Malwarebytes Privacy VPN receives full third-party audit
For the careful VPN customer today, so much depends upon a privacy promise, made, too often, by a company without proof. No-logs policies, modern encryption algorithms, a refusal to store…
Category: MalwareBytes
Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse
The Internet is filled with people who insist on being right. In the past, at least they could be reasonably sure that they were arguing…
WhatsApp on Windows users targeted in new campaign, warns Microsoft
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control.…
Why we’re still not doing April Fools’ Day
People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture,…
Asking AI for personal advice is a bad idea, Stanford study shows
Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught…
Axios supply chain attack chops away at npm trust
Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind…
New macOS security feature will alert users about possible ClickFix attacks
Rumor has it that Apple deployed a new security feature in the fight against ClickFix. The new feature will be available for macOS Tahoe 26.4 and…
A week in security (March 23 – March 29)
Last week on Malwarebytes Labs: Stay safe! We don’t just report on scams—we help detect them Cybersecurity risks should never spread beyond a headline. If…
Criminals are renting virtual phones to bypass bank security
Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions. Cloud phones are virtual Android devices that can fully mimic…
Bogus Avast website fakes virus scan, installs Venom Stealer instead
A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus…
GlassWorm attack installs fake browser extension for surveillance
GlassWorm hides inside developer tools. Once it’s in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While…
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
A previously undocumented macOS infostealer has surfaced during our routine threat hunting. We initially tracked it as NukeChain, but shortly before publication, the malware’s operator…