Google fixes two actively exploited zero-day vulnerabilities in Android

Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say "zero-day" we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published...

Is your phone listening to you? (Lock and Code S06E07)

This week on the Lock and Code podcast … It has probably happened to you before. You and a friend are talking —not texting, not DMing, not FaceTiming—but talking , physically face-to-face, about, say, an upcoming vacation, a new music festival, or a job offer you just got. And then, that same wee...

Toll fee scams are back and heading your way

Back in August 2024, we warned about a relatively new type of SMS phishing or smishing scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US...

A week in security (March 31 – April 6)

Last week on Malwarebytes Labs: Why we’re no longer doing April Fools’ Day Intimate images from kink and LGBTQ+ dating apps left exposed online "Urgent reminder" tax scam wants to phish your Microsoft credentials "Nudify" deepfakes stored unprotected online Location, name, and photos of random ki...

Flaw in Verizon call record requests put millions of Americans at risk

Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. "In short, anyone could lookup data for anyone,"...

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist. That's according to a report from the non-profit Tech Transparency Project TTP, who investigated the top 10...

QR codes sent in attachments are the new favorite for phishers

Recently we’ve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercrimina...

Location, name, and photos of random kids shown to parents in child tracker mix up

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. And could not locate their own. T-Mobile sells a small GPS tracker called SyncUP, which can be used to track, among...

“Nudify” deepfakes stored unprotected online

Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection. Now it's the turn of an AI "nudify" service. A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS buck...

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Tax season is in full force, and with the filing deadline fast approaching on April 15, scammers are happy to use that sense of urgency to coax us into handing them our cash. In one example, one of our customers recently received an email with an attachment titled "Urgent reminder.” The attachmen...

Intimate images from kink and LGBTQ+ dating apps left exposed online

A researcher found millions of pictures from specialized dating apps for iOS stored online without any kind of password protection. The pictures, some of which are explicit, stem from dating apps that all have a specific audience. The five platforms, all developed by M.A.D. Mobile are kink sites...

Why we’re no longer doing April Fools’ Day

The internet is filled with falsehoods. We’re forever investigating new scams here at Malwarebytes, and so we get how hard it is to know what—or who—to trust online. There’s the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. There’s the fake...

A week in security (March 24 – March 30)

Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks "This fraud destroyed my life." Man ends up with criminal record after ID was stolen Moving from WhatsApp to Signal: A good idea? Security expert Troy Hunt hit by phishing attack Booking.com phish uses fake...

Vulnerability in most browsers abused in targeted attacks

Researchers found a vulnerability in Chrome that was abused in the wild against organizations in Russia. Google has released an update for its Chrome browser which includes patches for this vulnerability. The update brings the Stable channel to versions 134.0.6998.178 for Windows. Other operating...

“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen

This is a sad story that illustrates how losing your ID can effectively ruin your life and reputation. 19-year-old dual German Tunisian national Rami Battikh travelled to the UK in 2019, bringing both his passport and his German national ID. When he returned to Germany, Rami noticed that his Germ...

Moving from WhatsApp to Signal: A good idea?

This week we learned that the US Government uses Signal for communication, after a journalist was accidentally added to a Signal chat. Accidental additions of people aside, the news has got regular folks asking if they should, too, be using Signal for private communications. Probably the largest...

Security expert Troy Hunt hit by phishing attack

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldest—and most proven—scams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunt’s chosen newsletter provider Mailchimp, scammers stole roughly...

Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking...

DeepSeek users targeted with fake sponsored Google ads that deliver malware

The threat intel research used in this post was provided by Malwarebytes Senior Director of Research, Jérôme Segura. DeepSeek’s rising popularity has not only raised concerns and questions about privacy implications, but cybercriminals are also using it as a lure to trap unsuspecting Google...

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

The genetic testing company 23andMe filed for bankruptcy on Sunday, announcing that, in searching for financial stability through its sale to a new owner, the business will continue operating as normal, including in how customer data is handled. “The company intends to continue operating its...

Oops! Google accidentally deletes some users’ Maps Timeline data

Google has admitted it accidentally deleted some users' Google Maps Timeline data after a "technical issue". As reported by Forbes on March 11, users started noticing that their Google Maps Timelines had completely disappeared. At the time, we didn't know anything about the cause of this issue...

A week in security (March 17 – March 23)

Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...

What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06)

This week on the Lock and Code podcast … Google Chrome is, by far, the most popular web browser in the world. According to several metrics, Chrome accounts for anywhere between 52% and 66% of the current global market share for web browser use. At that higher estimate, that means that, if the 5.5...

Personal data revealed in released JFK files

Over 60,000 pages related to the 1963 assassination of US President John F. Kennedy were released as part of President Donald Trump’s directive on March 17, 2025, and while readers will not find a conclusive answer to the main question—nor will the files put an end to surrounding conspiracy...

Semrush impersonation scam hits Google Ads

This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. In particular, we have previously detailed how Google advertiser accounts can be...

Targeted spyware and why it’s a concern to us

Experts are again warning about the proliferating market for targeted spyware and espionage. Before we dive into the world of targeted spyware, it's worth looking at a few of the main players that are active in and against this industry. Paragon Solutions is an Israeli company which sells high-en...

The “free money” trap: How scammers exploit financial anxiety

With financial stress at an all-time high, and many Americans grappling with confusion about social security, Medicaid, and Medicare, people are desperately seeking relief. Scammers know this all too well and have tailored their tactics to exploit these fears, preying on vulnerable individuals wi...

Sperm bank breach deposits data into hands of cybercriminals

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers' personal information. California Cryobank CCB is a sperm donation and cryopreservation firm and one of the US’ top sperm banks. As such, it services all US states and over 30 countries...

AMOS and Lumma stealers actively spread to Reddit users

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers...

Amazon disables privacy option, will send your Echo voice recordings to the cloud

Amazon has announced its Echo devices will no longer have the option to store and process requests on the device itself, meaning your voice recordings will now be sent to the cloud for processing. In an email sent to customers, Amazon explained that the feature "Do Not Send Voice Recordings" will...

Warning over free online file converters that actually install malware

The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services. Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically about that malware leading to ransomware attacks, but...

1 in 10 people do nothing to stay secure and private on vacation

This year, Spring Break vacationers are packing more than their flip-flops, bucket hats, and sunglasses—they’re also packing a few cybersecurity anxieties for the trip. According to new research from Malwarebytes, 52% of people said they “worry about being scammed while traveling,” while another...

A week in security (March 10 – March 16)

Last week on Malwarebytes Labs: Research on iOS apps shows widespread exposure of secrets Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO Update your iPhone now: Apple patches vulnerability used in "extremely sophisticated attacks" The dark side of sports betting: How...

Research on iOS apps shows widespread exposure of secrets

Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming...

Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO

In response to growing worries about the safety of children using Roblox, the CEO of the company has said to parents: "My first message would be, if you're not comfortable, don't let your kids be on Roblox." Roblox is one of the most popular gaming platforms, especially among young children...

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”

Apple has patched a vulnerability in iPhone and iPad that was under active exploitation by cybercriminals. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later,...

The dark side of sports betting: How mirror sites help gambling scams thrive

Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception. In recent years, shady betting companies have found a clever way to bypass regulations and continue their operations through mirror sites —duplicate...

Android devices track you before you even sign in

Google is spying on Android users, starting from even before they have logged in to their Google account. That's what researchers from Dublin’s Trinity College found after they conducted a measurement study to investigate the cookies, identifiers and other data stored on Android devices by Google...

X users report login troubles as Dark Storm claims cyberattack

In the early morning hours of March 10, thousands of users on X formerly Twitter began having trouble logging into the platform. It was only the first service blip of at least three to come that same day and, if one cybercriminal group is to be believed, it was all on purpose. “Twitter has been...

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)

This week on the Lock and Code podcast … Something's not right in the world of location data. In January, a location data broker named Gravy Analytics was hacked, with the alleged cybercriminal behind the attack posting an enormous amount of data online as proof. Though relatively unknown to most...

Fake CAPTCHA websites hijack your clipboard to install information stealers

There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attac...

A week in security (March 3 – March 9)

Last week on Malwarebytes Labs: TikTok: Major investigation launched into platform’s use of children’s data PayPal scam abuses Docusign API to spread phishy emails Android zero-day vulnerabilities actively abused. Update as soon as you can I spoke to a task scammer. Here’s how it went Android...

Malwarebytes Premium Security awarded “Product of the Year” from AVLab

Malwarebytes Premium Security has once again been awarded “Product of the Year” after successfully blocking 100% of “in-the-wild” malware samples. The samples were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation. AVLab commended Malwarebytes for...

Reddit will start warning users that upvote violent content

In a post on r/RedditSafety by a Reddit administrator, the platform announced that it will start sending warnings to users that upvote violent content. Reddit is a social media platform and online forum where users can share and discuss content across a wide range of topics. The platform's...

Ransomware threat mailed in letters to business owners

Business owners and CEOs across the United States received customized ransomware threats this month from the most unusual of places—letters in the mail. The letters, which were first reported by multiple cybersecurity researchers, claim to come from a ransomware group called BianLian. But since...

Android botnet BadBox largely disrupted

Removing 24 malicious apps from the Google Play store and silencing some servers almost halved a botnet known as BadBox. The BadBox botnet focuses on Android devices, but not just phones. It also affects other devices like TV streaming boxes, tablets, and smart TVs. The German BSI Federal Office...

I spoke to a task scammer. Here’s how it went

Tasks scam are surging, with a year over year increase of 400%. So I guess it should have been no surprise when I was contacted by a task scammer on X recently. Task scammers prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps,...

Android zero-day vulnerabilities actively abused. Update as soon as you can

Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, th...

PayPal scam abuses Docusign API to spread phishy emails

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We've received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface API allows “customers” to send emails that come from genuine...

TikTok: Major investigation launched into platform’s use of children’s data

TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...