dcsimg

QxSearch hijacker fakes failed installs

Recently, one of the more dominant search hijacker families on our radar has started to display some curious behavior. The family in question is delivered by various Chrome extensions and classified as PUP.Optional.QxSearch because of its description in listings of installed extensions, which tells us that “QxSearch configures your default search settings.” This branch of the search … [Read more...]

How brain-machine interface (BMI) technology could create an Internet of Thoughts

She plugged the extension for car transportation in the brain-machine interface connectors at the right side of her head, and off she went. The traffic was relatively slow, so there was no need to stop working. She answered a few more emails, then unplugged her work extension. Weekend mode could now be initiated. How about we play a game? her AI BrainPal companion, Phoenix, suggested. Or would you … [Read more...]

Capital One breach exposes over 100 million credit card applications

Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card applications from 2005 to early 2019 for consumers and small businesses. According to the bank the … [Read more...]

Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach

A little background: on July 17, 2014, Malaysia Airlines Flight 17 was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed. At that time, there was a revolt of pro-Russian militants against the Ukrainian government. Both the Ukrainian military and the separatists … [Read more...]

Compromising vital infrastructure: problems in education security continue

The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. These limited budgets often result in weak or less-than-adequate protection against cyberthreats. … [Read more...]

Meet Extenbro, a new DNS-changer Trojan protecting adware

Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an elephant to save the mosquito, but the threat actors behind this attack have been known to use … [Read more...]

A week in security (July 1 – 7)

Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators. Other cybersecurity news: A former Chief Information Officer (CIO) of Equifax has been issued a prison sentence for insider trading on the firm’s disastrous data … [Read more...]

Cooperating apps and automatic permissions are setting you up for failure

“Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sites with your Facebook profile might be less indispensable, but nevertheless, it’s a heavily-used … [Read more...]

Adware and PUPs families add push notifications as an attack vector

Some existing families of potentially unwanted programs and adware have added browser push notifications to their weapons arsenal. Offering themselves up as browser extensions on Chrome and Firefox, these threats pose as useful plugins then haggle users with notifications. A family of search hijackers The first I would like to discuss is a large family of Chrome extensions that were already … [Read more...]