dcsimg

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use of uploaded images. (Source: CNN)Bucking the current trend for city councils and organizations … [Read more...]

Recipe for success: tech support scammers zero in via paid search

Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top campaigns that is responsible for driving traffic to those Azure-hosted scareware pages. We discovered … [Read more...]

Sextortion emails: They’re probably not watching you

Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim’s presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams are actually fairly old and not all that sophisticated. A user on the Malwarebytes Forums … [Read more...]

Cybercrime tactics & techniques Q2 2018

A generally slow quarter reflects an overall lull in cybercrime, picking up where Q1 left off with cryptominers continuing to dominate, ransomware continuing to evolve through experimentation, and exploits making a small but significant comeback. In nearly every malware category for both business and consumer detections, we saw a decrease in volume, corroborating our general “Dang, it’s been a … [Read more...]

A conversation with America Geeks

Thanks to NeeP for contributing significant research. You can check out NeeP’s YouTube channel here. Malwarebytes has written quite a bit about tech support scammers, typically focusing on new scam techniques as they arise with new threat actor groups. But sometimes our research discovers scammers who persist with the same techniques, the same pitches, and the same IP abuse, no matter how … [Read more...]

Online security tips for Valentine’s Day: how to beat the cheats

Valentine’s Day is upon us once more, and so are lots of dating-friendly security tips. Read on and secure your profile, alongside (one hopes) the love of your life. 1. Not so hot singles in your area Many dating apps have geotagging enabled, regardless of whether you created your profile on a website or through the app itself. Some dating sites base the location you initially enter to serve … [Read more...]