RSS Reader for Computer Security Articles
Credit to Author: Pieter Arntz| Date: Wed, 29 Jun 2022 10:38:18 +0000
Malwarebytes found a family of forced Chrome extensions that can’t be removed because of a policy change that tells users “Your browser is managed”.
The post Forced Chrome extensions get removed, keep reappearing appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Mark Stockley| Date: Thu, 09 Jun 2022 14:18:13 +0000
A review of what’s changed in malware in 2022, and what hasn’t, based on Adam Kujawa’s talk at RSAC 2022.
The post ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Pieter Arntz| Date: Mon, 11 Apr 2022 14:14:23 +0000
Spyware.FFDroider is an information stealer that exfiltrates browser data in an attempt to steal credentials and valid session cookies.
The post Credential-stealing malware disguises itself as Telegram, targets social media users appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Threat Intelligence Team| Date: Mon, 16 Mar 2020 15:00:00 +0000
 | |
| We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data. Categories: Tags: APTAPT36coronaviruscoronavirus malwarecovid-19credential stealercrimson ratexploitexploitsinfo-stealermacromalicious macromalwarenation-state attackratremote administration toolSocial Engineeringspear phishingspear phishing attacktransparent tribe |
The post APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Jérôme Segura| Date: Tue, 10 Mar 2020 15:46:13 +0000
 | |
| URLs can be deceiving, but the one used to mimic CloudFlare’s Rocket Loader in the latest Magecart attack takes it to a whole new level. Categories: Tags: HTTPSJavaScriptMagecartskimmerskimming |
The post Rocket Loader skimmer impersonates CloudFlare library in clever scheme appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Threat Intelligence Team| Date: Fri, 28 Feb 2020 17:54:18 +0000
 | |
| We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit. Categories: Tags: buren ransomwareDomendomen toolkitintelrapid cryptominerJavaScriptmalicious websitesmalvertisingmalvertising campaignssmoke loaderSocial EngineeringtoolkitVidarvidar stealer |
The post Domen toolkit gets back to work with new malvertising campaign appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Jérôme Segura| Date: Wed, 26 Feb 2020 17:03:11 +0000
 | |
| Criminals set up fraudulent infrastructure that looks like a typical content delivery network—except it isn’t. Behind it hides a credit card skimmer injected into Magento online stores. Categories: Tags: cdncontent delivery networkcredit card datadata exfiltrationMagecartmagentongrokproxy serversecure tunnelsskimmerstunnelingweb skimmerweb skimmers |
The post Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Jérôme Segura| Date: Wed, 22 Jan 2020 16:00:00 +0000
 | |
| We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight. Categories: Tags: 404Browlock404errorbrowlockbrowlocksBrowser guardbrowser lockerchromeEdgefirefoxmalvertisingmalvertising campaignsmicrosoftscamsSocial Engineeringsteganographytech supporttech support scamsTSSWOOF |
The post WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation appeared first on Malwarebytes Labs.
Read More