New Facebook ad reporting tool launches in UK

Last year, well-known consumer advice expert Martin Lewis decided to take Facebook to court for defamation. The cause? Multiple bogus adverts placed on the social network featuring his likeness, appearing via the ad network Outbrain. As a trusted face in consumer causes, scammers bolting Lewis'...

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

Sodinokibi ransomware, also known as Sodin and REvil, is hardly three months old, yet it has quickly become a topic of discussion among cybersecurity professionals because of its apparent connection with the infamous-but-now-defunct GandCrab ransomware. Detected by Malwarebytes as...

No man’s land: How a Magecart group is running a web skimming operation from a war zone

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code skimmers typically injected into compromised e-commerce websites ...

Compromising vital infrastructure: problems in education security continue

The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. These limite...

Hi, honey. It’s mom. My phone is acting funny again.

Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it's older generations that have to turn to their progeny for everything from uploading...

Meet Extenbro, a new DNS-changer Trojan protecting adware

Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an...

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendis...

Cellular networks under fire from Soft Cell attacks

We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone...

Caution: Misuse of security tools can turn against you

We have a saying in Greece: "They assigned the wolf to watch over the sheep." In a security context, this is a word of caution about making sure the tools we use to keep our information private don't actually cause the data leaks themselves. In this article, I will be talking about some cases tha...

What should a US federal data privacy law ideally include?

In the constant David-and-Goliath struggle between digital privacy advocates and corporate privacy invaders, the question of how to legally protect Americans with a comprehensive, federal data privacy law provides conflicting answers. Advocates want protections, which Big Tech interprets as...

Enterprise incident response: getting ahead of the wave

Enterprise defenders have a tough job. In contrast to small businesses, large enterprise can have thousands of endpoints, legacy hardware from mergers and acquisitions, and legacy apps that are business critical and prevent timely patching. Add to that a deluge of indicators and metadata from the...

How to securely send your personal information

This story originally ran on The Parallax and was updated on July 3, 2019. A few months ago, my parents asked a great security question: How could they securely send their passport numbers to a travel agent? They knew email wasn’t safe on its own. Standard email indeed isn’t safe for sending...

A week in security (July 1 – 7)

Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators. Other cybersecurity news: A former Chief Information Officer CIO of Equifax...

Steer clear of Bitcoin Cash generators

Here’s an interesting evolution on a well-worn scam, taking one profit generating fakeout and turning it into something else entirely. For years, gamers have been stuck navigating the treacherous waters of fake video game giveaways. With so many actual genuine gaming giveaways around, you’re neve...

Cooperating apps and automatic permissions are setting you up for failure

“Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sit...

A week in security (June 24 – 30)

Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages...

Helping survivors of domestic abuse: What to do when you find stalkerware

We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes...

Fake jquery campaign leads to malvertising and ad fraud schemes

Recently we became aware of new domains used by an old malware campaign known as 'fake jquery', previously documented by web security firm Sucuri. Thousands of compromised websites are injected with a reference to an external JavaScript called jquery.js. However, there is something quite elusive...

GreenFlash Sundown exploit kit expands via large malvertising campaign

Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection ...

Recipe for success: tech support scammers zero in via paid search

Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top...

A week in security (June 17 – 23)

Last week on the Malwarebytes Labs blog, we took a look at the growing pains of smart cities, took a deep dive into AI, jammed along to Radiohead, and looked at the lessons learned from Chernobyl in relation to critical infrastructure. We also explored a new Steam phish attack, and pulled apart a...

Mobile stalkerware: a long history of detection

Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back mor...

Fresh “video games” site welcomes new users with Steam phish

Over the weekend, I received this unsolicited message from an acquaintance on Steam: 1 free game for new users! Take the game you want https://t.co/redacted Fortunately, other friends on Steam were quick to publicly warn others about potentially hacked accounts spamming dubious messages to anyone...

Chernobyl’s lessons for critical-infrastructure cybersecurity

This story originally ran on The Parallax on April 26, 2019. CHERNOBYL EXCLUSION ZONE, Ukraine—The stray dog looking directly at me was hard to resist. Her ears perked up, her fur appeared clean—free of mange, at any rate—and she held a large stick firmly between her jaws. She looked like a good...

Radiohead’s ransom response shows novel approach for ransomware victims

Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security sorry. Instead of paying a ransom to...

New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. A...

Labs report: Malicious AI is coming—is the security world ready?

Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There's no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in th...

Smart cities, difficult choices: privacy and security on the grid

All is not well in the land of smart city planning, as the latest major planned development from Google's sister company Sidewalk Labs continues to run into problems in Toronto, Canada. A groundswell of support? Building a city “From the ground up” is apparently no longer a thing: at least some...

A week in security (June 10 – 16)

Last week on Malwarebytes Labs, we revealed to readers the mindset of security pros as to why they lack confidence in their ability to prevent their organizations getting breached. We also reported on Maine Governor Janet Mills implementing the state’s own privacy protections, how Apple can bette...

Trolls abuse Twitter Lists to collate their targets

I’ve been using Twitter for more than a decade. And one of its features that I find valuable is Lists. Turns out I'm not the only one. Lists allow Twitter users to group profiles or feeds based on certain criteria, such as sports, tech news, celebrities, fashion—you get the idea. Having Lists mak...

Adware and PUPs families add push notifications as an attack vector

Some existing families of potentially unwanted programs and adware have added browser push notifications to their weapons arsenal. Offering themselves up as browser extensions on Chrome and Firefox, these threats pose as useful plugins then haggle users with notifications. A family of search...

Apple iOS 13 will better protect user privacy, but more could be done

Last week, Apple introduced several new privacy features to its latest mobile operating system, iOS 13. The Internet, predictably, expressed doubt, questioning Apple’s oversized influence, its exclusive pricing model that puts privacy out of reach for anyone who can’t drop hundreds of dollars on ...

MegaCortex continues trend of targeted ransomware attacks

MegaCortex is a relatively new ransomware family that continues the 2019 trend of threat actors developing ransomware specifically for targeted attacks on enterprises. While GandCrab apparently shut its doors, several other bespoke, artisanal ransomware families have taken its place, including...

Maine governor signs ISP privacy bill

Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. The law, which will go into effect July 1, 2020, bloc...

Cybersecurity pros think the enemy is winning

There is a saying in security that the bad guys are always one step ahead of defense. Two new sets of research reveal that the constant cat-and-mouse game is wearing on security professionals, and many feel they are losing in the war against cybercriminals. The first figures are from the...

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down...

Video game portrayals of hacking: NITE Team 4

Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed...

Hyperlink auditing: where has my option to disable it gone?

There is a relatively old method that might be gaining traction to follow users around on the world wide web. Most Internet users are aware of the fact that they are being tracked in several ways. And awareness is a good start. In a state of awareness, you can adjust your behavior accordingly, an...

Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec’s European Security Blogger Awards

Infosec Europe is now well underway, and last night was the annual EU Security Blogger Awards, where InfoSecurity Magazine: …recognises the best blogs in the industry as first nominated by peers and then judged by a panel of mostly respected industry experts. Malwarebytes Labs was announced as...

Maine inches closer to shutting down ISP pay-for-privacy schemes

Maine residents are one step closer to being protected from the unapproved use, sharing, and sale of their data by Internet service providers ISPs. A new state bill, already approved by the state House of Representatives and Senate, awaits the governor’s signature. If signed, the bill would provi...

Magecart skimmers found on Amazon CloudFront CDN

Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...

A week in security (May 27 – June 2)

Last week on Malwarebytes Labs, we took readers through a deep dive—way down the rabbit hole—into the novel malware called “Hidden Bee.” We also looked at the potential impact of a government agency’s privacy framework, and delivered to readers everything they needed to know about ATM attacks and...

Leaks and breaches: a roundup

It’s time for one of our semi-regular breach/data exposure roundup blogs, as the last few days have brought us a few monsters. If you use any of the below sites, or if you think some of your data has been sitting around exposed, we’ll hopefully give you a better idea of what the issue is. Seeing ...

Hidden Bee: Let’s go down the rabbit hole

Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements this format was featured in my recent presentation at SAS...

Ransomware isn’t just a big city problem

This month, one ransomware story has been making a lot of waves: the attack on Baltimore city networks. This attack has been receiving more press than normal, which could be due to the actions taken or not taken by the city government, as well as rumors about the ransomware infection mechanism...

NIST’s privacy framework lets privacy tell its own story

Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...

Everything you need to know about ATM attacks and fraud: Part 1

Flashback to two years ago. At exactly 12:33 a.m., a solitary ATM somewhere in Taichung City, Taiwan, spewed out 90,000 TWD New Taiwan Dollar—about US$2,900 today—in bank notes. No one was cashing out money from the ATM at the time. In fact, this seemingly odd system glitch was actually a test: T...

Employee education strategies that work to change behavior

When people make the decision to get in shape, they have to commit the time and energy to do so. Going to the gym once isn’t going to cut it. The same is true when it comes to changing the culture of an organization. In order to be effective in changing employee behavior, training needs to be...

A week in security (May 20 – 26)

Last week on Malwarebytes Labs, we took a look at a skimmer pretending to be a payment service provider, gave an overview of what riskware is, took a deep dive into concerns about PACS leaks, and dug around in the land of “These Governments said fix it…hurry up”. Other cybersecurity news Changes...

Medical industry struggles with PACS data leaks

In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms slides, paperwork. When a patient needed to take results of a test to...