dcsimg

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]

Mobile Menace Monday: SMS phishing attacks target the job market

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.<hidden>.com.   Could it be that our dream job awaits via random text message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters. Don’t quit your … [Read more...]

A week in security (September 17 – 23)

Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by MageCart (Source: Volexity) UKGOV tackled the talent gap (Source: The Register) Maximum fine touted for … [Read more...]

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

A week in security (September 3 – 9)

Last week on Malwarebytes Labs, we looked at spyware going mainstream, how the popular game Fortnite sparks security concerns for Android users, and how certain Mac App Store apps are stealing user data. Other cybersecurity news: Microsoft announced Windows 7 Extended Security Updates in a blog post titled “Helping customers shift to a modern desktop.” (Source: Microsoft) “Five … [Read more...]

Fortnite’s Google Play rebuff sparks security concerns for Android users

There’s been no small outbreak of chaos in mobile land recently, all because of an astonishingly popular game called Fortnite. Here’s the thing: people refer to Android as “open platform,” saying that, in theory, you can do what you want with it. In practice, you buy an Android phone and then you’re locked into apps from the Google Play store. You can switch things … [Read more...]

Mobile Menace Monday: FakeGift is the gift that keeps on frustrating

Last spring, we found yet another piece of riskware on Google Play we call Android/PUP.Riskware.FakeGift. Based on Hindi characters found in the code, we can assume it originates from India. With over 50,000 installs before being removed from Google Play, FakeGift apparently kept on giving—frustration to its users, that is. Click to view slideshow. Gift cash money As the name implies, FakeGift … [Read more...]

New Android P includes several security improvements

According to the Android developer Program Overview, the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months (Q3 2018). The end of the Android P beta program is approaching, with the first release candidate built and released in July. As a security company, we simply can’t help but take a close look at what … [Read more...]

Mobile Menace Monday: Adware MobiDash gets stealthy

The Adware known as MobiDash, detected by Malwarebytes for Android as Android/Adware.MobiDash, is far from a new. However, this ad-displaying nuisance now comes with some additional stealth features. First appearing last spring, these new features are not limited to a single variant of MobiDash. Instead, the correlation among these stealth versions lays within the package name … [Read more...]

Fake Fortnite for Android links found on YouTube

The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android, despite the fact the game has yet to be released on this platform. Swati Khandelwal of The Hacker News highlights … [Read more...]