Partnerstroka: Large tech support scam operation features latest browser locker

Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name of legitimate brands, and of course, malicious pop-ups. … [Read more…]

The many faces of omnichannel fraud

antispyware

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential clients, anticipate their needs, and fully tailor their business strategies … [Read more…]

5 safe ways to get back at spammers: a guide to wasting time

antispyware

Everyone hates spam (apart from the people who send it). While many people simply report spam and delete, a few look for ways to get back at the spammers wasting their time. In fact, a common question we’re asked is, “How can we waste their time?” My own opinion on this is a little loaded with … [Read more…]

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company

What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is signed with a digital certificate that belongs to Chinese company LeagSoft, a developer … [Read more…]

A week in security (September 3 – 9)

antispyware

Last week on Malwarebytes Labs, we looked at spyware going mainstream, how the popular game Fortnite sparks security concerns for Android users, and how certain Mac App Store apps are stealing user data. Other cybersecurity news: Microsoft announced Windows 7 Extended Security Updates in a blog post titled “Helping customers shift to a modern desktop.” (Source: Microsoft) “Five … [Read more…]

Assessing the security of a portable router: a look inside its hardware

Network administrators should perform security assessments of hardware that they will provide their users, or particularly paranoid users might want to poke at their devices just to be extra sure. In this blog post, we will demonstrate the techniques used to assess security on a generic portable router purchased online. We have redacted its identifiable … [Read more…]

Mac App Store apps are stealing user data

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not … [Read more…]

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its … [Read more…]

Fortnite’s Google Play rebuff sparks security concerns for Android users

antispyware

There’s been no small outbreak of chaos in mobile land recently, all because of an astonishingly popular game called Fortnite. Here’s the thing: people refer to Android as “open platform,” saying that, in theory, you can do what you want with it. In practice, you buy an Android phone and then you’re locked into apps … [Read more…]

When spyware goes mainstream

antispyware

Stealware. Surveillanceware. Stalkerware. These are terms alternately used to effectively identify a file-based threat that has been around since 1996: spyware. More than two decades later, consumer or commercial spyware has gone mainstream, and the surprising number of software designed, openly marketed, and used for spying on people is proof of that. Forget the government, … [Read more…]