A week in security (February 1 – February 7)

Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware was giving up the ghost, swearing off a life of crime and even apologizing for past actions. We looked at a credit card skimmer that found opportunity in the latest Magento 1 hacking...

Barcode Scanner app on Google Play infects 10 million users with one update

UPDATE: February 12, 2021 It has come to our attention that there is another bad actor in this story. Apparently, the original publisher, LAVABIRD LTD, is not the bad actor. It is instead an account under the name "The space team." Nevertheless, there is evidence that updates of Barcode Scanner b...

Android emulator abused to introduce malware onto PCs

Emulators have played a part in many tech-savvy users’ lives. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system—a Windows OS running on a MacBook laptop, for example—but also allows video gamers to play games designed to work on a...

Update now! Chrome patches zero-day that was exploited in the wild

A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be...

Would real identities make social media safer?

“Use real identities to reduce abuse online” is a talking point youve almost certainly seen down the years. It also seems to come around like clockwork every other month, and is currently a hot topic in the UK after prominent journalists / media personalities raised the issue. It’s an interesting...

Browser sync—what are the risks of turning it on?

Modern browsers include synchronization features like Google Chromes Sync so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is certainly convenient, particularly when youre migrating to a new device, synchronizing browsers also...

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this...

Fonix ransomware gives up life of crime, apologizes

Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...

A week in security (January 25 – January 31)

January 28 was Data Privacy Day, but for Malwarebytes Labs, it was Data Privacy Week. As such, were packed with more privacy coverage than you can shake a stick at, starting with some practical steps on how to make your online life private and secure, and why privacy is core to a safer internet. ...

Cleaning up after Emotet: the law enforcement file

This blog post was authored by Hasherezade and Jérôme Segura Emotet has been the most wanted malware for several years. The large botnet is responsible for sending millions of spam emails laced with malicious attachments. The once banking Trojan turned into loader was responsible for costly...

RDP abused for DDoS attacks

We have talked about RDP many times before. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it. Remote access has become more important during the pandemic, with as many people as possible try to work from home. Which makes it...

$12m Grindr fine shows GDPR’s got teeth

As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isnt an afterthought. Grindr, the popular social network and dating platform, will likely suffer a $12 million USD fine due to privacy related complaints. What happened here, and what are the implications for future case...

3 tips to top up your privacy

Its Data Privacy Day—the perennial event that many internet users may have never heard of, but have strong feelings and opinions about the very things that birthed it in the first place. Originally created to help businesses learn about why online privacy matters, its reach has since extended to...

Why Data Privacy Day matters: A Lock and Code special with Mozilla, DuckDuckGo, and EFF

You can read our full-length blog here about the importance of Data Privacy Day and data privacy in general Today is a special day, not just because January 28 marks Data Privacy Day in the United States and in several countries across the world, but because it also marks the return of our hit...

Why Data Privacy Day matters

Our Lock and Code special episode on Data Privacy Day, featuring guests from Mozilla, DuckDuckGo, and Electronic Frontier Foundation can be listened to here. Today, January 28, is Data Privacy Day, the annual, multinational event in which governments, companies, and schools can inform the public...

Pow! Emotet’s down. Is it out?

In a coordinated action, multiple law enforcement agencies have seized control of the Emotet botnet. Agencies from eight countries worked together to deliver what they hope will be a decisive blow against one of the worlds most dangerous and sophisticated computer security threats. The Emotet...

Google FLoC puts ad trackers on a cookie-free diet

Cookie tracking is dying and Google needs a replacement. Its betting on FLoC, an ad tracking technology that lets it understand peoples behaviour while respecting their privacy. Google has announced that its tests show promising signs that FLoC is working. Is this a milestone on the road to more...

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

Chrome wants to make your passwords stronger

A common sentiment, shared by many people down the years, is that storing passwords in browsers is a bad idea. Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your...

Are TikTok’s new settings enough to keep kids safe?

TikTok, the now widely popular social media platform that allows users to create, share, and discover, amateur short clips—usually something akin to music videos—has been enjoying explosive growth since it appeared in 2017. Since then, it hasn’t stopped growing—more so during the current pandemic...

DNSpooq bugs haunt dnsmasq

The research team at JSOF found seven vulnerabilities in dnsmasq and have dubbed them DNSpooq, collectively. Now, some of you may shrug and move on, probably because you havent heard of dnsmasq before. Well, before you go, you should know that dnsmasq is used in a wide variety of phones, routers,...

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this informatio...

The story of ZeroLogon

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very...

Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary...

What’s up with WhatsApp’s privacy policy?

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem?...

A week in security (January 11 – January 17)

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some...

MSPs, have you picked the right PSA for you yet?

Not long ago, we helped MSPs pick the right remote monitoring and management RMM platform for them, and make it an essential part of their service toolkit. As you may recall, an RMM is a tool that helps MSPs do the work. And what better way to track the work—and other elements associated with...

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency CISA issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture...

Microsoft issues 83 patches, one for actively exploited vulnerability

Every second Tuesday of the month its Patch Tuesday. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software. Its always important to patch, but the update that was released on January 12 is one to pay attention to. Thats because it contains a...

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe wont be supporting the updating and patching of its Flash Player software; covered the...

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say theyve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video whi...

Funke Media Group suffers nationwide ransomware attack in Germany

On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several loca...

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...

Adobe Flash Player reaches end-of-life

“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make...

VPN usage is increasing, says December 2020 survey

I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t own or use a computer—but she knows what Zoom is. Not since “Kleenex” has a brand become so pervasive that people use the brand name as a generic term for the product. For my mom, any kind of video...

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...

The strangest cybersecurity events of 2020: a look back

This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020s news stories were the pressure-cooker product of mania, chaos, and the...

The most enticing cyberattacks of 2020

This is part one of a two-part series. To read about the strangest cybersecurity events of 2020, read our second story here. In 2020, we experienced a major shift. Much of the world pitched in to limit the spread of the coronavirus, with people changing their daily routines to include a mixture o...

SearchDimension search hijackers: An overview of developments

Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...

A week in security (December 21- December 27)

Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here’s what happened, and our VideoBytes episode talked about what penetration testing tools...

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he...

I played the free online games your kids are playing and here’s what happened

“Throat kill! Throat kill!” “I need a dad.” These are just some of the things I heard a six-year-old boy shout at his iPad while I was babysitting one evening. I was disturbed, yet compelled to learn more. Babysitting is always a puzzling experience for me. Why are their hands always sticky? Who...

Emotet returns just in time for Christmas

Emotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution campaigns. Once again, and for about two months, the botnet stopped its malspam activity only to return days before Christmas. In typical Emotet fashion, the threat actors continue to...

Beware: not so festive social media scams

We’re now into the most crucial stage of Christmas festivities, where money and gifts are on the march…and social media is a conduit for both good and bad tidings. This is the absolute best time for social media scammers to make their move. A little confidence trick here, the promise of good chee...

A week in security (December 14 – December 20)

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...

The many ways you can be scammed on Facebook, part II

In part 1 of this article series, we looked at data mining schemes, scam ad campaigns, concert tickets scams, and PayPal fund transfer scams. Today, we continue to list down the other scams you might encounter on Facebook. Bitcoin trading scam Who would have thought that a "simple" phishing schem...

VideoBytes: Brute force attacks increase due to more open RDP ports

Hello Folks! In this Videobyte, we’re talking about why brute force attacks are increasing and why that is a problem for everyone. The number of RDP ports exposed to the Internet grew from about three million in January 2020 to over four and a half million in March. The reason for this increase i...

Smart toy security: How to keep your kids safe this Christmas

Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it’s bound to. It hasn’t brought about the end of civilisation a...