dcsimg
August 26, 2019

Mobile Menace Monday: Android Trojan raises xHelper

Back in May, we classified what we believed was just another generic Android/Trojan.Dropper, and moved on. We didn’t give this particular mobile malware much thought until months later, when we started noticing it had climbed onto our top 10 list of most detected mobile malware. Henceforth, we feel a piece of mobile malware with such a high number of detections prompts a proper name and … [Read more...]

Filed Under: Android, android malware, Android/Trojan.Dropper.xHelper, mobile malware, mobile menace monday, xHelper
July 15, 2019

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendish Soft Cell attack. Other cybersecurity news The UK government backs facial recognition tech: The … [Read more...]

Filed Under: a week in security, agent smith, amazon, amazon prime, amazon prime day 2019, amazon prime phishing, Android, android malware, facial recognition, google home audio, Mac, Malware, pale moon, phishing, privacy, roundup, targeted spear phishing, trickbot, Week in security, whaling, zoom zero-day
April 12, 2019

Fake Instagram assistance apps found on Google Play are stealing passwords

We all want those Instagram likes and followers. Many apps on Google Play claim they can assist you with that effort. But what if the app that’s supposed to be helping you is also stealing your username and password?  As a matter of fact, that’s exactly what we found in three fake Instagram assistance apps still available on Google Play at the time of this writing. Moreover, these fake … [Read more...]

Filed Under: android malware, cybercrime, FakeInsta, Google Play, Instagram, Mobile
January 28, 2019

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication (2FA), the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users’ choice. We also pushed out the 2019 State of Malware report, which you can readily download here. Other … [Read more...]

Filed Under: 2019 State of Malware report, 2fa, ALPR, android malware, anpr, Ars Technica, Bleeping Computer, crytekk, crytekk ransomware, Dark Reading, fortnight, GDPR, GoDaddy, Help Net Security, KrebsOnSecurity, mitsubishi, modlishka, phishing, recap, Security Week, Security world, TechCrunch, The Wall Street Journal, vishing, voicemail phishing, vulnerability, Week in security, weekly blog roundup, youtube
July 16, 2018

A week in security (July 9 – July 15)

Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day. Other news: Reports revealed that low-end Android devices sold in Egypt, Brazil, South Africa, Myanmar, and other developing markets contain pre-installed … [Read more...]

Filed Under: ad blockers, android malware, crypto mining, data breach, domestic abuse, facebook, ico fraud, mitm, multi-factor authentication, prime day 2018, Security world, Spectre, Threat Intel, Week in security
June 25, 2018

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for the skills shortage in cybersecurity. Other news Security researchers pointed a finger at China for … [Read more...]

Filed Under: android malware, android rat, Android spyware, andy android emulator, cybersecurity skills gap, DNS rebinding, Fake Fortnite, insecure web apps, insecure website, malicious spam, mylobot, netflix phish, rat, recruitment portal flaws, SamSam ransomware, Security world, skills shortage, wanna ransomware, wannacry scam, Week in security, world cup phishing