We found yet another phone with pre-installed malware via the Lifeline Assistance program

We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile.  This time, an ANS (American Network Solutions) UL40 running Android OS 7.1.1.   After our writing back in January—”United States government-funded phones come pre-installed with...

1d

Mac ThiefQuest malware may not be ransomware after all

Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The ThiefQuest malware, which was discovered last week, may not actually be ransomware according to new findings. The behaviors...

2d

Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer products, providing sometimes convenient, sometimes...

2d

Credit card skimmer targets ASP.NET sites

Update: 2020-07-09 A reader contacted us with information about this series of attacks on .NET sites. There is a known vulnerability (CVE-2017-9248) for Telerik UI for ASP.NET that is being exploited. An attacker can upload .aspx web shells and get remote code execution. This Telerik page offers advice and patches which we strongly recommend...

3d

Do Chromebooks need antivirus protection?

The supervisor handed Jim a Chromebook and said: “Take this home with you and use it to send me updates. We want to minimize the number of visits to the office—anything you can do from home helps keep this place safer. When the pandemic is over, I’d like to have it back in one piece, if possible.” Jim is great at his job, but his reputation...

2w

New Mac ransomware spreading through piracy

Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name is OSX.ThiefQuest. A Twitter user going by the handle @beatsballert messaged me yesterday after learning of an apparently malicious Little Snitch installer available for download on a Russian forum dedicated...

2w

Bluetooth beacons: one free privacy debate with your next order

Apps and their permissions have been in the news recently, particularly in relation to tracking/privacy issues and Bluetooth. Why Bluetooth, though? What is it, and what is it doing to raise concerns in some security quarters? Bluetooth: your cool, then uncool, but mostly cool again cousin Bluetooth has had a slightly odd reputation...

2w

A week in security (June 22 – 28)

Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that was exfiltrating credit cards via image files. ...

2w

The face of tomorrow’s cybercrime: Deepfake ransomware explained

While many countries are beginning to ease up on their respective pandemic lock downs—which, in turn, also means that everyone will soon ease into a life that is not quite post-COVID-19—we find ourselves once more on the cusp of change, an outlook that makes some feel anxious and others hopeful. But for forward-looking security experts, there...

2w

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had described in a previous blog. However, it turned out...

2w