dcsimg

A week in security (August 19 – 25)

Last week on Malwarebytes Labs, we reported on the presence of Magecart on a type of poker software; outlined how the Key Negotiation of Bluetooth (KNOB) attack works; followed the money on a Bitcoin sextortion campaign; looked back at DEF CON 27; and reported on continuing ransomware attacks on several US cities. Other cybersecurity news After turning away two vulnerability reports brought … [Read more...]

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]

Parental monitoring apps: How do they differ from stalkerware?

In late June, Malwarebytes revived its long-running campaign against a vicious type of malware in use today. This malware peers into text messages. It pinpoints victims’ movements across locations. It reveals browsing and search history. Often hidden from users, it removes their expectation of, right to, and real-world privacy. But after we recommitted our staunch opposition to this type of … [Read more...]

A week in security (June 24 – 30)

Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages for Microsoft’s Azure Cloud Services. We also doubled down on our commitment—and significantly … [Read more...]

Helping survivors of domestic abuse: What to do when you find stalkerware

We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes monitoring apps sometimes referred to as stalkerware. This type of software can track unsuspecting … [Read more...]

Mobile stalkerware: a long history of detection

Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back more than five years, Malwarebytes researchers have detected applications and software that monitor … [Read more...]

WhatsApp fix goes live after targeted attack on human rights lawyer

If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install or click on anything—they may not even be aware something malicious has taken place. This attack came … [Read more...]

Sophisticated threats plague ailing healthcare industry

The healthcare industry is no longer circling the drain, but it’s still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highest number of breaches recorded compared to other industries. This is according to … [Read more...]

Say hello to Baldr, a new stealer on the market

By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. One such new stealer, called Baldr, first appeared in January 2019, and our analysis of this malware finds that its authors were serious about making a long-lasting product. Unlike many banking Trojans that wait for the victim to log into their … [Read more...]

A week in security (September 3 – 9)

Last week on Malwarebytes Labs, we looked at spyware going mainstream, how the popular game Fortnite sparks security concerns for Android users, and how certain Mac App Store apps are stealing user data. Other cybersecurity news: Microsoft announced Windows 7 Extended Security Updates in a blog post titled “Helping customers shift to a modern desktop.” (Source: Microsoft) “Five … [Read more...]