A special browser designed for online banking. Good idea, or not so much?

The German Sparkasse bank has launched a browser that is especially designed to do your online banking. The browser called S-Protect is available for macOS and Windows users. The idea is interesting, since having a separate browser for banking can certainly add an extra layer of security. Separat...

$600 a week to wrap your car? It’s a scam

A friend of mine recently received a text message which they described as "intriguing, but nonsensical". They were convinced it was some sort of scam, but they werent sure what the scammers were up to. Would it turn out to be some sort of phishing attempt? A telephone scam? Banking fraud? That on...

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...

A week in security (May 2 – 8)

Last week on Malwarebytes Labs: Google, Apple, and Microsoft step hand in hand into a passwordless future OpenSea warns of Discord channel compromise Avoid these Instagram “Get rich with Bitcoin” scams Steer clear of fake premium mobile app unlockers How Instagram scammers talk users out of their...

Google, Apple, and Microsoft step hand in hand into a passwordless future

While we recently "celebrated" World Password Day, almost every security outlet keeps telling us that passwords alone are not enough. In practice, in the last few years this has meant pairing passwords with something else, such as a one-time code from an app or an SMS message, in a scheme called...

OpenSea warns of Discord channel compromise

OpenSea, the primary marketplace for buyers and sellers of non-fungible tokens NFTs, has reported major problems with its Discord support channel. How major? Well, theres a "potential vulnerability" which allowed spambots to post phishing links to other users. A problem that lead OpenSea Support ...

Steer clear of these Instagram “Get rich with Bitcoin” scams

I don’t know about you, but I open Instagram to look at cool photos of pets, not to make a fortune via suspicious claims of riches by strangers. Despite this, following someone whose photos I liked resulted in a very peculiar message. It’s possible I waved goodbye to a path to untold riches. Mayb...

Steer clear of fake premium mobile app unlockers

A site has been bouncing around YouTube comments for the past couple of weeks. The site sometimes changes, the messages alter slightly, but the essence remains the same: In all cases, people acting in suspiciously automated fashion ask if everyone is using this "glitch" or generator without ever...

How Instagram scammers talk users out of their accounts

If youve dealt with a scammer, youll know that making up stories is their bread and butter. Think about it: Just when you thought youd heard all the infamous 419 scam backstories, scammers surprise you with a "stuck astronaut" scam, something so utterly hilarious, nonsensical, and otherworldly th...

Ransomware: April 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...

The $43 billion Business Email Compromise threat

The FBI has released a public service announcement regarding the ever-present threat of Business Email Compromise BEC. This comes hot on the heels of an earlier release from the Las Vegas FBI department in April. Losses continue to mount, and were currently facing a scam racking up domestic and...

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...

Google fixes two critical Pixel vulnerabilities: Get your updates when you can!

Google has made updates available for Android 10, 11, 12 and 12L. The May Android Security Bulletin contains details of security vulnerabilities affecting Android devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel...

It’s business as usual for REvil ransomware

After the FBS arrested 14 of its members in January, and a subsequent lull in action, the REvil ransomware gang appears to be back. We say "appears" because its still unclear whether the groups operations have indeed restarted. To the trained eye, REvils movements seem out of sorts. When REvils o...

World Password Day: Brushing up on the basics

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. There are awareness days for all sorts of things, and perhaps we dont need all of them. You cant go wrong shoring up a leaky password line of defence though, so without further ado:...

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended ...

Fake Cyberpunk Ape Executives target artists with malware-laden job offer

The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse Lots of people with art profiles ...

State-backed hacking group from China is targeting the Russian military

In an unexpected turn of events, research has surfaced about a Chinese APT advanced persistent threat group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more...

Craft fair vendors targeted by fake event scammers on Facebook

A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small...

US healthcare billing services group hacked, affecting at least half a million individuals

According to the US Department of Health and Human Services, Adaptive Health Integrations AHI, a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last...

Airdrop phishing: what is it, and how is my cryptocurrency at risk?

Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop...

Over 50 countries sign the “Declaration for the Future of the Internet”

Governments of the US, EU member states, and 32 other countries have announced the launch of the "Declaration for the Future of the Internet," a "political commitment" among endorsers "to advance a positive vision for the internet and digital technologies." "We are united by a belief in the...

Watch out for these 3 small business cybersecurity mistakes

May 2 marks the start of National Small Business Week, a week that recognizes "the critical contributions of America’s entrepreneurs and small business owners", and promises to "celebrate the resiliency and tenacity of America’s entrepreneurs." That sounds good to us: Small business are a vital...

A week in security (April 25 – May 1)

Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...

Update now! Critical patches for Chrome and Edge

Google has released an update for its Chrome browser that includes 30 security fixes. The latest version of the stable channel is now Chrome 101.0.4951.41 for Windows, Mac and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system...

Russia continues digital onslaught against Ukrainian systems

According to Microsoft, at least six Kremlin-backed hacking groups have been attacking Ukraine in the digital space in an onslaught that began before the invasion in late February. The company counted more than 237 cyberattack operations against Ukrainian systems and critical infrastructure. Thes...

The top 5 most routinely exploited vulnerabilities of 2021

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States CISA, NSA, and FBI, Australia ACSC, Canada CCCS, New Zealand NZ NCSC, and the United Kingdom NCSC-UK has detailed the top 15 Common Vulnerabilities and Exposures CVEs routinely exploited by malicious cybe...

Beware Twitter Messages claiming “Your blue badge Twitter account has been reviewed as spam”

Twitter verification is a two-edged sword. According to Twitter, its supposed to let people know "that an account of public interest is authentic." Thats great, so long as the account is authentic, but what if, one day, it suddenly isnt? An attacker that can wrestle a verified account from its...

Beware scammers disguised as fraud busters

Fraudsters like confusing and disorienting people. Successful ones avoid obvious lines of approach and try things you wouldnt expect. A recent story highlights this, with a particularly devious method of parting someone from their money. The Daily Record reports scammers running off with an $11,0...

Warning! Instagram Stories hides a scam in plain sight

When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...

Google Play’s Data safety section empowers Android users to make informed app choices

Google has launched its new "nutrition labels" for apps, a feature it promised in the spring of 2021. This release came days after the Chrome team released badges for the Chrome Web Store for browser extensions. The company said in a blog post that its rolling out the labels—which it calls the...

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine CERT-UA has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS distributed denial of service attacks. They dont currently know who is behind these attacks. The attack involves injecting a malicious...

Why you should be taking security advice from your grandmother

We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine. The defau...

FBI warns food and agriculture to brace for seasonal ransomware attacks

The Federal Bureau of Investigation FBI recently released a Private Industry Notification warning agriculture cooperatives also known as "farmers co-ops" of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks coul...

Hackers fool major tech companies into handing over data of women and minors to abuse

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...

Call of Duty cheats can expect embarrassment with new anti-cheat feature

In-game cheats are about to have an even harder time of things in triple AAA titles such as Call of Duty. Activision’s “Ricochet” software - a kernel level driver anti-cheat system - has added another twist to the tale of how players are protected via a new system called “Cloaking”. Making all ne...

Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily affected: Families who were forced out of their homes due to bombings and children separated from grown-ups who decided to stay and take arms. Weve also seen a considerable...

QNAP customers urged to disable AFP to protect against severe vulnerabilities

MacOS users that have a network-attached storage NAS device made by QNAP are being advised to disable the Apple Filing Protocol AFP on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already don...

Onyx ransomware destroys files, and also the criminal circle of trust

Some ransomware authors seem to be whittling down their tenuous "circle of trust" style agreement with victims even further. Word has spread of an Onyx ransomware operation a variant of Chaos ransomware which is quite a bit more destructive than those impacted would be hoping for. However, all is...

Facebook phishers threaten users with Page Recovery Help Support

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services arent here to help. Theyre actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belongi...

Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site

So Elon Musk is buying Twitter, and you can be sure that scammers are making the most of this news. As Elon Musk spends most of the week in the headlines, so pop up Elon Musk-themed scams—and it looks like they may be ramping up. We witnessed a flurry of replies from the man himself in response t...

“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance

We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows: Greetings, I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm worki...

What’s happening in the world of personal cyber insurance?

Youve likely only seen cybercrime insurance primarily mentioned in relation to attacks on businesses. Most commonly, it’s cited with regard to ransomware attacks in the workplace, or associated data loss. Some folks think the mere presence of insurance simply encourages more attacks, and is hurti...

“Reject All” cookie consent button is coming to European Google Search and YouTube

Google will soon be giving European countries a "Reject All" button in the Search and YouTube cookie consent banner. This change, which was revealed by Googles Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to...

Emotet fixes bug in code, resumes spam campaign

Emotet threat actors resumed their email spam campaign on Monday after stopping it late last week to fix a bug. The bug—a flaw in how Emotet is installed onto a system after a victim opens a malicious email attachment—forced the actors to prematurely halt their campaign. Sample email of an Emotet...

Hospitals taken offline after cyberattack

The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned French that data have been exfiltrated and might be used for phishing in the future. As a consequence, the GHT Cœur Grand Est has cu...

Rogue ads phishing for cryptocurrency: Are you secure?

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The...

Watch out for this SMS phish promising a tax refund

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who dont read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send...

Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be "not advanced at all." This was f...