Stalkerware’s legal enforcement problem

Content warning: This piece contains brief descriptions of domestic violence and assault against women and children. In the past five years, only two stalkerware developers, both of whom designed, marketed, and sold tools favored by domestic abusers to pry into victims’ private lives, have faced...

Stealthy new Android malware poses as ad blocker, serves up ads instead

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of...

Labs report finds cyberthreats against healthcare increasing while security circles the drain

The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts...

Vital infrastructure: securing our food and agriculture

I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...

Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant

We recently highlighted new steps Instagram is taking to try and clamp down on scammers sending fake messages on their platform. It turns out, other social media giants are walking a similar path for a variety of bogus ads and other attacks. Facebook scams in particular have taken off, despite th...

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks. Other cybersecurity new...

Not us, YOU: vendor email compromise explained

Silent Starling, an online organized criminal group hailing from West Africa, seem to have reminded SMBs and enterprises alike the perils of business email compromise BEC scams once more. This time, they've advanced BEC into a more potent modality by widening the scope of its potential targets an...

Here are the most popular robocall scams and how to avoid them

We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful y...

ACCESS Act might improve data privacy through interoperability

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects...

Announcing Malwarebytes 4.0: smarter, faster, and lighter

Malwarebytes was founded on the belief that everyone has a fundamental right to a malware-free existence. Every product we make is built on that premise. That’s why we’ve been hard at work on the latest version of Malwarebytes for Windows that not only sports a whole new look, but packs...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission FTC filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face,...

Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press

When you’re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions—more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a...

SMBs lack resources to defend against cyberattacks, plus pay more in the aftermath

Cyberattacks, many have noted, are the fastest growing economic crime not only in the United States, but also around the world. This upward trend has been observed since 2014, according to PricewaterhouseCoopers PwC, and won’t likely be slowing down anytime soon. Cyberattacks—much like the...

Help prevent disaster donation scams from causing more misery

It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top...

Stalkerware developer dealt new blow by FTC

Last week, the US Federal Trade Commission FTC interpreted its broad consumer protection mandate to file a first-of-its-kind enforcement action against the developer of three mobile stalkerware applications. The developer was banned from further selling the apps unless significant changes were ma...

As Internet turns 50, more risks and possibilities emerge

This op-ed originally appeared in the San Francisco Chronicle on October 28, 2019. We occupy a richly-connected world. On the Internet, we collapse distance and shift time. But this Internet that delivers mail, connects us with friends, lets us work anywhere, and shop from the palm of the hand, i...

A week in security (October 21 – 27)

Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much...

How to protect yourself from doxing

“Abandon hope all ye who enter.” This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today. It’s hard to draw a parallel to the utility that the Internet has offered to modern civilization—perhaps no other...

Growing rate of robocalls threatens user privacy

When a person sees a call from an unknown number and picks up to hear a recorded voice on the other end, they've received a robocall. Some are helpful, such as reminders of upcoming doctor's appointments or school announcements. However, the vast majority are from unsolicited parties trying to...

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect...

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password its vulnerabilities, current alternatives, and possible future disappearance, analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this...

Why all organizations must better protect sensitive data

About two weeks ago, National Cybersecurity Awareness Month NCSAM kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and...

When can we get rid of passwords for good?

Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...

Instagram clamps down on fake messages with anti-phishing tool

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the...

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment IOCTA report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also...

A week in security (October 7 – 13)

Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection...

Securing the managed service provider (MSP)

Managed service providers MSPs have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long...

Cyber insurance: here to stay, whether we like it or not

Cyber insurance has been a big talking point in infosec circles for many months now. We’ve mentioned it in passing ourselves a few times, usually in relation to ransomware attacks. This isn’t surprising; ransomware may not be the threat that brought cyber insurance to life, but it absolutely help...

How to protect against stalkerware, a murky but dangerous mobile threat

Last week, we pledged that—in honor of National Cybersecurity Awareness and Domestic Violence Awareness months—we would continue the fight against the online scourge known as stalkerware, or applications used to track and spy on victims without their knowing consent. We told readers that, despite...

Explained: war shipping

Yesterday, Mike from the mailroom came up and asked whether I knew anyone called “Simon Smith.” He received an envelope addressed to our company and to the attention of Mr. Smith, but there was no one by that name on his list of employees. It wasn’t on mine either and HR was unaware of a person b...

A week in security (September 30 – October 6)

Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness NCSA and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the...

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by...

How security orchestration improves detection and response

Working together in perfect harmony like the wind and percussion sections of a symphony orchestra requires both rigorous practice and a skilled conductor. Wouldn’t it be great if our cybersecurity solutions did the same to better protect organizations? The methods and tools used to accomplish thi...

For Cybersecurity and Domestic Violence Awareness months, we pledge to fight stalkerware

Starting today, two hallmark holidays are upon us. No, it’s not Halloween and Thanksgiving. It’s both Cybersecurity Awareness Month and Domestic Violence Awareness Month. It’s no coincidence these two awareness campaigns overlap. What were once seen as separate realities—the physical and the...

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the "permanent" only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points,...

Insurance data security laws skirt political turmoil

Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass federa...

15,000 webcams vulnerable to attack: how to protect against webcam hacking

Webcams may have been around for a long time, but that doesn’t mean we know what we’re doing with them. Webcam hacking has been around for equally as long, yet new research from Wizcase indicates that more than 15,000 private, web-connected cameras are exposed and readily accessible to the genera...

Emotet malspam campaign uses Snowden’s new book as lure

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers C2, about a...

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year's most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and...

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it's usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What's not often consider...

Browser Guard combats privacy abuse, tracking, clickbait, and scammers

In July 2018, we introduced the Malwarebytes Browser Extension, a beta plugin for Firefox and Chrome aimed at delivering a safer, faster, and more private browsing experience. Our extension blocked tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from...

CEOs offer their own view of a US data privacy law

Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy...

International students in UK targeted by visa scammers

A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years. The scam works by presenting a threat to students’ immigration status and us...

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control C2 server activity. But this morning, the Trojan started...

A week in security (September 9 – 15)

Last week on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets...

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there's no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when...

YouTube ordered to cough up $170M settlement over COPPA infraction

Last week, the Federal Trade Commission FTC announced that it has required Google and YouTube to pay a settlement fee totaling $170 million after its video-sharing platform was found violating the Children’s Online Privacy Protection Act COPPA. The complaint was filed by the FTC and the New York...

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems. This article will provide IT teams with the necessary information to decide whether or not to apply the Heartblee...