23andMe and its customers’ genetic data bought by a pharmaceutical org

The bankrupt genetic testing company 23andMe has been scooped up by drug producer Regeneron Pharmaceuticals for $256 million dollars. But why would a pharmaceutical company like Regeneron buy a bankrupt genetics testing company like 23andMe for such a large amount of money? Well, Regeneron is a...

PayPal scam abuses Docusign API to spread phishy emails

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We've received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface API allows “customers” to send emails that come from genuine...

Background check provider data breach affects 3 million people who may not have heard of the company

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing...

How AI was used in an advanced phishing campaign targeting Gmail users

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence AI in their scams. At the time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud scheme...

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Fuel for other malware and scam campaigns Indicators of Compromise Overview Online criminals are targeting individuals and...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or ev...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs: 1,000+ web shops infected by "Phish ‘n Ships" criminals who create fake product listings for in-demand products Android malware FakeCall intercepts your calls to the bank Patch now! New Chrome update for two critical vulnerabilities Update your iPhone, Mac, Watch:...

Robot vacuum cleaners hacked to spy on, insult owners

Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers. ABC news was able to confirm reports of this hack in robot vacuum cleaners of the type Ecovacs Deebot X2, which are manufactured in China. Ecovacs is considered the leading service...

Browser Guard now flags data breaches and better protects personal data

Two things are true of data online: It will be collected and, just as easily, it will be lost. But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches tha...

Not Black Mirror: Meta’s smart glasses used to reveal someone’s identity just by looking at them

Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s...

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution PPA in its Firefox browser. Noyb none of your business argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design, Privacy...

Malwarebytes Personal Data Remover: A new way to help scrub personal data online

There’s an awful lot about you online that some awful groups want to exploit. The right combination of personal data points could help an identity thief fool a bank into opening a new, fraudulent line of credit in your name. Your alma mater, salary, and email address could help an online scammer...

Ford wants to eavesdrop on passenger conversations to help target ads

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication...

City of Columbus tries to silence security researcher

The City of Columbus, Ohio is suing a security researcher for sharing stolen data. All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter. What happened is that the City of Columbus was attacked by a ransomware grou...

PSA: These ‘Microsoft Support’ ploys may just fool you

Many people turn to their favorite search engine when they are facing an issue with their computer. One common search query is to look for the telephone number or contact form for Microsoft, Apple or one of many other brands. Scammers have long been interested in pretending to be Microsoft...

Hacked GPS tracker reveals location data of customers

Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. This time the target company, Tracki, is one selling GPS...

We’re making it easier for you to protect your identity

Things have changed in cybersecurity. Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 up...

A week in security (August 5 – August 11)

Last week on Malwarebytes Labs: Security company ADT announces security breach of customer data Stolen data from scraping service National Public Data leaked online Android vulnerability used in targeted attacks patched by Google Men report more pressure and threats to share location and accounts...

Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control

A publicly available exploit called RoguePlanet can give attackers the highest level of access on Windows systems. Microsoft has confirmed the vulnerability and says it's working on a security update. RoguePlanet is tracked under CVE-2026-50656, where it’s described as a Microsoft Defender...

Children’s phones must block nude images by September, UK says

Build something that doesn't exist. Don't collect any data while you do it. Get it wrong and the CEO could face criminal charges. That's close to the ultimatum the UK government handed Apple and Google on June 8. The two companies have three months to introduce device-level protections blocking...

How cyberattacks on companies affect everyone

If you use the internet, you’ve likely been affected by cybercrime in some way. Even when an attack is aimed at a company, the fallout usually lands on ordinary people. The most obvious harm is stolen data. When attackers break into a business, it is usually customer information that ends up in...

Malicious trading website drops malware that hands your browser to attackers

During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer , data-stealing malware designed to quietly harvest sensitive information from infected devices, including browser data, login sessions, and...

Android 17 ends all-or-nothing access to your contacts

Some of the apps on your phone want your contacts. Most don't need them all, but have been happily slurping up the lot for years. Google has decided to do something about that with the next version of Android. Android 17 currently in preview is introducing a new Contact Picker that lets users gra...

A week in security (April 13 – April 19)

Last week on Malwarebytes Labs: This old-school scam is still working "Your shipment has arrived" email hides remote access software Browser Guard gets even better with Access Control "iCloud storage is full" scam is back, and now it wants your payment details A fake Slack download is giving...

Browser Guard gets even better with Access Control

Have you ever been on a website when a pop-up suddenly asked for access to your camera, microphone, location, or notifications? Whether you clicked “allow,” dismissed it, or just wondered why it appeared, those permission requests aren’t always harmless. Some sites can abuse those permissions. Wi...

Credit Resources Vault: Why this credit email set off our scam alarms

If there is anything that annoys me more than a scammer, it's companies that behave like one, while staying just on the right side of the law. They manage to linger and disappoint customers for years. It's also why sometimes people think that Malwarebytes Scam Guard can be overly cautious when...

Omnistealer uses the blockchain to steal everything it can

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...

ChatGPT under scrutiny as Florida investigates campus shooting

Chatbots don't kill people. But they can help others do so. On April 9, Florida Attorney General James Uthmeier announced that his office is investigating OpenAI over the role ChatGPT might have played in a deadly shooting at Florida State University, saying: "Subpoenas are coming." The campus...

That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords

As layoffs surge and job seekers flood the market, phishing campaigns impersonating major brands, including Coca-Cola and Ferrari, are ramping up—and they’re more sophisticated than ever. The first scam we found uses a convincing booking page to collect personal details, then tricks victims into...

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop...

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re...

Landmark verdicts put Meta’s “addiction machine” platforms on trial

Meta faced two major legal setbacks this week as courts in New Mexico and California both found the company liable for harm to children. A New Mexico jury just ordered Meta to pay $375 million for misleading parents about child safety on Instagram and Facebook. Jurors found the company violated...

The March Madness scam playbook

March Madness is the annual men's and women's NCAA Division I basketball tournament, where 68 teams play in a single-elimination bracket for the US national championship. But March Madness doesn’t just bring buzzer beaters and busted brackets. It also kicks off a short, intense season for scammer...

Could your face change what you pay? NYC wants limits on biometric tracking

New York City lawmakers are pushing to ban private businesses from using biometric tools like voice and facial recognition software to track the public. While the desire to use surveillance technology in stores to fight shoplifting is understandable, lawmakers and privacy advocates are worried th...

Google cracks down on Android apps abusing accessibility

Google just dropped a bombshell for app developers with the latest version of its Android mobile operating system. The company can now prevent apps from installing if they try to use the system's accessibility features. The new development, live in version 17.2 of Android, is all about security,...

Hacked sites deliver Vidar infostealer to Windows users

In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaig...

Zombie ZIP method can fool antivirus during the first scan

A researcher published “Zombie ZIP,” a simple way to change the first part header of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests...

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

Watch out for fake Malwarebytes renewal notices in your calendar

We’ve become aware of a scam campaign sending fake calendar invites that impersonate Malwarebytes and attempt to trick recipients into calling a scam “billing support” number. We have written before about how calendar invites can be abused for phishing, and even about how Google Calendar invites...

Attackers impersonate Temu in ClickFix $Temu airdrop scam

Update Friday, March 13: A Temu spokesperson contacted us to say: " Temu has not issued any cryptocurrency, token, or digital asset—including any so-called "Temu Coin." Any airdrop, wallet claim, or cryptocurrency offer purporting to be from Temu is fraudulent and has no connection to our company...

How to understand and avoid Advanced Persistent Threats

By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...

The Conduent breach; from 10 million to 25 million (and counting)

The Conduent breach has quietly grown into one of the biggest third‑party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent. When we first covered this incident, public filings...

Betterment data breach might be worse than we thought

Betterment LLC is an investment advisor registered with US Securities and Exchange Commission SEC. The company disclosed a January 2026 incident in which an attacker used social engineering to access a third‑party platform used for customer communications, then abused it to send crypto‑themed...

Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”

Scammers have found a new use for AI: creating custom chatbots posing as real AI assistants to pressure victims into buying worthless cryptocurrencies. We recently came across a live "Google Coin" presale site featuring a chatbot that claimed to be Google's Gemini AI assistant. The bot guided...

[updated] A fake cloud storage alert that ends at Freecash

Last week we talked about an app that promises users they can make money testing games, or even just by scrolling through TikTok. Imagine our surprise when we ended up on a site promoting that same Freecash app while investigating a “cloud storage” phish. We’ve all probably seen one of those...

Scam-checking just got easier: Malwarebytes is now in ChatGPT

If you’ve ever stared at a suspicious text, email, or link and thought “Is this a scam… or am I overthinking it?” Well, you’re not alone. Scams are getting harder to spot, and even savvy internet users get caught off guard. That’s why Malwarebytes is the first cybersecurity provider available...

Regulators around the world are scrutinizing Grok over sexual deepfakes

Grok’s failure to block sexualized images of minors has turned a single “isolated lapse” into a global regulatory stress test for xAI’s ambitions. The response from lawmakers and regulators suggests this will not be solved with a quick apology and a hotfix. Last week we reported on Grok's apology...

Malware in 2025 spread far beyond Windows PCs

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...