Consumerization: a better way to answer cybersecurity challenges

A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...

Criminals hack Tupperware website with credit card skimmer

Update 2: A spokesperson for Tupperware has given a public statement to Alex Scroxton, Security Editor at ComputerWeekly. You can read it here. Update: Following our blog post, we continued to monitor the Tupperware website. As of 03/25 at 1:45 PM PT, we noticed that the malicious PNG file had be...

Windows 7 is EOL: What next?

End-of-life EOL is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance. Every Windows product h...

Fake “Corona Antivirus” distributes BlackNET remote administration tool

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your...

A week in security (March 16 – 22)

Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...

Coronavirus scams, found and explained

Coronavirus has changed the face of the world, restricting countless individuals from dining at restaurants, working from cafes, and visiting their loved ones. But for cybercriminals, this global pandemic is expanding their horizons. In the past week, Malwarebytes discovered multiple email scams...

Security tips for working from home (WFH)

Over the last decade, remote work and working from home has grown in popularity for many professionals. In fact, a 2018 study found more than 70 percent of global employees work remotely at least once per week. However, the coronavirus pandemic and resulting lockdown in many parts of the world ha...

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book

The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we've been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Yesterday, we observed a...

Child identity theft, part 2: How to reclaim your child’s identity

In a world where children as young as a single day old can fall prey to fraud, it is more important than ever to educate parents and other caretakers about the dangers of child identity theft. While the hope is that perceptions can be changed and criminals brought to justice, likely the biggest...

Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challeng...

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while...

The effects of climate change on cybersecurity

Outside the coronavirus pandemic and its related healthcare and economic fallout, climate change and cybersecurity are seen by many as the two most urgent problems facing our planet now and in the near future. They are two distinct and separate problems, to be sure. There are some areas, however,...

Coronavirus impacts security conferences and events: check your schedule

With coronavirus starting to take hold globally, international travel restrictions are kicking in and more workplaces are advising to work from home whenever possible. When self-isolation is a potential solution, public gatherings are increasingly looking like a terrible idea. Events are becoming...

RemoteSec: achieving on-prem security levels with cloud-based remote teams

The world of work is changing—by the minute, it feels these days. With the onset of the global coronavirus pandemic, organizations around the world are scrambling to prepare their workforce, and their infrastructure, for a landslide of remote connections. This means that the security perimeter of...

Securing the MSP: best practices for vetting cybersecurity vendors

Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Update: The digital certificate issued for https.ps has been revoked by GlobalSign. Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimme...

A week in security (March 2 – 8)

Last week on Malwarebytes Labs, we fired up part 1 of our series on child identity theft, asked how well law enforcement can deal with cybercriminals, and took a trip down the memory lane of moral panic. We also looked at the positives and negatives of VPNs and examined our own progress in the...

International Women’s Day: awareness of stalkerware, monitoring, and spyware apps on the rise

Nine months ago, Malwarbytes recommitted itself to detecting invasive monitoring apps that can lead to the excessive harm of women—most commonly known as stalkerware. We pledged to raise public awareness, reach out to advocacy groups, and share samples and intelligence with other security vendors...

Bring your own privacy: VPNs for consumers and orgs

VPNs virtual private networks have been popular for quite some time now, and they’re worth a huge amount of money for the companies working in this area. They’re also at the forefront of combating potential repression and censorship around the world. It might all sound a bit esoteric and unrelate...

Technology and the power of moral panic

Moral panic is a fascinating topic, and often finds itself tied up in the cutting edge-technology of the times once it works its way into the hands of younger generations. Music, games, movies—pretty much anything you can think of is liable to gatecrash the “won’t somebody think of the children?”...

Are our police forces equipped to deal with modern cybercrimes?

“You should have asked for the presence of a digital detective,” Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file a report. After listening to his story, the police...

Child identity theft, part 1: On familiar fraud

In 2013, 30-year-old Axton Betz-Hamilton received an angry phone call from her father two weeks after her mother, Pam, died. "What the hell were you thinking?" he screamed. He had just unearthed a credit card statement in her name that had run over its limit from a box of her mother’s paperwork...

Lock and Code S1Ep1: On RSA, the human element, and the week in security

Last week, we told you we were launching a fortnightly podcast, called Lock and Code. This week, we made good on our promise, with lots of headlines generated right here on Labs, as well as other security news around the web. In addition, we talk with Britta Glade, Director of Content and Curatio...

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called "Domen" being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we...

Mac adware is more sophisticated and dangerous than traditional Mac malware

As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows...

Stalkerware and online stalking are accepted by Americans. Why?

Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and...

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon's Cloudfront content delivery network CDN via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and...

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application...

Introducing Lock and Code: a Malwarebytes Labs podcast

Intrepid Labs readers might be happy to know that we're stepping into territory long-requested and desired: we're launching a podcast. Malwarebytes researchers and reporters are on the front lines of cybercrime, delivering both fast-breaking news and thoughtful features on our blog to raise...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

Why managed service providers (MSP) are critical for business continuity

With the threat landscape becoming more hostile to businesses, small- and medium-sized businesses SMBs are often finding it difficult to cope. Hence, they turn to managed service providers MSPs for help, not only to keep their businesses going—the concept known as business continuity—but also to...

Threat spotlight: RobbinHood ransomware takes the driver’s seat

Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game hunters—attacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves. In 2019, the...

Rudy Giuliani’s Twitter mishaps invite typosquatters and scammers

Former cybersecurity czar Rudy Giuliani has been targeted by typosquatters on Twitter, thanks to copious misspellings and other keyboarding errors made in a number of his public tweets. In a tweet sent out on Sunday, Giuliani meant to send his 650,000-plus followers to his new website,...

Harnessing the power of identity management (IDaaS) in the cloud

Sometimes, consumers have it easy. Take, for example, when they accidentally lock themselves out of their personal email. Their solution? Reset the password. With one click, they're able to change their old, complicated password with a new, more memorable one. Self-service password reset is aweso...

A week in security (February 10 – 16)

Last week on Malwarebytes Labs, we explained how to battle online coronavirus scams with facts, discussed the persistent re-infection techniques of Android/Trojan.xHelper and how to remove it, provided cyber tips for safe online dating, and showed how Hollywood teaches us misleading cybersecurity...

Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack

In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward...

Cyber tips for safe online dating: How to avoid privacy gaffs, exploits, and scams

Research and reporting on this article were conducted by Labs writers Chris Boyd and David Ruiz. Dating apps have been mainstream for a long time now, with nearly every possible dating scene covered—casual, long-term, gay, poly, of the Jewish faith, interested only in farmers—whatever you're...

Android Trojan xHelper uses persistent re-infection tactics: here’s how to remove

We first stumbled upon the nasty Android Trojan xHelper, a stealthy malware dropper, in May 2019. By mid-summer 2019, xHelper was topping our detection charts—so we wrote an article about it. After the blog, we thought the case was closed on xHelper. Then a tech savvy user reached out to us in...

Malwarebytes Labs releases 2020 State of Malware Report

Today is Safer Internet Day—and what better way to celebrate/pay homage than to immerse yourself in research on the latest in malware, exploits, PUPs, web threats, and data privacy? It so happens we've got just the right content to kick-start the party because today we released the results of our...

Battling online coronavirus scams with facts

Panic and confusion about the recent coronavirus outbreak spurred threat actors to launch several malware campaigns across the world, relying on a tried-and-true method to infect people’s machines: fear. Cybercriminals targeted users in Japan with an Emotet campaign that included malicious Word...

A week in security (February 3 – 9)

Last week on Malwarebytes Labs, we looked at Washington state’s latest efforts in providing better data privacy rights for their residents, and we dove into some of the many questions regarding fintech: What is it? How secure is it? And what are some of the problems in the space? We also detailed...

Google Maps: online interventions with offline ramifications

The places where online life directly intersection with that lived offline will be forever fascinating, illustrated perfectly through a recent performance piece involving Google Maps, a cart, and an awful lot of mobile phones. Simon Weckert, an artist based in Berlin, Germany, showed how a little...

Adposhel adware takes over browser push notifications administration

Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the...

Fintech security: the challenges and fails of a new era

"I have no idea how this app from my bank works, and I don't trust what I don't understand." Josh is not an old curmudgeon or luddite. He's 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It's not that he doesn't trust his bank. He...

Washington Privacy Act welcomed by corporate and nonprofit actors

The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...

Securing the MSP: why they’re their own worst enemy

We've previously discussed threats to managed service providers MSPs, covering their status as a valuable secondary target to both an assortment of APT groups as well as financially motivated threat groups. The problem with covering new and novel attack vectors, however, is that behind each new...

Spear phishing 101: what you need to know

Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing phishing via...

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trus...

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes...