylor Swift have really made some serious waves. Explicit images of the popstar, generated by Artificial Intelligence AI were posted on social media and Telegram. The images were viewed millions of times. The impact of the deepfake was enormous. Social media platform X formerl...

A week in security (January 22 – January 28)

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware,...

Cybersecurity spend to soar in 2024: How companies can maximize their investment

"Spend smarter, not harder" is the mantra for 2024, as Gartner forecasts a 14.3% jump in global security and risk management spending—an uptick which brings a renewed focus on the need for cost-effective cybersecurity investments. Inefficient cybersecurity spending, a known problem, becomes even...

Apple now requires a judge’s order to hand over your push notification data

Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies arent allowed to tell users about it happening. The content of the notifications is diverse. It ranges from a weather app warning you about rain to ...

Many major websites allow users to have weak passwords

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study, the researchers designed an algorithm that automatically determined a website’s password policy. With...

A week in security (October 16 - October 22)

Last week on Malwarebytes Labs: Ragnar Locker ransomware group taken down IT administrators' passwords are awful too The hot topics from Europe's largest trade fair for IT security Clever malvertising attack uses Punycode to look like KeePass's official website 3 crucial security steps people...

Clever malvertising attack uses Punycode to look like KeePass’s official website

Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common...

[updated] 23andMe user data stolen, offered for sale

Information belonging to as many as seven million 23andMe customers has been put up for sale on criminal forums following a credential stuffing attack against the genomics company. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that threat actors had "obtained...

Food delivery robots give captured video footage to police

In what sounds like a new step towards Skynet, footage from a food delivery robot has been used as part of a criminal investigation. As 404 Media reports, the food delivery robots that are deployed for Uber Eats in Los Angeles are operated by Serve Robotics, which ultimately wants to deploy up to...

Credit card thieves target Booking.com customers

Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...

3 reasons why your endpoint security is not enough

Despite widespread deployment of endpoint protection solutions, cyberattacks continue to make headlines, affecting organizations of all sizes and sectors. Recent statistics reveal that 70% of companies were impacted by ransomware last year State of Malware Report 2023, Malwarebytes, and 83%...

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internets youngest users, children. Children have always inherit...

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...

A week in security (September 4 - September 10)

Last week on Malwarebytes Labs: Supply chain related security risks, and how to protect against them Password-stealing Chrome extension smuggled on to Web Store Smart chastity device exposes sensitive user data X wants your biometric data Mac users targeted in new malvertising campaign delivering...

Victim records deleted after spyware vendor compromised

Anonymous hackers have breached the servers of spyware app "WebDetetive", accessing the user database. However, this doesnt appear to be a typical compromise along the lines of stealing the data, according to Tech Crunch. Instead, its part of a slow move toward "spying" apps being attacked and...

Amazon in-van delivery driver footage makes its way online

Footage from technology used to monitor Amazon delivery drivers is leaking onto the internet. AI-enabled equipment which keeps an eye on the drivers speed, location, and other activities is part of the growing trend of workplace surveillance. In theory where drivers are concerned it could flag a...

Tax preparation firms shared sensitive information with Meta

A group of seven US senators has sent a letter to the heads of the IRS, the Department of Justice, the Federal Trade Commission and the IRS watchdog, revealing that they have found evidence that reveals "a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms." According...

How to secure your business before going on vacation

For many, the summer months should be a time of peace: Maybe taking some vacation, maybe strolling across warm, soft sands as sapphire waves lap up against your feet, maybe even spending time with family that you like. But for determined cybercriminals, these periods of near-universal rest and...

Understanding ransomware reinfection: An MDR case study

Ransomware is like that stubborn cold that you thought you kicked, but creeps back up determined to run amok again. The question is what medicine is available to kick this nasty infection for good. In this post, we'll break down the idea of ransomware reinfection and share a real-life episode whe...

9 basic security tips for seniors

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren't, this guide is for you. If youre offended by the word seniors in the title, feel free to replace it with "computer illiterate people." And keep in...

A week in security (June 19 - 25)

Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...

Webinar recap: EDR vs MDR for business success

Did you miss our recent webinar on EDR vs. MDR? Don't worry, we've got you covered! In this blog post, we'll be recapping the highlights and key takeaways from the webinar hosted by Marcin Kleczynski, CEO and co-founder of Malwarebytes, and featuring guest speaker Joseph Blankenship, Vice Preside...

Windows 11 is showing its first signs of Rust

Some important changes are heading to Windows which should make the operating system quite a bit more secure than it is now. At the end of April, Microsofts VP of OS Security and Enterprise referenced upcoming changes to Windows involving the programming language Rust. Rust matches the performanc...

Brightline breach hits at least 964,000 people, US records show

A pediatric behavioral health startup called Brightline informed its customers that their protected health data may have been stolen as part of a separate ransomware attack on a Brightline third-party service provider. "Based on the investigation, we identified a limited amount of protected healt...

The one and only password tip you need

OK, its time for me to keep a promise. Back in October 2022, I wrote an article called Why almost everything we told you about passwords was wrong. The article summarizes how a lot of what youve been told about passwords over the years was either wrong change your passwords as often as your...

A week in security (April 17 - 23)

Last week on Malwarebytes Labs: Fake Chrome updates spread malware Woman tracks down and turns table on Airbnb scammer Update Chrome now! Google patches actively exploited flaw Beware: Fake IRS tax email wants your Microsoft account Ransomware in Germany, April 2022 - March 2023 Living Off the La...

Don't plug your phone into a free charging station, warns FBI

In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or...

IoT garage door exploit allows for remote opening attack

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabeta...