Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure.

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure.

Here’s what you can expect:

****1\. Unified user experience across platforms** **

The new generation of Malwarebytes now delivers a consistent user experience across all our desktop and mobile platforms. The reimagined user interface is faster, more responsive, and managed through an intuitive dashboard, giving you a streamlined experience wherever you use Malwarebytes. 

**Why?** Sophisticated hacking tactics and various entry points mean you can’t afford to have blind spots in your protection. A seamless experience across all platforms and devices means you don’t have to figure out more than once about what to do next. We’ve also made it easier to find everything, encouraging you to keep your guard up on all your devices. 

****2\. Premium Security and Privacy VPN integration** **

We’ve merged our award-winning Premium Security and ultra fast no-log Privacy VPN into a single dashboard, making it much easier for you to take control of your privacy. With just one click, you can now protect your Wi-Fi or hotspot connections and change your location to visit the site you want at the speed you need. Don’t forget to also use Browser Guard on your desktop to block ad trackers and scam sites from your browser.  

**Why?** We know that the distinction between security and privacy is not clear-cut, and you need both products to work together to minimize your exposure (risk of threats and lack of privacy). Integrating the two makes it much easier to protect both your devices and data (at home and on the go), with an easy set-and-forget experience that doesn’t require adding another program.  You shouldn’t have to guess whether the next attack will compromise your Wi-Fi connection, browser, or files through phishing emails, spyware, or malware. Let the technology do this for you.  

****3\. Trusted Advisor, your security coach**  **

On the Malwarebytes dashboard, Trusted Advisor provides unbiased expert guidance at your fingertips. Your easy-to-understand individual Protection Score enables you to act on any potential security gaps, unlocking the full power of technology.

**Why?** In our recent report, “Everyone’s afraid of the internet, and no one’s sure what to do about it,” we found that only half of the people surveyed felt confident they knew how to stay safe online, and even fewer said they were taking the right measures to protect themselves. Trusted Advisor empowers you with real-time insights, an easy-to-read protection score, and expert guidance that puts you in control of your security and privacy.  We’re by your side guiding you through what to do next to fill your security gaps for each device and platform (Windows, Mac, Android, and iOS).

**Want to try?** You can! With our 14-day free trial.  

Already a customer but not yet seeing it? Log into MyAccount or download the latest build for Windows | Mac | iOS | Android.  

**Software Requirements:** 

*   Windows 7 (or higher) 
*   macOS 11 BigSur (or higher)
*   iOS 16 (or higher) 
*   Android 9 (or higher)

 Say hello to the fifth generation of Malwarebytes 

High profile TikTok accounts have been targeted in a recent attack.

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack.

CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident.

According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack. All they need to do is open a DM. The account is then taken over and the user loses access.

Malwarebytes’ Pieter Arntz explained how this sort of attack could happen:

> “If they don’t need to click on anything, this could well be a vulnerability in the way content is loaded when opening the DM. We’ve seen similar vulnerabilities before in Chromium browser, for example when fabricated images are loaded.”

TikTok says it has now fixed the issue and is working to get the accounts back to their rightful owners. Spokesperson Alex Haurek told Forbes:

> “Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. “

Haurek didn’t say whether the attackers were still targeting accounts.

**Securing your TikTok account**

This attack is eye-catching because it’s technically unusual, and was used against people who naturally attract headlines. However, it’s a flash in the pan and the vulnerability was quickly patched.

Meanwhile, there’s a thriving underground market in social logins fuelled with much more successful, but much more mundane forms of attack. To reduce your risk of those, make sure you do these things:

*   **Use a strong password** to secure your account, and make sure you’ve not used it elsewhere. You can use a password manager to remember your passwords.
*   **Enable two-step verification** on your account. TikTok tells you how to do that here.
*   **Check what devices are logged into your account.** TikTok Device Management allows you to view what devices are logged into your account, remove them if needed, and get notified if there is suspicious activity on your account.
*   **Be careful what you click on**. If you receive a link from someone and you don’t know what it is, don’t click on it. Check via a different communication channel about what the link is. In this case, it appears that someone only had to open a DM in order to get their account taken over so watch out for DMs you’re not expecting.
*   **Don’t feel pressure**. If someone is messaging you asking you to click on or send them something, think before you do it. Putting pressure on someone to perform an action quickly is a common tactic used by scammers. **T****rust your instincts**.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Big name TikTok accounts hijacked after opening DM 

These scammers are persistent and want your billing information to extort money from you.

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them.

A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.-based entities.

**Utility-based ads targeting mobile phones**

It only took us 15 minutes to find about a dozen fraudulent ads on Google related to utility bills. This campaign is targeting mobile devices only, as far as we can tell, and U.S. residents. All the ads seen below belong to different advertisers based in Pakistan.

Some of those advertiser accounts have a fairly large footprint with several hundred ads.

Most often, the ad is not associated with a landing page (although a URL is displayed); instead clicking on the ad will bring up the phone number and prompt you to dial. Having said that, the domains used belong to the scammers and are often fairly new.

We also saw several ads that at first appear somewhat legitimate. They are registered to advertisers based in the US and their websites look almost authentic. But when you start checking the details, you realize some things don’t add up, such as an address that leads to an apartment complex.

**Consumer protection**

The Federal Trade Commission (FTC) has an article about utility scams, however the technique mentioned there is about scammers calling victims, rather than the other way around. For good reason many people won’t answer the phone when it shows an unknown number as it is likely yet another telemarketer. Certainly, there are victims that will answer the phone but the scam is much more effective when you are the one to initiate the call.

We have reported the fraudulent advertiser accounts to Google while we are also adding related domains to our blocklist. Remember to be extremely vigilant before calling anyone, especially if that number came from an advertisement. If in doubt, go directly to your utility company’s website using a computer and then look for a form or phone number that you can verify before dialing.

 Utility scams update 

Financial Business and Consumer Solutions has filed a notification of a data breach which affects over 3 million US citizens.

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631.

FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors. According to the official statement provided by FBCS, the exposed data includes:

*   Full names
*   Social security numbers
*   Birth dates
*   Account information
*   Drivers license or other state ID numbers

In some cases, it also includes medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.

FBCS has sent data breach notifications to those affected, detailing what data was compromised and offering 12 months of free credit monitoring.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Scan for your exposed personal data**

You can check what personal information of yours has been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Debt collection agency FBCS leaks information of 3 million US citizens 

This week on the Lock and Code podcast, we speak with Joseph Cox about the FBI's successful backdoor into the phone startup Anom.

_This week on the Lock and Code podcast…_

This is a story about how the FBI got everything it wanted.

For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal scrutiny. This long-standing debate has sometimes spilled into the public view, as it did in 2016, when the FBI demanded that Apple unlock an iPhone used during a terrorist attack in the California city of San Bernardino. Apple pushed back on the FBI’s request, arguing that the company could only retrieve data from the iPhone in question by writing new software with global consequences for security and privacy.

“The only way to get information—at least currently, the only way we know,” said Apple CEO Tim Cook, “would be to write a piece of software that we view as sort of the equivalent of cancer.”

The standoff held the public’s attention for months, until the FBI relied on a third party to crack into the device.

But just a couple of years later, the FBI had obtained an even bigger backdoor into the communication channels of underground crime networks around the world, and they did it almost entirely off the radar.

It all happened with the help of Anom, a budding company behind an allegedly “secure” phone that promised users a bevvy of secretive technological features, like end-to-end encrypted messaging, remote data wiping, secure storage vaults, and even voice scrambling. But, unbeknownst to Anom’s users, the entire company was a front for law enforcement. On Anom phones, every message, every photo, every piece of incriminating evidence, and every order to kill someone, was collected and delivered, in full view, to the FBI.

Today, on the Lock and Code podcast with host David Ruiz, we speak with 404 Media cofounder and investigative reporter Joseph Cox about the wild, true story of Anom. How did it work, was it “legal,” where did the FBI learn to run a tech startup, and why, amidst decades of debate, are some people ignoring the one real-life example of global forces successfully installing a backdoor into a company?

> The public…and law enforcement, as well, \[have\] had to speculate about what a backdoor in a tech product would actually look like. Well, here’s the answer. This is literally what happens when there is a backdoor, and I find it crazy that not more people are paying attention to it.
> 
> Joseph Cox, author, Dark Wire, and 404 Media cofounder

Tune in today to listen to the full conversation.

Cox’s investigation into Anom, presented in his book titled Dark Wire, publishes June 4.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12 

A scammer tried to seduce us by offering the credentials to an account that held roughly half a million dollars.

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business.

I received one message from a number hailing from the Togolese Republic.

WhatsApp message from an unknow sender

> “Jay, your financial account has been added. Account Csy926. Password \[\*\*\*\*\*\*\*\*\] USDT Balance 1,660,086.50 EUR: 592,030.92 \[domain\] Keep it in a safe place.”

I asked them to send the message in English, pretending not to understand Dutch, but received no reply.

But since it was a rainy day and I’d never seen this type of WhatApp scam before, I decided to investigate.

Sometimes it takes some effort, especially when the domain is blocked for fraud by your favorite security software, but nothing was going to stop me now from looking for my new-found wealth.

Malwarebytes blocked the domain for fraud

To fully understand the message, it’s good to know that USTD stands for Tether, a cryptocurrency referred to as a stablecoin because its value is pegged to a flat currency. In the case of USTD the flat currency is the US dollar. The link makes a stablecoin’s value less volatile than that of other cryptocurrencies, which is attractive for traders that like to switch quickly between cryptocurrencies and flat currencies.

So, I visited the domain which, no surprise there, turned out to be a fake trading platform. I tried the login credentials which were so kindly provided to me.

Welcome to login

Once logged in I checked my wallet and lo and behold, I’m rich! (Or “Jay” is.)

Nice wallet

The wallet belongs to Csy926 who has VIP5 access and contains 1658670.31 USDT or $602,494.07.

I can either recharge, withdraw, or transfer my USDT tokens or transfer the cold hard cash in dollars. Knowing that in this type of scam the victim always has to invest a—relatively–small amount to get the bait, I knew what to expect.

The easiest way would have been if I could transfer the dollars to a bank account, so I tried that first.

Transfer form

Sadly, there were obstacles:

*   Transfers can only be done to other accounts on the platform and the recipient needs to be at least a VIP1 level.
*   Only VIP members can transfer without a key. Assuming Jay is the one with the key, it’s a good thing that the account has a VIP5 status.

So, to be a recipient of a US$ amount, I’ll need a VIP1 level account on the same platform.

Sadly, that’s not me. So I decided to see what I can do with the USDT tokens.

Withdraw form

The form shows a security tip warning users to fill in their withdrawal account accurately, as assets can’t be returned after transferring them out. That sucks for Jay.

But all in all, that looks promising, but again there are some problems.

*   I’ll need a TRC20 wallet. A TRC20 wallet app is an application, accessible on mobile/web or desktop devices, designed specifically for storing, managing, and engaging with TRC20 tokens.
*   Once I filled out the form and clicked on Withdraw, it turned out I needed a key.

Please enter KEY

Looks like it’s time to read the FAQs. Fortunately, this has the answers to all the “right” questions.

What should I do if I forget my KEY?

Long story short. You set the key when you open the account, and it cannot be retrieved. But…..if you have two VIP accounts you can transfer funds from the old account to your new account. And there is no need for a KEY if you have a VIP account. Considering Jay has a VIP5 account there lies an opportunity.

How to activate VIP?

And here comes the catch all of our regular readers saw coming by now, VIP accounts that are able to receive funds cost money. The cheapest—VIP1—requires a deposit of 50 USDT (roughly $50) which is not refundable and can’t be canceled. But with a VIP1 account I can only receive $30 per month and it’s only valid for 2 months. So, that’s not a big help when you are as rich as I am, sorry, Jay is.

VIP1 account is the lowest level and the cheapest

It would take me until the next ice age—4600 years—to transfer the entire amount at that rate, with the off chance that the rightful owner would drain the account or change the password as soon as they noticed the leak.

Any unsuspecting victim that has come this far and is willing to steal from the treasure dropped in their lap, now realizes that before they can enjoy all that money, they first:

1.  Need to open a new account.
2.  Make a deposit to turn it into a VIP account. The amount depends on their greed and impatience because the higher the VIP level, the larger the amount you can transfer in one day and per month.
3.  Transfer the funds from Jay’s account to their own account.
4.  Set up a TRC20 account.
5.  Withdraw the money from the new account to their TRC20 wallet.

We decided not to sponsor the scammers, so this is as far as we were willing to go, but we have a distinct feeling that along the steps we outlined there might be other fees and deposits needed.

**Don’t fall for scammers**

*   Any unsolicited WhatsApp message from an unknown person is suspect. No matter how harmless or friendly it may seem. Most pig butchering scams start with what seems a misdirected message.
*   Don’t follow links that reach you in any unexpected way, and certainly not from an untrusted source.
*   If it’s too good to be true, then it’s very likely not true.
*   Scammers bank on the fact that the more time and money you have invested, the more determined you will become to get to the desired end result.
*   Use a web filtering app to shield you from known malicious websites. Preferably Malwarebytes Premium or Malwarebytes Browser Guard.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 WhatsApp cryptocurrency scam goes for the cash prize 

A list of topics we covered in the week of May 27 to June 2 of 2024

June 1, 2024 - Live Nation has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.

May 31, 2024 - This post will help users find out if their Windows device has been added to the 911 S5 botnet by a malicious VPN application

May 30, 2024 - Scammers and other cybercriminals love to use our name to defraud their victims. Here's what to look out for.

May 30, 2024 - A database has been put up for sale that allegedly contains the data of 560 million Ticketmaster users. But is it real?

May 29, 2024 - This post explains how to disable various location services on Android devices.

 A week in security (May 27 &#8211; June 2) 

Live Nation has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.

In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.

The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, manage, and analyze large volumes of data. Yesterday, May 31st, Snowflake said it had “recently observed and are investigating an increase in cyber threat activity” targeting some of its customers’ accounts. It didn’t mention which customers.

In the SEC filing, Live Nation also said:

> On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.

The user data likely refers to the sales ad for 560 million customers’ data that was posted online earlier this week by a group calling themselves ShinyHunters. The data was advertised for $500,000 and says it includes customer names, addresses, emails, credit card details, order information, and more.

_Post on BreachForums by ShinyHunters_

Bleeping Computer says it spoke to ShinyHunters who said they already had interested buyers, and believed one of the buyers that approached them was Ticketmaster itself.

Ticketmaster says it has begun notifying its users of the breach. We are likely to hear more in the coming days, and will update you as we do.

For now, Ticketmaster users should keep an eye on their credit and bank accounts for an unauthorized transactions and follow our general data breach tips below.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Scan for your exposed personal data**

While the Ticketmaster data is yet to be published in full, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

 Ticketmaster confirms customer data breach 

This post will help users find out if their Windows device has been added to the 911 S5 botnet by a malicious VPN application

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a billions of dollars across a decade, came from committing pandemic and unemployment fraud, and by selling access to child exploitation materials.

The botnet operator generated millions of dollars by offering cybercriminals access to these infected IP addresses. As part of this operation, a Chinese national, YunHe Wang, was arrested. Wang is reportedly the proprietor of the popular service.

Of the infected Windows devices, 613,841 IP addresses were located in the United States. The DOJ also called the botnet a residential proxy service. Residential proxy networks allow someone in control to rent out a residential IP address which then can be used as a relay for their internet communications. This allows them to hide their true location behind the residential proxy. Cybercriminals used this service to engage in cyberattacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.

To set up this botnet, Wang and his associates provided users with free, illegitimate VPN applications that were created to connect to the 911 S5 service. Unaware of the proxy backdoor, once users downloaded and installed these VPN applications, they unknowingly became part of the 911 S5 botnet.

Sometimes the VPN applications were bundled with games and other software and installed without user consent.

For this reason, the FBI has published a public service announcement (PSA) to help users find out if they have been affected by this botnet.

Users can start by going over this list of malicious VPN applications associated with the 911 S5 botnet:

*   MaskVPN
*   DewVPN
*   PaladinVPN
*   ProxyGate
*   ShieldVPN
*   ShineVPN

If you have one of these VPN applications installed, sometimes you can find an uninstaller located under the Start menu option of the VPN application. If present, you can use that uninstall option.

If the application doesn’t present you with an uninstall option, then follow the steps below to attempt to uninstall the application:

*   Click on the Start menu (Windows button) and type “Add or remove programs” to bring up the “Add and Remove Programs” menu.
*   Search for the name of the malicious VPN application.
*   Once you find the application in the list, click on the application name, and select the “Uninstall” option.

Once you have uninstalled the application, you will want to make sure it’s no longer active. To do that, open the Windows Task manager. Press Control+Alt+Delete on the keyboard and select the “Task Manager” option or right-click on the Start menu (Windows button) and select the “Task Manager” option.

In Task Manager look under the “Process” tab for the following processes:

*   MaskVPN (mask\_svc.exe)
*   DewVPN (dew\_svc.exe)
*   PaladinVPN (pldsvc.exe)
*   ProxyGate (proxygate.exe, cloud.exe)
*   ShieldVPN (shieldsvc.exe)
*   ShineVPN (shsvc.exe)

_Example by FBI showing processes associated with ShieldVPN in Task Manager_

If found, select the service related to one of the identified malicious software applications running in the process tab and select the option “End task” to attempt to stop the process from running.

Or, download Malwarebytes Premium (there is a free trial) and run a scan.

Whether you’re using the free or paid version of the app, you can manually run a scan to check for threats on your device. 

1.  Open the app.
2.  On the main dashboard, click the **Scan** button.
3.  A progress page appears while the scan runs.
4.  After the scan finishes, it displays the Threat scan summary.
    *   **If the scan detected no threats:** Click **Done**.
    *   **If the scan detected threats on your device:** Review the threats found on your computer. From here, you can manually quarantine threats by selecting a detection and clicking **Quarantine**.
5.  Click **View Report** or **View Scan Report** to see a history of prior scans. After viewing the threat report, close the scanner window.

If neither of these options, including the Malwarebytes scan, resolve the problem, the FBI has more elaborate instructions. You can also contact the Malwarebytes Support team to assist you.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 How to tell if a VPN app added your Windows device to a botnet 

Scammers and other cybercriminals love to use our name to defraud their victims. Here's what to look out for.

Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand.

Image courtesy of Trellix

The download from the fake website was an information stealer with a filename that resembled that of the actual Malwarebytes installer.

Besides some common system information, this stealer goes after:

*   Account tokens
*   Steam tokens
*   Saved card details
*   System profiles
*   Telegram logins
*   List of running process names
*   Installed browser lists and their version
*   Credentials from the browser “User Data” folder, Local DB an autofill
*   Cookies from the browser
*   List of folders on the C drive

This is just one scam, but there are always others using our name to target people. We regularly see tech support scammers pretending to be Malwarebytes to defraud their victims.

Some scammers sell—sometimes illegal—copies of Malwarebytes for prices that are boldly exaggerated.

Others will try and phish you by sending you a confirmation mail of your subscription to Malwarebytes.

And sometimes when you search for Malwarebytes you will find imposters in between legitimate re-sellers. Some even use our logo.

In this case, Google warned us that there was danger up ahead.

The site itself was not as convincing as the advert, and some poking around in the source code told us the website was likely built by a Russian speaking individual.

**How to avoid brand scams**

It’s easy to see how people can fall for fake brand notices. Here are some things that can help you avoid scams that use our name:

*   Download software directly from our sites if you are not sure of the legitimacy of the ones offered to you.
*   Check that any emails that appear to come from Malwarebytes are sent from a malwarebytes.com address.
*   If you have any questions or doubts as to the legitimacy of something, you can contact our Support team.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Source

Malwarebytes