Fake Etsy invoice scam tricks sellers into sharing credit card information

This article was researched and written by Stefan Dasic, manager, research and response forThreatDown, powered by Malwarebytes. As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers. Unfortunately, a...

Apple ordered to grant access to users’ encrypted data

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections. The UK government has demanded to be able to access encrypted data store...

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...

Warning: Don’t sell or buy a second hand iPhone with TikTok already installed

After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Reportedly, people are selling iPhones that have TikTok installed for up to $25,000. This may require some explanation, so bear with me. TikTok has had a rough time in the US the last weeks. The ban we...

PlugX malware deleted from thousands of systems by FBI

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...

Some weeks in security (December 16 – January 5)

During the holiday period on Malwarebytes Labs we covered: A day in the life of a privacy pro, with Ron de Jesus Lock and Code S05E26 Task scams surge by 400%, but what are they? 5 million payment card details stolen in painful reminder to monitor Christmas spending AI-generated malvertising "whi...

A week in security (November 18 – November 24)

Last week on Malwarebytes Labs: Meta takes down more than 2 million accounts in fight against pig butchering "Sad announcement" email implies your friend has died Update now! Apple confirms vulnerabilities are already being exploited AI Granny Daisy takes up scammers’ time so they can’t bother yo...

Large eBay malvertising campaign leads to scams

Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared...

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

The Federal Bureau of Investigation FBI has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication MFA a user has set up. Here's how it works. Most of us don’t think twice about checking the “Remember...

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...

Europol warns about counterfeit goods and the criminals behind them

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper,...

A week in security (September 30 – October 6)

Last week on Malwarebytes Labs: Facebook and Instagram passwords were stored in plaintext, Meta fined Android users targeted on Facebook and porn sites, served adware Fake Disney+ activation page redirects to pornographic scam Radiology provider exposed tens of thousands of patient files Not Blac...

Fake Disney+ activation page redirects to pornographic scam

A common way to activate digital subscriptions such as Netflix, Prime or Disney+ on a new TV is to visit a website and enter the code seen on your screen. It's much easier than having to authenticate using a remote and typing a username and password. Scammers are creating fake activation pages th...

Tor anonymity compromised by law enforcement. Is it still safe to use?

Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let's take a look at some...

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is...

Your partner “is cheating on you” scam asks you to pay to see proof

As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails. Last week we reported how cybercriminals are using photographs of targets homes in order to scare them into paying money. Now theyre throwing in the name of...

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...

A week in security (September 2 – September 8)

Last week on Malwarebytes Labs: Lowe’s employees phished via Google ads Planned Parenthood partly offline after ransomware attack "Hello pervert" sextortion scam includes new threat of Pegasus—and a picture of your home How to avoid election related scams London’s city transport hit by...

TDECU data breach affects half a million people

The Texas Dow Employees Credit Union TDECU has filed a data breach notification, reporting that the data of 500,474 people has been accessed in an external system breach. TDECU is the largest Houston-area credit union, and the fourth largest in the state of Texas. The credit union was founded by...

A week in security (August 19 – August 25)

Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...

Why you need to know about ransomware

Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people. Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomwa...

Dozens of Google products targeted by scammers via malicious search ads

In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Googles entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and...

Men report more pressure and threats to share location and accounts with partners, research shows

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes. The same analysis also revealed that, while men report more...

A week in security (July 29 – August 4)

Last week on Malwarebytes Labs: Threat actor impersonates Google via fake ad for Authenticator Scammers are impersonating cryptocurrency exchanges, FBI warns Meta to pay $1.4 billion over unauthorized facial recognition image capture Apple fixes Siri vulnerabilities that could have allowed...

US senators ask FTC to investigate car makers’ privacy practices

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have...

A week in security (July 22 – July 28)

Last week on Malwarebytes Labs: Meta takes down 63,000 sextortion-related accounts on Instagram Windows update may present users with a BitLocker recovery screen TracFone will pay $16 million to settle FCC data breach investigation Google admits it can’t quite quit third-party cookies Heritage...

Number of data breach victims goes up 1,000%

Nope, that headlines not a typo. Over one thousand percent. The Identity Theft Resource Center ITRC tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 81,958,874 victims. The ITRC is a national non-profit organization set up with the goal of minimizing the ri...

“Nearly all” AT&T customers had phone records stolen in new data breach disclosure

In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of "nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023". In a filing with the Securities and Exchang...

MongoDB warns customers about data breach after cyberattack

Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including syst...

Healthcare giant Norton breach leads to theft of millions of patient records

Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents. Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said...

“Amazon got hacked” messages are a false alarm

Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these depending on the social media platform: “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery...

A week in security (November 27 – December 3)

Last week on Malwarebytes Labs: Explained: Domain fronting Will ChatGPT write ransomware? Yes. Associated Press, ESPN, CBS among top sites serving fake virus alerts Meta sued over forcing users to pay to stop tracking Update now! Chrome fixes actively exploited zero-day vulnerability Many major...

Child health data stolen in registry breach

Canadian healthcare organization Better Outcomes Registry & Network BORN has disclosed a data breach affecting client data. BORN--an Ontario perinatal and child registry that collects, interprets, shares, and protects critical data about pregnancy, birth, and childhood--says it was attacked on Ma...

Microsoft AI researchers accidentally exposed terabytes of sensitive data

Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldnt be necessary. It should speak for itself that you dont just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming...

Ransomware groups claim responsibility for double-attack on Yamaha

Music giant Yamahas Canadian division has experienced a compromise on two different fronts, both related to ransomware. In an attack which has worrying echoes of the recent Estee Lauder attack, multiple attackers have claimed to breach the organisation. Yamaha Canada Music had the following to sa...

How small businesses can secure employees' mobile devices

Fact: 77% of organizations are convinced they're capable of protecting their mobile devices--smartphones, tablets, and laptops including Chromebooks--from cybersecurity threats. Another fact: A third of those organizations aren't protecting their mobile devices at all. And that matters--in its...

A week in security (April 24 -30)

Last week on Malwarebytes Labs: LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities Update now: Critical flaw in VMWare Fusion and VMWare Workstation Magecart threat actor rolls out convincing modal forms Fileless attacks: How attackers evade traditional AV and how to...

US Department of the Interior's passwords "easily cracked"

It's bad news for the US Department of the Interior--a Government watchdogs security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. The audit's wordy title was not kind: P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, La...

Romance scammer given 25 years of alone time

Romance scams are often low risk, high reward strategies for ciminals, who use them to steal large sums of money from vulnerable people in the cruellest ways possible. Once the victim wires the cash, theres a good chance that its never coming back. The perpetrator has almost certainly covered the...

Nintendo warns of imitation websites and suspicious hardware

Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a long history of crunching down on fraud, as well as gaming past-times some would consider to be harmless. Whether you create fan-made games, offer up plundered ROMs for use in...

Document delivery scams: What are they and what’s their goal?

One of Malwarebytes' managers recently received a call from scammers pretending to be a document delivery service. The voicemail sounded official: “I am calling on behalf of document delivery services. We have been retained to schedule and deliver legal documents to you between the hours of 8 AM...

Nearly 15,000 infected websites cleaned in SocGholish crackdown

We’re always happy to end the week with some positive news. A law enforcement action called Operation Endgame just delivered a major win against the long‑running SocGholish aka FakeUpdates operation. SocGholish is a malware framework that has been active since at least 2017 and is best known for...

Rokarolla Android malware can take over your phone and steal banking logins

Researchers have analyzed a new Android banking Trojan called Rokarolla. It can effectively take over a device, steal banking and crypto login details from more than 200 apps, and quietly monitor much of what you do on your phone. On an infected device, Rokarolla steals banking and crypto login...

Stolen iPhones could soon be worth a lot less to thieves

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with direct data sharing between Apple and law enforcement. In 2023, about 1.4 million mobile phon...

Scammers love Meta, according to Lloyds Bank

Scammers go phishing wherever the victims are. In the UK, that means Facebook, Instagram, and WhatsApp, according to Lloyds Bank. It just revealed that Meta platforms account for over two thirds of fraud reports made by its customers. Writing in The Sunday Times, Lloyds Bank's fraud prevention...

Facebook scam promises cheap Aldi meat boxes, steals payment info instead

Sometimes you spot posts on social media that make you wonder if any moderation takes place at all. Which is concerning, because two- thirds of all online shopping scams now start on Facebook and Instagram. Online shopping scams are alarmingly common and have become one of the most frequently...

Meta’s confusing new approach to chat privacy

Recent news had us wondering whether Meta actually knows what it wants. On one platform, Meta is promoting AI chats that it says even it cannot read. On another, it has removed one of the few features that genuinely prevented Meta from accessing private conversations. "Meta removed support for...

Texas sued Netflix over claims it secretly collected and sold users’ data

Attorney General AG of Texas Ken Paxton announced that he sued Netflix for spying on Texans, including children, and collecting users’ data without their knowledge or consent. The suit alleges Netflix secretly tracks and monetizes detailed viewing behavior of users, including children, while...

A week in security (May 4 – May 10)

Last week on Malwarebytes Labs: Microsoft says Edge’s plaintext password behavior is "by design" ShinyHunters escalates Canvas attacks with school login defacements Massive AI investment scam network spans 15,500 domains If a fake moustache can fool age checks, is the Online Safety Act working?...

Update WhatsApp now: Two new flaws could expose you to malicious files

Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been...