Your partner “is cheating on you” scam asks you to pay to see proof

As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails. Last week we reported how cybercriminals are using photographs of targets homes in order to scare them into paying money. Now theyre throwing in the name of...

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...

A week in security (September 2 – September 8)

Last week on Malwarebytes Labs: Lowe’s employees phished via Google ads Planned Parenthood partly offline after ransomware attack "Hello pervert" sextortion scam includes new threat of Pegasus—and a picture of your home How to avoid election related scams London’s city transport hit by...

Lowe’s employees phished via Google ads

In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowes has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits. Lowes employees who searched for "myloweslife" during th...

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

After using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the “Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the infamous Pegasus spyware and adding pictures of your home environment. They do thi...

How to avoid election related scams

With the US election campaigns at full throttle, scammers have taken a renewed interest in the ways this can be used to defraud people, often using the same tactics legitimate campaigns leverage for support emails, text messages, phone calls, and social media pleas. The lure that we have seen the...

London’s city transport hit by cybersecurity incident [updated]

Transport for London TfL, the citys transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on Londons surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area. I...

City of Columbus tries to silence security researcher

The City of Columbus, Ohio is suing a security researcher for sharing stolen data. All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter. What happened is that the City of Columbus was attacked by a ransomware grou...

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs: Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign Fake Canva home page leads to browser lock Telegram CEO Pavel Durov charged with allowing criminal activity CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets SMS...

Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign

An Iranian state-sponsored group often referred to as Iran’s Islamic Revolutionary Guard Corps IRGC is making headlines again this season as Meta disclosed that the cybercriminals targeted WhatsApp users in Israel, Palestine, Iran, the UK, and the US. Other names for this group—depending on the...

Fake Canva home page leads to browser lock

In a previous blog post, we showed how fraudsters were leveraging features from the very company Microsoft they were impersonating. We continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to...

Telegram CEO Pavel Durov charged with allowing criminal activity

France has indicted the CEO of the popular messaging app Telegram on charges of complicity in the distribution of child sex abuse images, aiding organized crime, drug trafficking, fraud, and refusing lawful orders to give information to law enforcement. The arrest warrants for Pavel Durov and his...

CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets

The Qilin ransomware group listed CODAC Behavioral Healthcare, a nonprofit health care treatment organization, as one of their latest victims. Qilin seems to have a preference for healthcare and support organizations. One of their most well-known victims was the pathology lab services provider...

SMS scammers use toll fees as a lure

In April 2024, the FBI warned about a new type of smishing scam. Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees. The scammers send a text claimin...

TDECU data breach affects half a million people

The Texas Dow Employees Credit Union TDECU has filed a data breach notification, reporting that the data of 500,474 people has been accessed in an external system breach. TDECU is the largest Houston-area credit union, and the fourth largest in the state of Texas. The credit union was founded by...

PSA: These ‘Microsoft Support’ ploys may just fool you

Many people turn to their favorite search engine when they are facing an issue with their computer. One common search query is to look for the telephone number or contact form for Microsoft, Apple or one of many other brands. Scammers have long been interested in pretending to be Microsoft...

Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)

This week on the Lock and Code podcast… Every age group uses the internet a little bit differently, and it turns out for at least one Gen Z teen in the Bay Area, the classic approach to cyberecurity—defending against viruses, ransomware, worms, and more—is the least of her concerns. Of far more...

A week in security (August 19 – August 25)

Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...

Fake funeral “live stream” scams target grieving users on Facebook

Some scammers have the morals of an alley cat. But some sink even lower. Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details. These...

Hundreds of online stores hacked in new campaign

Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital skimmers are snippets of code that have been injected into online stores and they can steal your credit card number, expiration date and CVV/CVC as you type it in. We recently detecte...

Google patches actively exploited zero-day in Chrome. Update now!

Google has released an update for its Chrome browser which includes a patch for a vulnerability that Google says is already being exploited, known as a zero-day vulnerability. Google has fixed that zero-day with the release of versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Lin...

Fraudulent Slack ad shows malvertiser’s patience and skills

In the past year alone, we have reported almost five hundred unique malvertising incidents related to Google search ads. While it can be difficult to attribute each incident to a specific threat actor, we usually notice similarities between campaigns. Some malvertisers go to great lengths to bypa...

My child had her data stolen—here’s how to protect your kids from identity theft

Recently, I received a letter in the mail from a company about a data breach. The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled what we know as ransomware. The attacker had also accessed sensitive files and customer health data. Sadly,...

Man certifies his own (fake) death after hacking into registry system using stolen identity

A 39-year-old man has been sentenced to 81 months in jail after hacking governments systems to fake his own death to dodge paying child support. Yes, you read that right. The press release by the US Attorneys Office, Eastern District of Kentucky, paints a detailed picture of what went down. In...

National Public Data leaked passwords online

Earlier this month, a huge trove of data from scraping service National Public Data was posted online. The dump made international headlines because it included data on hundreds of millions of people, and included Social Security Numbers. As if that wasnt bad enough, KrebsOnSecurity is now...

Toyota confirms customer and employee data stolen, says breach at third party to blame

Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the...

Why you need to know about ransomware

Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people. Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomwa...

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

Hacked GPS tracker reveals location data of customers

Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. This time the target company, Tracki, is one selling GPS...

Millennials’ sense of privacy uniquely tested in romantic relationships

Millennials are in a bind. According to a new analysis of research released earlier this year by Malwarebytes, Millennials are significantly more likely than every other generation to feel that there is no need to share their online account logins with boyfriends, girlfriends, spouses, or...

A week in security (August 12 – August 18)

Last week on Malwarebytes Labs: Dozens of Google products targeted by scammers via malicious search ads Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version We’re making it easier for you to protect your identity X accused of...

Dozens of Google products targeted by scammers via malicious search ads

In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Googles entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and...

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

Microsoft has released a patch for a bug for a "downgrade attack" that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: Chuckles and...

We’re making it easier for you to protect your identity

Things have changed in cybersecurity. Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 up...

X accused of unlawfully using personal data of 60 million+ users to train its AI

In what may come as a surprise to nobody at all, theres been yet another complaint about using social media data to train Artificial Intelligence AI. This time the complaint is against X formerly Twitter and Grok, the conversational AI chatbot developed by Elon Musks company xAI. Grok is a large...

Malwarebytes awarded Parent Tested Parent Approved Seal of Approval

We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents a...

Data theft forum admins busted after flashing their cash in a life of luxury

Two men without a clear source of income landed cyberfraud charges after being so flash with their ill-gotten cash that it gained the attention of the authorities. In 2022, Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev arrived in Florida and requested asylum, which w...

AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)

This week on the Lock and Code podcast… Somewhere out there is a romantic AI chatbot that wants to know everything about you. But in a revealing overlap, other AI tools—which are developed and popularized by far larger companies in technology—could crave the very same thing. For AI tools of any...

Google Manifest V3 and Malwarebytes Browser Guard

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, theres no need for you to worry...

A week in security (August 5 – August 11)

Last week on Malwarebytes Labs: Security company ADT announces security breach of customer data Stolen data from scraping service National Public Data leaked online Android vulnerability used in targeted attacks patched by Google Men report more pressure and threats to share location and accounts...

Security company ADT announces security breach of customer data

Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision SEC to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” An 8-K is a report of unscheduled...

Stolen data from scraping service National Public Data leaked online

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “National Public Data” which was allegedly breached by a cybercriminal group by the name of...

Android vulnerability used in targeted attacks patched by Google

Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...

Men report more pressure and threats to share location and accounts with partners, research shows

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes. The same analysis also revealed that, while men report more...

Magniber ransomware targets home users

If you’ve been following any news about ransomware, you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And its back, with full force,...

A week in security (July 29 – August 4)

Last week on Malwarebytes Labs: Threat actor impersonates Google via fake ad for Authenticator Scammers are impersonating cryptocurrency exchanges, FBI warns Meta to pay $1.4 billion over unauthorized facial recognition image capture Apple fixes Siri vulnerabilities that could have allowed...

Scammers are impersonating cryptocurrency exchanges, FBI warns

The Federal Bureau of Investigation FBI issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact t...

Meta to pay $1.4 billion over unauthorized facial recognition image capture

Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.” The prime reason for the initial lawsuit that led to the...

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is...