dcsimg

Malwarebytes’ 2019 security predictions

Every year, we at Malwarebytes Labs like to stare into our crystal ball and foretell the future of malware. Okay, maybe we don’t have a crystal ball, but we do have years and years of experience in observing trends and sensing shifts in patterns. When it comes to security, though, we can only know so much. For example, we guarantee there’ll be some kind of development that we had zero … [Read more...]

A week in security (November 19 – 25)

Last week on Malwarebytes Labs, we took a look at a devastating business email compromise attack, web skimming antics, and the fresh perils of Deepfakes. We also checked out some Chrome bug issues, and took the deepest of deep dives into DNA testing. Other cybersecurity news Adobe Flash bug—get patching! (Source: Adobe) Accidental Tesla forum access granted (Source: Dan’s Deals) JavaScript … [Read more...]

What’s new in TrickBot? Deobfuscating elements

Trojan.TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. From the beginning, it was a well organized modular malware, written by developers with mature skills. It is often called a banker, however its modular structure allows to freely add new functionalities without modifying the core bot. In fact, the functionality of a banker … [Read more...]

A week in security (October 22 – 28)

Last week on Malwarebytes Labs, we took a look at some new Mac malware,  gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and elections are vulnerable to attack. Other cybersecurity news More problems for British Airways (Source: … [Read more...]

Scammers use old browser trick to create fake virus download

Tech support scammers are reusing an old technique in their existing browser locker (browlock) schemes to force a special kind of file download. Contrary to past attacks, where the purpose was to flood the machine with a large amount of file requests in order to crash the browser, this one is purely a social engineering ploy. Indeed, the flooding technique that abuses … [Read more...]

Mac malware intercepts encrypted web traffic for ad injection

Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let’s take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see how it’s installed, its behavior, and the implications of this kind of … [Read more...]

A week in security (October 8 – 14)

Last week, we warned you away from some dubious Doctor Who streams, explained how Endpoint Detection and Response may not be enough, and explored what happens during a confusing supply chain story. We also showed you how to keep up with security, explained the risks of fake browser updates, and explored the unpleasant world of workplace violence. Other cybersecurity news: Google Plus suffers a … [Read more...]

Fortnite gamers targeted by data theft malware

The new season of the incredibly popular video game Fortnite is upon us, and so too are the scams. It’s no surprise that con artists would jump on this bandwagon, eager to peddle their fakeouts. Only this time, scammers had something a little more dangerous in mind than your typical low-level surveys and downloads that never actually materialize. Among all the gluttony of scams there hid a … [Read more...]

A week in security (September 17 – 23)

Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by MageCart (Source: Volexity) UKGOV tackled the talent gap (Source: The Register) Maximum fine touted for … [Read more...]

Emotet on the rise with heavy spam campaign

The threat landscape is changing once again, now that the ocean of cryptocurrency miners has shrunk to a small lake. Over the last couple months, we’ve seen cybercriminals lean back on tried and true methods of financial theft and extortion, with the rise of a familiar Banking Trojan: Emotet. However, over the last few days, we’ve noticed a large increase in malicious spam spreading … [Read more...]