7-Zip bug could allow a bypass of a Windows security feature. Update now

A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web MotW security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. Th...

AI tool GeoSpy analyzes images and identifies locations in seconds

It's just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence AI supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on...

Your location or browsing habits could lead to price increases when buying online

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report lookin...

A week in security (January 13 – January 19)

Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel Lock and Code S06E01 Insurance company accused of using secret software to illegally collect and sell location data ...

WhatsApp spear phishing campaign uses QR codes to add device

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations NGOs, according to new details revealed by Microsoft. The group, which Microsoft tracks...

Avery had credit card skimmer stuck on its site for months

The consequences of a wave of credit card skimmers—which is normal around the holidays—are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its...

PlugX malware deleted from thousands of systems by FBI

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Fuel for other malware and scam campaigns Indicators of Compromise Overview Online criminals are targeting individuals and...

Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans

Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

iMessage text gets recipient to disable phishing protection so they can be phished

A smishing SMS phishing campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple's built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is...

A week in security (January 6 – January 12)

Last week on Malwarebytes Labs: Dental group lied through teeth about data breach, fined $350,000 AI-supported spear phishing fools more than 50% of targets US Cyber Trust Mark logo for smart devices is coming GroupGreeting e-card site attacked in "zqxq" campaign Massive breach at location data...

BayMark Health Services sends breach notifications after ransomware attack

BayMark Health Services, Inc. BayMark notified an unknown number of patients that attackers stole their personal and health information. BayMark profiles itself as North America’s largest provider of medication-assisted treatment MAT for substance use disorders helping tens of thousands of...

Google Chrome AI extensions deliver info-stealing malware in broad attack

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence AI tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate...

Massive breach at location data seller: “Millions” of users affected

Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if you’re a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sources—from...

GroupGreeting e-card site attacked in “zqxq” campaign

This article was researched and written by Stefan Dasic, manager, research and response forThreatDown, powered by Malwarebytes Malwarebytes recently uncovered a widespread cyberattack—referred to here as the “zqxq” campaign as it closely mirrors NDSW/NDSX-style malware behavior—that compromised...

US Cyber Trust Mark logo for smart devices is coming

The White House announced the launch of the US Cyber Trust Mark which aims to help buyers make an informed choice about the purchase of wireless internet-connected devices, such as baby monitors, doorbells, thermostats, and more. The cybersecurity labeling program for wireless consumer Internet o...

AI-supported spear phishing fools more than 50% of targets

One of the first things everyone predicted when artificial intelligence AI became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, a...

Dental group lied through teeth about data breach, fined $350,000

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an “accidentally formatted hard drive.” Unfortunately for the organization, the truth was found out. Westend Dental...

Some weeks in security (December 16 – January 5)

During the holiday period on Malwarebytes Labs we covered: A day in the life of a privacy pro, with Ron de Jesus Lock and Code S05E26 Task scams surge by 400%, but what are they? 5 million payment card details stolen in painful reminder to monitor Christmas spending AI-generated malvertising "whi...

“Can you try a game I made?” Fake game sites lead to information stealers

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message DM on a Discord server asking...

Connected contraptions cause conniption for 2024

The holidays are upon us, which means now is the perfect time for gratitude, warmth, and—because modern society has thrust it upon us—gift buying. It’s Bluey and dig kits and LEGOs for kids, Fortnite and AirPods and backpacks for tweens, and, for an adult you particularly love, it’s televisions,...

Data breaches in 2024: Could it get any worse?

It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. That’s mainly because that would mean we’ll never see another year like it. To support this nomination, I will remind you of several high-profile breaches, some of a size almost beyond imaginatio...

Is nowhere safe from AI slop? (Lock and Code S05E27)

This week on the Lock and Code podcast … You can see it on X. You can see on Instagram. It's flooding community pages on Facebook and filling up channels on YouTube. It's called "AI slop" and it's the fastest, laziest way to drive engagement. Like "click bait" before it "You won't believe what...

2024 in AI: It’s changed the world, but it’s not all good

A popular saying is: “To err is human, but to really foul things up you need a computer.” Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence AI. And as long as we have been waiting for AI technology to become commonplace...

Our Santa wishlist: Stronger identity security for kids

Sorry for the headline, but we have to get creative to get anyone to read an article on a Friday like this one, even if it is an important story. As we enter the holidays and parents begin to rest after another hectic year of shopping for their kids, Malwarebytes Labs wants to draw some attention...

‘Fix It’ social-engineering scheme impersonates several brands

More and more, threat actors are leveraging the browser to deliver malware in ways that can evade detection from antivirus programs. Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. Case in point, there has been an increase in attacks that involv...

TP-Link faces US national security probe, potential ban on devices

The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company's devices in the United States. The investigation comes amid heightened tension between the US and the Chinese government, and after a...

Pallet liquidation scams and how to recognize them

Pallet liquidation scams target people looking to purchase pallets of supposedly discounted merchandise, often from major retailers like Amazon. Groups that engage in pallet liquidation sales are rampant on social media and it’s hard to discern the scammers from the legitimate ones to be honest,...

AI-generated malvertising “white pages” are fooling detection engines

This is no secret, online criminals are leveraging artificial intelligence AI and large language models LLMs in their malicious schemes. While AI tends to be abused to trick people i.e. deepfakes in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, thi...

5 million payment card details stolen in painful reminder to monitor Christmas spending

Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder i...

Task scams surge by 400%, but what are they?

An unfamiliar type of scam has surged against everyday people, with a year-over-year increase of some 400%, putting job seekers at risk of losing their time and money. The emerging threat is delivered in "task scams" or "gamified job scams." While these scams were virtually non-existent in 2020,...

A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)

This week on the Lock and Code podcast… Privacy is many things for many people. For the teenager suffering from a bad breakup, privacy is the ability to stop sharing her location and to block her ex on social media. For the political dissident advocating against an oppressive government, privacy ...

A week in security (December 9 – December 15)

Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...

Malicious ad distributes SocGholish malware to Kaiser Permanente employees

On December 15, we detected a malicious campaign targeting Kaiser Permanente employees via Google Search Ads. The fraudulent ad masquerades as the health care company's HR portal used to check for benefits, download paystubs and other corporate related tasks. We believe the threat actors' intent...

4.8 million healthcare records left freely accessible

Your main business is healthcare, so your excuse when you get hacked is that you didn’t have the budget to secure your network. Am I right? So, in order to prevent a ransomware gang from infiltrating your network, you could just give them what they want—all your data. The seemingly preferred meth...

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. To check if you’re using the latest software version, go to Settings or System Settings General Software Update. It’s also worth turning on Automatic Updates if you haven’t...

Data brokers should stop trading health and location data, new bill proposes

Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international...

Test page title

Test page heading...

TikTok ban in US: Company seeks emergency injunction to prevent it

TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US. Back in March, the House of Representatives passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance agreed to give up its share of the immensely popular...

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs: Europol takes down criminal data hub Manson Market in busy month for law enforcement Americans urged to use encrypted messaging after large, ongoing cyberattack Crypto’s rising value likely to bring new wave of scams AI chatbot provider exposes 346,000 customer...

Europol takes down criminal data hub Manson Market in busy month for law enforcement

A coordinated action between several European law enforcement agencies shut down an online marketplace called Manson Market that sold stolen data to any interested cybercriminal. What made this market attractive for cybercriminals was that they could buy data sorted by region and account balance...

Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...

Crypto’s rising value likely to bring new wave of scams

With the value of cryptocurrencies going to the roof, you can expect several attempts to get defrauded if you even show the slightest interest in the topic or not. Since most cybercriminals lack creativity and are notoriously lazy, we expect to see only slight variations of old tricks. So, we...

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers...

Repeat offenders drive bulk of tech support scams via Google Ads

Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads ...

No company too small for Phobos ransomware gang, indictment reveals

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictmen...

These cars want to know about your sex life (re-air) (Lock and Code S05E25)

This week on the Lock and Code podcast … Two weeks ago, the Lock and Code podcast shared three stories about home products that requested, collected, or exposed sensitive data online. There were the air fryers that asked users to record audio through their smartphones. There was the smart ring...