4706 matches found
Tea Dating Advice app has users’ private messages disclosed
A few days after Tea Dating Advice discovered unauthorized access to one of its systems that leaked 72,000 user images, the popular mobile app faced a second issue involving a separate database, as a researcher reported to 404Media that they were able to access private conversations. Tea Dating...
Corpse-eating selfies, and other ways to trick scammers (Lock and Code S06E14)
This week on the Lock and Code podcast … There’s a unique counter response to romance scammers. Her name is Becky Holmes. Holmes, an expert and author on romance scams, has spent years responding to nearly every romance scammer who lands a message in her inbox. She told one scammer pretending to ...
Fake bank ads on Instagram scam victims out of money
Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal BMO and EQ Bank Equitable Bank in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence AI...
Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts
Search hijacking, often referred to as browser hijacking, occurs when cybercriminals modify users’ browser settings without their consent. This often results in users being redirected to potentially malicious websites, such as fake customer service offerings. Search hijacking commonly happens...
How Los Angeles banned smartphones in schools (Lock and Code S06E10)
This week on the Lock and Code podcast … There's a problem in class today, and the second largest school district in the United States is trying to solve it. After looking at the growing body of research that has associated increased smartphone and social media usage with increased levels of...
Tired of Google sponsored ads? So are we! That’s why we’re introducing the option to block them on iOS
Sponsored ads on Google search don’t just irritate users—they also provide a dangerous opportunity for cybercriminals to spread malware and scams to their unsuspecting victims. What looks like a harmless search result can be a carefully disguised trap. At Malwarebytes, our researchers have...
Text scams grow to steal hundreds of millions of dollars
Text scams alone cost US citizens at least $470 million in 2024, according to new data from the US Federal Trade Commission FTC. Because many scams go unreported, though, this dollar amount might be considerably more. The FTC illustrated this with a graph comparing the reported losses to the numb...
Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home
When you next type something sensitive on your computer keyboard, be sure that no-one else is watching. A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malwareware. In a class action lawsuit, six women have accused...
Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO
In response to growing worries about the safety of children using Roblox, the CEO of the company has said to parents: "My first message would be, if you're not comfortable, don't let your kids be on Roblox." Roblox is one of the most popular gaming platforms, especially among young children...
Ransomware threat mailed in letters to business owners
Business owners and CEOs across the United States received customized ransomware threats this month from the most unusual of places—letters in the mail. The letters, which were first reported by multiple cybersecurity researchers, claim to come from a ransomware group called BianLian. But since...
Google Docs used by infostealer ACRStealer as part of attack
An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack, according to researchers. ACRStealer is often distributed via the tried and tested method of download as cracks and keygens, which are used in software piracy. The infostealer has bee...
Malwarebytes introduces native ARM support for Windows devices
For the last four years, Malwarebytes has been protecting ARM-based machines running on Apple’s M-series processors. Now, we’ve expanded our protection range to include ARM-based Windows machines such as Copilot+ PCs, including Microsoft Surface Pro, Lenovo Yoga Slim and ThinkPad, and Dell...
Hard drives containing sensitive medical data found in flea market
Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had...
A week in security (January 27 – February 2)
Last week on Malwarebytes Labs: ClickFix vs. traditional download in new DarkGate campaign Cybercrime gets a few punches on the nose Microsoft advertisers phished via malicious Google ads The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? These are the 10...
UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach
UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October. In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals...
PlugX malware deleted from thousands of systems by FBI
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...
Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans
Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't...
The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)
This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...
iMessage text gets recipient to disable phishing protection so they can be phished
A smishing SMS phishing campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple's built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is...
Pallet liquidation scams and how to recognize them
Pallet liquidation scams target people looking to purchase pallets of supposedly discounted merchandise, often from major retailers like Amazon. Groups that engage in pallet liquidation sales are rampant on social media and it’s hard to discern the scammers from the legitimate ones to be honest,...
AI-generated malvertising “white pages” are fooling detection engines
This is no secret, online criminals are leveraging artificial intelligence AI and large language models LLMs in their malicious schemes. While AI tends to be abused to trick people i.e. deepfakes in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, thi...
Americans urged to use encrypted messaging after large, ongoing cyberattack
A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...
Meta takes down more than 2 million accounts in fight against pig butchering
Meta provided insight this week into the company's efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The...
Malicious QR codes sent in the mail deliver malware
Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre NCSC. The letters are sent as if they come from the official Swiss Federal Office of Meteorology and...
Warning: Online shopping threats to avoid this Black Friday and Cyber Monday
.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id1206714424da-98margin-top:0px;margin-bottom:var--global-kb-spacing-xl, 4rem;.kb-row-layout-id1206714424da-98 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id1206714424da-98 .kt-row-column-wrap...
A week in security (September 30 – October 6)
Last week on Malwarebytes Labs: Facebook and Instagram passwords were stored in plaintext, Meta fined Android users targeted on Facebook and porn sites, served adware Fake Disney+ activation page redirects to pornographic scam Radiology provider exposed tens of thousands of patient files Not Blac...
Malwarebytes Personal Data Remover: A new way to help scrub personal data online
There’s an awful lot about you online that some awful groups want to exploit. The right combination of personal data points could help an identity thief fool a bank into opening a new, fraudulent line of credit in your name. Your alma mater, salary, and email address could help an online scammer...
Walmart customers scammed via fake shopping lists, threatened with arrest
Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lists, a kind of virtual shopping list customers can share with family and...
23andMe to pay $30 million in settlement over 2023 data breach
Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. In October 2023, we reported on how information belonging to as many as seven...
PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data
Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is...
Your partner “is cheating on you” scam asks you to pay to see proof
As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails. Last week we reported how cybercriminals are using photographs of targets homes in order to scare them into paying money. Now theyre throwing in the name of...
What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)
This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...
Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)
This week on the Lock and Code podcast… Every age group uses the internet a little bit differently, and it turns out for at least one Gen Z teen in the Bay Area, the classic approach to cyberecurity—defending against viruses, ransomware, worms, and more—is the least of her concerns. Of far more...
Malwarebytes awarded Parent Tested Parent Approved Seal of Approval
We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents a...
Security company ADT announces security breach of customer data
Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision SEC to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” An 8-K is a report of unscheduled...
Men report more pressure and threats to share location and accounts with partners, research shows
Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes. The same analysis also revealed that, while men report more...
SIEM is not storage, with Jess Dodson (Lock and Code S05E16)
This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as "Security Information and Event Management" is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a te...
AI device Rabbit r1 logged user interactions without an option to erase them before selling
Rabbit, the manufacturer of the Artificial Intelligence AI assistant r1 has issued a security advisory telling users its found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that...
MongoDB warns customers about data breach after cyberattack
Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including syst...
“Amazon got hacked” messages are a false alarm
Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these depending on the social media platform: “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery...
A week in security (October 9 - October 15)
Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...
Royal Mail schools LockBit in leaked negotiation
The LockBit group has finally given up any prospect of extracting a ransom from Royal Mail and published the files it stole from the company in a recent ransomware attack. The leak brings weeks of negotiations to a close, leaving Royal Mail without a decryptor, and LockBit without a payday...
FTC bans SpyFone and its CEO from continuing to sell stalkerware
Nearly two years after the US Federal Trade Commission first took aim against mobile apps that can non-consensually track people’s locations and pry into their emails, photos, and videos, the government agency placed restrictions Wednesday on the developers of SpyFone—which the FTC called a...
How World Cup crypto prediction sites take your money
Crypto prediction and betting sites are appearing around the World Cup, and researchers have already tracked scams aimed at fans, including fake ticketing, fixed-match betting, prediction scams, and fan-branded meme coins. We investigated one prediction site ourselves. While we aren't claiming...
Claude Code’s hidden tracker was an “experiment,” says Anthropic
As a developer, you want to use tools you can trust and rely on. One researcher took that idea seriously enough to scrutinize their local Claude Code 2.1.196 installation. For developers using AI assistants with access to their code, files, and terminal, understanding what those tools are doing...
NetNut botnet takes a hit. Don’t be part of the next one.
In a joint operation, Google, the FBI, and other partners have dealt a significant blow to the residential proxy ecosystem by disrupting the NetNut also tracked as Popa botnet. NetNut is a malicious service built on millions of hijacked consumer devices. NetNut marketed itself as a high-quality...
Update Chrome to patch critical browser security flaws
Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild. The stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and...
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days
This month’s Patch Tuesday fixes 206 security flaws in Microsoft software, making it the biggest Patch Tuesday release ever. The update includes 32 critical vulnerabilities, as well as three publicly disclosed zero-days. Microsoft classifies these as zero-days because information about the...
Attackers adopt JavaScript runtime Bun to spread NWHStealer
In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...
Millions of students’ personal data stolen in major education breach
Instructure, the company behind the Canvas learning management system LMS, confirmed a cyber incident and subsequent data breach affecting its cloud‑hosted environment. The ShinyHunters ransomware group claims it is behind the attack and says it stole roughly 275 million records tied to students,...