Android users bombarded with unskippable ads

Researchers have discovered a very versatile ad fraud network—known as Kaleidoscope—that bombards users with unskippable ads. Normally, ad fraud is not a concern for users of infected devices. They might experience some sluggish behavior on their device, but often that’s the extent of it. Ad frau...

A week in security (May 4 – May 10)

Last week on Malwarebytes Labs: The AI chatbot cop squad is here Lock and Code S06E09 Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can! "Your privacy is a promise we don’t break": Dating app Raw exposes sensitive user data FBI issues warning as scammers target...

Google Chrome will use AI to block tech support scam websites

Google has expressed plans to use Artificial Intelligence AI to stop tech support scams in Chrome. With the launch of Chrome version 137, Google plans to use the on-device Gemini Nano large language model LLM to recognize and block tech support scams. Users already have the ability to chose...

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

The relentless battle against online fraud is a constant evolution, a digital chase where security teams and malicious actors continually adapt. The increasing sophistication of attacks is blurring the lines between legitimate user behavior and impersonation attempts. The campaign we are exposing...

Tired of Google sponsored ads? So are we! That’s why we’re introducing the option to block them on iOS

Sponsored ads on Google search don’t just irritate users—they also provide a dangerous opportunity for cybercriminals to spread malware and scams to their unsuspecting victims. What looks like a harmless search result can be a carefully disguised trap. At Malwarebytes, our researchers have...

Passwords in the age of AI: We need to find alternatives

For decades, passwords have been our default method for keeping online accounts safe. But in the age of artificial intelligence, this traditional security method is facing challenges it was never built to withstand. A team at Cybernews conducted a study of over 19 billion newly exposed passwords...

WhatsApp hack: Meta wins payout over NSO Group spyware

Meta has won almost $170m in damages from Israel-based NSO Group, maker of the Pegasus spyware. The ruling comes after a six-year legal case against the company after Meta accused it of misusing its servers to spy on users. According to the original complaint against NSO Group, filed in October...

FBI issues warning as scammers target victims of crime

The FBI has issued a warning about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center IC3 employees in order to scam people. Between December 2023 and February 2025, the FBI received over 100 reports of scams involving people posing as IC3...

“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...

Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates...

The AI chatbot cop squad is here (Lock and Code S06E09)

This week on the Lock and Code podcast … “Heidi” is a 36-year-old, San Francisco-born, divorced activist who is lonely, outspoken, and active on social media. “Jason” is a shy, bilingual teenager whose parents immigrated from Ecuador who likes anime, gaming, comic books, and hiking. Neither of th...

A week in security (April 27 – May 3)

Last week on Malwarebytes Labs: On world password day, Microsoft says fewer passwords, more passkeys Apple AirPlay SDK devices at risk of takeover—make sure you update The 3 biggest cybersecurity threats to small businesses Zero-day attacks on browsers and smartphones drop, says Google Fake Socia...

On world password day, Microsoft says fewer passwords, more passkeys

And we agree. If there is a cybersecurity themed day that we would like to get rid as soon as possible it’s world password day. Sorry, old friend, but you’re outdated, and it looks like your days are numbered. Let's switch to passkeys. To quote Microsoft: “As the world shifts from passwords to...

Apple AirPlay SDK devices at risk of takeover—make sure you update

Researchers found a set of vulnerabilities in Apple’s AirPlay SDK that put billions of users at risk of their devices being taking over. AirPlay is Apple's proprietary wireless technology that allows you to stream audio, video, photos, and even mirror your device's screen from an iPhone, iPad, or...

The 3 biggest cybersecurity threats to small businesses

In an online world filled with extraordinarily sophisticated cyberattacks—including organized assaults on software supply chains, state-directed exploitations of undiscovered vulnerabilities, and the novel and malicious use of artificial intelligence AI—small businesses are forced to prioritize a...

Zero-day attacks on browsers and smartphones drop, says Google

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech. Zero-day vulnerabilities ar...

Fake Social Security Statement emails trick users into installing remote tool

Fake emails pretending to come from the US Social Security Administration SSA try to get targets to install ScreenConnect, a remote access tool. This campaign was flagged and investigated by the Malwarebytes Customer Support and Research teams. ScreenConnect, formerly known as ConnectWise Control...

Digital rampage saw ex-Disney employee remove nut allergy info from menus, dox co-workers, and more

A former Disney employee, Michael Scheuer, will serve three years in prison for computer fraud and aggravated identity theft after a digital sabotage campaign against his ex-employer. In addition to his sentence, he must pay nearly US$688,000 in restitution. Scheuer, a former menu production...

What privacy? Perplexity wants your data, builds browser to track you and serve ads

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too. The company is planning to launch its own browser, called Comet, next month. But what does this mean for your privacy? Launched in 2022, Perplexity AI is an AI-powered searc...

What privacy? Perplexity wants your data, builds browser to track you and serve ads

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too. The company is planning to launch its own browser, called Comet, next month. But what does this mean for your privacy? Launched in 2022, Perplexity AI is an AI-powered searc...

Employee monitoring app exposes users, leaks 21+ million screenshots

Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common. I’ve lost count of how many blogs I’ve written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. However, perhaps one...

A week in security (April 21 – April 27)

Last week on Malwarebytes Labs: AI is getting "creepy good" at geo-guessing Zoom attack tricks victims into allowing remote access to install malware and steal money Android malware turns phones into malicious tap-to-pay machines 4.7 million customers’ data accidentally leaked to Google by Blue...

AI is getting “creepy good” at geo-guessing

If you are worried about revealing your exact location—or if you maybe even fib about it at times—there are some good reasons to worry about what is visible in background photos, because Artificial Intelligence AI is getting very good at guessing where you are based on the smallest of clues. And...

Zoom attack tricks victims into allowing remote access to install malware and steal money

Be careful when talking to people you've not met with before over the Zoom video conferencing system; you might get more than you bargained for. Two CEOs were recently targeted by a Zoom-based attack. One spotted it in time - and sadly, one did not. The attack is by a crime group that the Securit...

Zoom attack tricks victims into allowing remote access to install malware and steal money

Be careful when talking to people you've not met with before over the Zoom video conferencing system; you might get more than you bargained for. Two CEOs were recently targeted by a Zoom-based attack. One spotted it in time - and sadly, one did not. The attack is by a crime group that the Securit...

Android malware turns phones into malicious tap-to-pay machines

Got an Android phone? Got a tap-to-pay card? Then you're like millions of other users now at risk from a new form of cybercrime - malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into...

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Blue Shield of California leaked the personal data of 4.7 million people to Google after a Google Analytics misconfiguration. The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US. In a data breach notice o...

Shopify faces privacy lawsuit for collecting customer data

Shopify faces a data privacy class action lawsuit in the US that could change the way globally active companies can be held accountable. The proposed class action is a revival of a case that had been dismissed by a lower court judge and a three-judge 9th Circuit Court of Appeals panel. But now it...

All Gmail users at risk from clever replay attack

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service ENS, a blockchain...

A week in security (April 12 – April 18)

Last week on Malwarebytes Labs: Text scams grow to steal hundreds of millions of dollars Apple patches security vulnerabilities in iOS and iPadOS. Update now! Hi, robot: Half of all internet traffic now automated "I sent you an email from your email account," sextortion scam claims "Follow me" to...

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...

Text scams grow to steal hundreds of millions of dollars

Text scams alone cost US citizens at least $470 million in 2024, according to new data from the US Federal Trade Commission FTC. Because many scams go unreported, though, this dollar amount might be considerably more. The FTC illustrated this with a graph comparing the reported losses to the numb...

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Both vulnerabilities allowed an attacker to bypass the memory...

Hi, robot: Half of all internet traffic now automated

If you sometimes feel that the internet isn't the same vibrant place it used to be, you're not alone. New research suggests that most of the traffic traversing the network isn't human at all. Bots software programs that interact with web sites have been ubiquitous for years. But in its 2025 Bad B...

“I sent you an email from your email account,” sextortion scam claims

In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a...

“Follow me” to this fake crypto exchange to claim $500

A type of crypto scam that we reported about in 2024 has ported over to a new platform and changed tactics—a bit. Where the old scams mostly reached me on WhatsApp, the same group of scammers is now using Direct Messages on X. However, the same old trick of "accidentally" sending you login detail...

Hertz data breach caused by CL0P ransomware attack on vendor

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...

Meta slurps up EU user data for AI training

European Facebook users have so far avoided having their public posts used to train parent company Meta's AI model. That's about to change, the company has warned. In a blog post today, it said that EU residents' data was fair game and it would be slurping up public posts for training soon...

No, it’s not OK to delete that new inetpub folder

In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection. As part of April’s patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new...

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Horn tooting time: We're excited to say we've earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET. PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on...

A week in security (April 7 – April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

The Pall Mall Pact and why it matters

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact. The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the...

Child predators are lurking on dating apps, warns report

Using a dating app? Beware of your potential partner's motives. A report from Edinburgh University warns that child abusers are using these apps to find single parents with vulnerable children. The Searchlight 2025 report, from the University's Childlight Global Child Safety Institute, analyses t...

Your 23andMe genetic data could be bought by China, senator warns

Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. The risk is considered real because ...

WhatsApp for Windows vulnerable to attacks. Update now!

In a security advisory, Meta has disclosed a vulnerability that allowed an attacker to run arbitrary code on a user’s system that existed in all WhatsApp versions before 2.2450.6. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices...

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

When you next type something sensitive on your computer keyboard, be sure that no-one else is watching. A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malwareware. In a class action lawsuit, six women have accused...

72% of people are worried their data is being misused by the government, and that’s not all…

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are...

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

The pressure of the looming tax filing deadline April 15th in the US can make anyone rush online tasks. Cybercriminals are acutely aware of this increased activity and are exploiting trusted platforms like Google to target Intuit QuickBooks users. By purchasing prominent Google Ads, they are...

Google AI taken for a ride by April Fools’ Day joke

Cwmbran in Wales, a town with a population of just under 50,000, holds the Guinness World Record for the most roundabouts—at least according to Google AI Overviews. Except that's not actually true… Ben Black has been publishing lighthearted fake stories on April Fools’ Day for his community news...