Forced Chrome extensions get removed, keep reappearing

Credit to Author: Pieter Arntz| Date: Wed, 29 Jun 2022 10:38:18 +0000

Malwarebytes found a family of forced Chrome extensions that can’t be removed because of a policy change that tells users “Your browser is managed”.

The post Forced Chrome extensions get removed, keep reappearing appeared first on Malwarebytes Labs.

Read more

Credential-stealing malware disguises itself as Telegram, targets social media users

Credit to Author: Pieter Arntz| Date: Mon, 11 Apr 2022 14:14:23 +0000

Spyware.FFDroider is an information stealer that exfiltrates browser data in an attempt to steal credentials and valid session cookies.

The post Credential-stealing malware disguises itself as Telegram, targets social media users appeared first on Malwarebytes Labs.

Read more

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Credit to Author: Threat Intelligence Team| Date: Mon, 16 Mar 2020 15:00:00 +0000

We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.

Categories:

Tags:

(Read more…)

The post APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT appeared first on Malwarebytes Labs.

Read more

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Credit to Author: Jérôme Segura| Date: Tue, 10 Mar 2020 15:46:13 +0000

URLs can be deceiving, but the one used to mimic CloudFlare’s Rocket Loader in the latest Magecart attack takes it to a whole new level.

Categories:

Tags:

(Read more…)

The post Rocket Loader skimmer impersonates CloudFlare library in clever scheme appeared first on Malwarebytes Labs.

Read more

Domen toolkit gets back to work with new malvertising campaign

Credit to Author: Threat Intelligence Team| Date: Fri, 28 Feb 2020 17:54:18 +0000

We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.

Categories:

Tags:

(Read more…)

The post Domen toolkit gets back to work with new malvertising campaign appeared first on Malwarebytes Labs.

Read more

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Credit to Author: Jérôme Segura| Date: Wed, 26 Feb 2020 17:03:11 +0000

Criminals set up fraudulent infrastructure that looks like a typical content delivery network—except it isn’t. Behind it hides a credit card skimmer injected into Magento online stores.

Categories:

Tags:

(Read more…)

The post Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server appeared first on Malwarebytes Labs.

Read more

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

Credit to Author: Jérôme Segura| Date: Wed, 22 Jan 2020 16:00:00 +0000

We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.

Categories:

Tags:

(Read more…)

The post WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation appeared first on Malwarebytes Labs.

Read more

New evasion techniques found in web skimmers

Credit to Author: Jérôme Segura| Date: Mon, 30 Dec 2019 22:25:06 +0000

As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.

Categories:

Tags:

(Read more…)

The post New evasion techniques found in web skimmers appeared first on Malwarebytes Labs.

Read more

Spelevo exploit kit debuts new social engineering trick

Credit to Author: Jérôme Segura| Date: Wed, 18 Dec 2019 16:00:00 +0000

In order to maximize infection rate, threat actors are now launching the Spelevo exploit kit with a decoy adult site, social engineering users into downloading a malicious video player.

Categories:

Tags:

(Read more…)

The post Spelevo exploit kit debuts new social engineering trick appeared first on Malwarebytes Labs.

Read more