Millions of stalkerware users exposed again

There are many reasons not to use stalkerware, but the risk of getting exposed yourself seems to be a recurring deterrent, according to a new investigaton. As we have reported many times before, stalkerware-type apps are coded so badly that it’s possible to gain access to the back-end databases a...

PayPal’s “no-code checkout” abused by scammers

We recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal's infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with...

Countries and companies are fighting at the expense of our data privacy

Data privacy issues are a hot topic in a world where we apparently don’t know who to trust anymore. A few weeks ago, we reported how the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. This week, Apple decided to pull the plug on Advanced Data...

Roblox called “real-life nightmare for children” as Roblox and Discord sued

Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord. The court action—charging them with the facilitation of child predators and misleading parents into believing the platforms are safe to use for their children—centers...

Android happy to check your nudes before you forward them

Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin. It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a...

Background check provider data breach affects 3 million people who may not have heard of the company

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing...

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the...

Surveillance pricing is “evil and sinister,” explains Justin Kloczko (Lock and Code S06E04)

This week on the Lock and Code podcast … Insurance pricing in America makes a lot of sense so long as you’re one of the insurance companies. Drivers are charged more for traveling long distances, having low credit, owning a two-seater instead of a four, being on the receiving end of a car crash,...

A week in security (February 17 – February 23)

Last week on Malwarebytes Labs: Healthcare security lapses keep piling up SecTopRAT bundled in Chrome installer distributed via Google Ads Google Docs used by infostealer ACRStealer as part of attack DeepSeek found to be sharing user data with TikTok parent company ByteDance Malwarebytes introduc...

Healthcare security lapses keep piling up

Healthcare is one of the sectors that has the most sensitive information about us. At the same time it's one of the worst at keeping them secret. Because of its access and storage of our personal health information PHI and other personally identifiable information PII, the healthcare sector shoul...

SecTopRAT bundled in Chrome installer distributed via Google Ads

Criminals are once again abusing Google Ads to trick users into downloading malware. Ironically, this time the bait is a malicious ad for Google Chrome, the world's most popular browser. Victims who click the ad land on a fraudulent Google Sites page designed as a intermediary portal, similar to...

Google Docs used by infostealer ACRStealer as part of attack

An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack, according to researchers. ACRStealer is often distributed via the tried and tested method of download as cracks and keygens, which are used in software piracy. The infostealer has bee...

DeepSeek found to be sharing user data with TikTok parent company ByteDance

A couple of weeks ago we reported on the concerns surrounding data collection and security at DeepSeek, the Chinese AI company which recently made headlines for shaking up the industry after seemingly appearing from nowhere to become top of the app download charts. Now South Korea’s Personal...

Protected: zQA Content Editing Styles

This content is password protected. To view it please enter your password below: Password:...

Malwarebytes introduces native ARM support for Windows devices

For the last four years, Malwarebytes has been protecting ARM-based machines running on Apple’s M-series processors. Now, we’ve expanded our protection range to include ARM-based Windows machines such as Copilot+ PCs, including Microsoft Surface Pro, Lenovo Yoga Slim and ThinkPad, and Dell...

Google now allows digital fingerprinting of its users

In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter. For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposin...

Macs targeted by infostealers in new era of cyberthreats

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of “infostealers,” which have long plagued Windows devices but, in the...

Hard drives containing sensitive medical data found in flea market

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had...

A week in security (February 10 – February 16)

Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown Lock and Code S06E03 Apple ordered to grant access to users’ encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in "extremely...

12 Million Zacks accounts leaked by cybercriminal

A cybercriminal claimed to have stolen 15 million data records from the customers and clients of the company Zacks—a number that a separate investigation, after analysis, shaved down to just 12 million. Zacks is an investment research company best known for its "Zacks Ranks," which are daily list...

How AI was used in an advanced phishing campaign targeting Gmail users

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence AI in their scams. At the time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud scheme...

Fake Etsy invoice scam tricks sellers into sharing credit card information

This article was researched and written by Stefan Dasic, manager, research and response forThreatDown, powered by Malwarebytes. As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers. Unfortunately, a...

Gambling firms are secretly sharing your data with Facebook

While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company. The Observer reports...

Apple fixes zero-day vulnerability used in “extremely sophisticated attack”

Apple has released an emergency security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.” The update is available for: iOS 18.3.1 and iPadOS 18.3.1 - iPhone XS and later, iPad Pro 13-inch, iPad Pro...

Phishing evolves beyond email to become latest Android app threat

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest...

Apple ordered to grant access to users’ encrypted data

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections. The UK government has demanded to be able to access encrypted data store...

A suicide reveals the lonely side of AI chatbots, with Courtney Brown (Lock and Code S06E03)

Today on the Lock and Code podcast … In February 2024, a 14-year-old boy from Orlando, Florida, committed suicide after confessing his love to the one figure who absorbed nearly all of his time—an AI chatbot. For months, Sewell Seltzer III had grown attached to an AI chatbot modeled after the...

A week in security (February 3 – February 9)

Last week on Malwarebytes Labs: WhatsApp says Paragon is spying on specific users New AI "agents" could hold people for ransom in 2025 Valley News Live exposed more than a million job seeker’s resumes Small business owners, secure your web shop University site cloned to evade ad detection...

20 million OpenAI accounts offered for sale

A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. Post by emirking A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to...

New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong

I would be the last one to provide scammers with good ideas, but as a security provider, sometimes we need to think like criminals to stay ahead in the race. Recently, the US Postal Service USPS announced that it would suspend inbound packages from China and Hong Kong until further notice. That...

University site cloned to evade ad detection distributes fake Cisco installer

There is a constant "cat and mouse" game between defenders and attackers, the latter trying to outsmart and get a head start on the former. In the context of online advertising, this involves creating fake identities or using stolen ones to push out malicious ads. An attacker not only needs to...

Small business owners, secure your web shop

An online shop is more than just another way to sell your products. It comes with a responsibility to keep the web shop secure. Cybercriminals are looking to steal your customers’ credit card details, their personal data, and even your revenue. And it’s not as if using a platform that is used by...

Valley News Live exposed more than a million job seeker’s resumes

Making your own bad news is not what Valley News Live had in mind, but negligence comes at a price. Cybernews researchers found an unprotected AWS S3 bucket that belongs to Take Valley News Live, a North Dakota-based television station. Gray Television, the owner of Valley News Live, makes for th...

New AI “agents” could hold people for ransom in 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. Uhh, again, that is. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its...

WhatsApp says Paragon is spying on specific users

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other “members of civil society” were targets of a spyware campai...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs: ClickFix vs. traditional download in new DarkGate campaign Cybercrime gets a few punches on the nose Microsoft advertisers phished via malicious Google ads The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? These are the 10...

ClickFix vs. traditional download in new DarkGate campaign

During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started t...

Cybercrime gets a few punches on the nose

It’s not often that we get to share good news, so we wanted to grab this opportunity and showcase some progress made by law enforcement actions against cybercrime with you. Europol notified us about the take-down of two of the largest cybercrime forums in the world. With over 10 million users,...

Microsoft advertisers phished via malicious Google ads

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform...

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence AI field. The...

These are the 10 worst PIN codes

Australian news outlet ABC NEWS analyzed a data set of 29 million 4-digit PIN numbers that people actually used to secure their devices, ATM withdrawals, building access, and more. What the outlet discovered is both expected and disappointing: Too many people use insecure PIN codes to protect...

Apple users: Update your devices now to patch zero-day vulnerability

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October. In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals...

A week in security (January 20 – January 26)

Last week on Malwarebytes Labs: Your location or browsing habits could lead to price increases when buying online AI tool GeoSpy analyzes images and identifies locations in seconds 7-Zip bug could allow a bypass of a Windows security feature. Update now Warning: Don’t sell or buy a second hand...

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...

Texas scrutinizes four more car manufacturers on privacy issues (updated)

The Texas Attorney General’s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We've addressed cars and...

Warning: Don’t sell or buy a second hand iPhone with TikTok already installed

After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Reportedly, people are selling iPhones that have TikTok installed for up to $25,000. This may require some explanation, so bear with me. TikTok has had a rough time in the US the last weeks. The ban we...

7-Zip bug could allow a bypass of a Windows security feature. Update now

A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web MotW security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. Th...

AI tool GeoSpy analyzes images and identifies locations in seconds

It's just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence AI supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on...