Malware authors join forces and target organisations with Domino Backdoor

Theres a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called "Domino", is the brainchild of FIN7 and ex-Conti ransomware members. Domino has been seen in attac...

Instagram scam promises money in exchange for your image

Were seeing a number of complaints on Reddit and elsewhere regarding a scam which flares up every so often. Its called the "Muse scam", and targets users of Instagram. Let's hear from one of the Reddit posters impacted: An artist approached me on Instagram asking if they could use one of my photo...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

Swatting-as-a-Service is a growing and complicated problem to solve

One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence AI, a person or group of persons calling themselves Torswats is suspected to be behind dozen...

Avoid this "lost injured dog" Facebook hoax

Facebook users are advised to be wary of posts involving injured dogs receiving treatment at a vet surgery, or pets sitting next to people post-operation adorned with bandages and plaster casts. The dog-themed missives all follow a similar format, with the primary change between them being the...

Spring cleaning tips for your browser

When you are resting up from the physical part of your spring cleaning and youre sitting behind your laptop or swiping left on your phone, why dont you speed up your browsing experience with a few simple actions? Lets start with your browser, as that usually has the most impact on your perception...

Payment giant's point-of-sale outage caused by ALPHV ransomware

On April 12, 2023, payment giant NCR reported it was looking into an issue with its point-of-sale POS systems that caused an outage, leaving customers unable to use the system. The NCR Aloha POS systems are popular in hospitality services. Customers include Wendys, Chuck e Cheese, Cafe Rio, Leean...

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Regular readers of our monthly ransomware review read our April edition here know that Ransomware-as-a-Service RaaS gangs have been making headlines globally with their disruptive attacks on organizations. Sometimes, though, its not enough to merely know about of the problem. In order to truly...

Ransomware in Germany, April 2022 – March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

Beware: Fake IRS tax email wants your Microsoft account

Last week, the IRS reminded taxpayers that Tax Day, April 18, is Tuesday this week. However, in some states like Alabama, California, and New York, the federal office extended the filing deadlines due to natural disasters. This is an excellent reason for scammers to keep launching tax scam...

Update Chrome now! Google patches actively exploited flaw

In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser--the first in 2023--currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, a...

Woman tracks down and turns table on Airbnb scammer

The internet is full of Airbnb scams and accounts told by victims. But there is a twist in this latest story-gone-viral that is usually lacking in most narratives: The victim evens the score. Airbnb host and scammer "Mr. Tyler" met his match when his would-be guest, TikTok user Olivia @livvoogus,...

Fake Chrome updates spread malware

Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims. Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and...

A week in security (April 10 - 16)

Last week on Malwarebytes Labs: How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09 Apple releases emergency updates for two known-to-be-exploited vulnerabilities Don't plug your phone into a free charging station, warns FBI KFC, Pizza Hut owner employe...

Port scan attacks: Protecting your business from RDP attacks and Mirai botnets

Compromised IP addresses and domains--otherwise legitimate sites that are exploited by hackers without the owner's knowledge--are frequently utilized to conduct port scanning attacks. Port scanning involves systematically scanning a computer network for open ports, which can then be exploited by...

Is AI being used for virtual kidnapping scams?

You may have seen a worrying report of Artificial Intelligence AI being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident's daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunatel...

Massive malvertising campaign targets seniors via fake Weebly sites

Knowing their audience is something scammers excel at, and for very good reason. This is particularly true for tech support scammers whose prime targets are seniors. By understanding what retirees are searching for and abusing various online platforms, crooks can precisely go after the demographi...

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

Ransomware review: April 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Ransomware in France, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

Sextortion "assistance" scammers con victims further

The FBI is warning of a particular aspect of sextortion scams: Supposed organisations that offer "help" to remove stolen images, often at a significant financial cost and no guarantee of success. Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive imagery...

Google Pay accidentally handed out free money, bug now fixed

Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused and a tad happy, some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit pag...

Update now! April’s Patch Tuesday includes a fix for one zero-day

Its Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix...

KFC, Pizza Hut owner employee data stolen in ransomware attack

Upon learning that attackers accessed and siphoned data in January, Yum! Brands, the fast-food chain operator behind The Habit Burger Grill, KFC, Pizza Hut, and Taco Bell, has begun sending Notice of Security Breach letters to employees whose data were potentially affected. "We are writing to...

Ransomware in the UK, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

Don't plug your phone into a free charging station, warns FBI

In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or...

Apple releases emergency updates for two known-to-be-exploited vulnerabilities

On Friday April 7, 2023, Apple released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible because all three updates include important security fixes. The Cybersecurity and Infrastructure Security Agency...

A week in security (April 3 - 9)

Last week on Malwarebytes Labs: TikTok: Whats going on and should I be worried? Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer Big changes to Twitter verification: How to spot a verified account New macOS malware steals sensitive info, including a user's entire Keychain...

How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09

The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...

Uber data theft: Driver info stolen after law firm breached

Uber, yet again, has become a victim of data theft following a third-party breach. This time, threat actors have aimed at the company's law firm, Genova Burns. Data of Uber's drivers may have been swiped during the security incident. According to the letter sent to affected drivers, the firm beca...

Visitors of tax return e-file service may have downloaded malware

The IRS-authorized electronic filing service for tax returns, eFile.com, has been caught serving a couple of malicious JavaScript JS files these past few weeks, according to several security researchers and corroborated by BleepingComputer. Note this security incident only concerns eFile.com, not...

Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. Its now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer...

New tool allows you to opt out of Facebook's targeted advertising

After Meta Facebook and Instagram switched the legal basis for targeting advertising from automatic consent to opt-out, privacy watchdog noyb has built a tool for users to opt out of targeted advertising and various other claims made by Meta in an easy and legally sound way. After losing several...

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

As we raise a glass to toast Malwarebytes' 15th anniversary of boldly venturing into the realm of business cybersecurity, we're feeling nostalgic. It's time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes' evolution. From modest beginnings to becoming a...

IoT garage door exploit allows for remote opening attack

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabeta...

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Over the last decade, K-12 schools have made great strides in employing technologies that facilitate learning--especially since the onset of pandemic-induced distance education. While students have long since returned to the classroom, digital platforms for instruction, collaboration, and homewor...

Stop! Are you putting sensitive company data into ChatGPT?

Helping to reduce costs and enhance productivity are both things that your employer will look kindly upon. But what if you use an external tool for those tasks and the tasks involve confidential data that ended up on a server outside of the control of your company? Thats a problem. As a news writ...

9 vital criteria for effective endpoint security: Insights from the 'Endpoint Security Evaluation Guide' eBook

Endpoint security has never been more important, and with the increasing complexity of the security stack, choosing the right solution can be confusing. The good news is that there is a guide available to help organizations navigate this complex landscape: the "Endpoint Security Evaluation Guide"...

Update Android now! Google patches three important vulnerabilities

In the April 2023 Android security bulletin, Google announced security updates which include fixes for two critical remote code execution RCE vulnerabilities and one vulnerability that has been exploited in the wild. The vulnerabilities are impacting Android systems running versions 11, 12, 12L,...

TikTok misused children's data, faces $15.6M fine

TikTok has been ordered to pay a fine of $15.6M £12.7M for failing to protect 1.4 million UK children under the age of 13 from accessing its platform in 2020. The Information Commissioner's Office ICO, the UK's data protection watchdog, imposed the fine after finding the company used children's...

Western Digital confirms breach, affects My Cloud and SanDisk users

Western Digital, a big brand in digital storage, says it has suffered a "network security incident--potentially ransomware--which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully...

Fake ransomware demands payment without actually encrypting files

Fake it till you make it ransomware groups are trying to get rich off the backs of genuine ransomware authors. Why are they "fake it till you make it"? Because they dont actually create ransomware or compromise networks in any way. Theyre simply lying through their teeth and hoping that recipient...

2023 State of Malware Report: What the channel needs to know to stay ahead of threats

The channel, comprising managed service providers MSPs, Systems Integrators SIs, value-added resellers VARs, and more, plays a vital role in providing cybersecurity for companies around the globe today. But as malware evolves and cyberattacks become more common, keeping up with the top threats to...

Pre-ransomware notifications are paying off right from the bat

CISA Cybersecurity and Infrastructure Security Agency has published the first results of its pre-ransomware notifications that were introduced at the start of 2023. Even though this initiative is relatively young, CISA says it has notified over 60 entities across the energy, healthcare,...

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...

Big changes to Twitter verification: How to spot a verified account

Twitter has made some fairly major changes to how its verified checkmark status works, and its already causing some confusion. If you rely on the checkmark symbol for confirmation that the individual or business tweeting is actually the real deal, your regular process is now different. How...

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center MSRC with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday...

TikTok: What’s going on and should I be worried?

Since 2020, several governments and organizations have banned, or considered banning, the immensely popular social media app TikTok from their staffs devices. With all these alarming bells ringing, we thought it might be handy to break down what we know and see if we can plot a sensible strategy...

A week in security (March 27 - April 2)

Last week on Malwarebytes Labs: Solving the passwords hardest problem with passkeys, featuring Anna Pobletts Food giant Dole reveals more about ransomware attack Bogus Chat GPT extension takes over Facebook accounts Ransomware gunning for transport sector's OT systems next GitHub accidentally...

3 tips for creating backups your organization can rely on when ransomware strikes

Backups are an organization's last line of defense against ransomware, because comprehensive, offline, offsite backups give you a chance to restore or rebuild your computers without paying a criminal for a decryption key. Unfortunately, many organizations don't realize how important it is to make...