Tech support scammers GeeksHelp caught again, two years later

Many researchers have noted an increase in tech support scam activity during the past few months. This trend, facilitated by browser lockers, is not surprising considering that other web-based infection methods are not as effective. While people are still receiving cold calls from alleged Microsoft technicians, crooks are mostly relying on other means to get their call centers busy, which they … [Read more...]

Online security tips for Valentine’s Day: how to beat the cheats

Valentine’s Day is upon us once more, and so are lots of dating-friendly security tips. Read on and secure your profile, alongside (one hopes) the love of your life. 1. Not so hot singles in your area Many dating apps have geotagging enabled, regardless of whether you created your profile on a website or through the app itself. Some dating sites base the location you initially enter to serve … [Read more...]

Panic attack: Apple scams apply pressure

We’ve seen a number of Apple-related phishes in circulation over the last few days. While most of them already lead to deactivated phishing sites, we thought it was worth highlighting some of the tricks being used to bait people into handing over payment details at the moment. Fake receipt emails First up, a number of fake “receipt” emails ranging in date from February 2–6. While … [Read more...]

Boomerang spam bombs Malwarebytes forum—not a smart move

Tech support scammers are generally not the best and brightest. As such, they will occasionally post ads for their fake companies in the comment sections here or on the Malwarebytes forums. Last week, however, scammers struggled with configuring their spambots, resulting in spam bombs on the forum lasting roughly 72 hours, with a slow taper down for two more days. Over six days, 246 spam accounts … [Read more...]

Stolen security logos used to falsely endorse PUPs

To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they are about to install is legitimate. Potentially Unwanted Programs (PUPs) are masters in this trade of … [Read more...]

“Who visits your Twitter profile” spam app brings week of chaos

Twitter spam has been around forever, and rogue apps asking for installs in return for a cool feature (to be more accurate, spamming your contacts) is a constant thorn in our Twittery sides. Over the weekend, we observed a new Twitter app doing the rounds and causing a lot of congestion on people’s timelines. What is it? We first noticed this when a number of my contacts using the #FBPE … [Read more...]

Be wary of Mega Millions winner “giveaway” on social media

I don’t do lotteries, but if I did, I’d probably never, ever win in a million years. That’s not a problem faced by 20-year-old Shane Missler, winner of the fourth-largest haul in Mega Millions’ 21 years of handing out large bundles of cash. He’s on record as saying he wants to “do some good” for humanity, but I suspect he may have to do some good in the … [Read more...]

Stripchat bot spells block

Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the user into clicking on something. We used to see a lot of this kind of trick with fake download buttons … [Read more...]

Fake Spectre and Meltdown patch pushes Smoke Loader malware

The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actually is malware. In fact, German authorities recently warned about phishing emails trying to take … [Read more...]

Of princes and perpetrators: Beware of getting ensnared in 419 scams

We’ve mentioned before that 419 scams don’t always originate from Nigeria. It’s a very simple and popular scam that can be attempted by pretty much anyone with a flair for social engineering. Indeed, 419 scams are so associated with the region that many scammers in non-Nigerian countries know they have an additional layer of “It wasn’t me” potentially … [Read more...]