A database has been put up for sale that allegedly contains the data of 560 million Ticketmaster users. But is it real?

Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users.

The data was offered for sale on one forum under the name “Shiny Hunters”. ShinyHunters is the online handle for a group of notorious cybercriminals associated with numerous data breaches, including the recent AT&T breach.

_Post on BreachForums by ShinyHunters_

The post says:

> “Live Nation / Ticketmaster
> 
> Data includes
> 
> 560 million customer full details (name, address, email, phone)
> 
> Ticket sales, event information, order details
> 
> CC detail – customer last 4 of card, expiration date
> 
> Customer fraud details
> 
> Much more
> 
> Price is $500k USD. One time sale.”

The same data set was offered for sale in an almost identical post on another forum by someone using the handle SpidermanData. This could be the same person or a member of the ShinyHunters group.

According to news outlet ABC, the Australian Department of Home Affairs said it is aware of a cyber incident impacting Ticketmaster customers and is “working with Ticketmaster to understand the incident.”

Some researchers expressed their doubts about the validity of the data set:

> 🚨🚨Thoughts on the alleged Ticketmaster Data Breach 🚨🚨
> 
> TLDR: Alert not Alarmed
> 
> The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.
> 
> The claim has possibly been over-stated to boost… pic.twitter.com/WJsFkBfQbw
> 
> — CyberKnow (@Cyberknow20) May 29, 2024

While others judged it looks legitimate based on conversations with involved individuals, and studying samples of the data set:

> Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
> 
> Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…
> 
> — vx-underground (@vxunderground) May 30, 2024

Whether or not the data is real remains to be seen. However, there’s no doubt that scammers will use this opportunity to make a quick profit.

Ticketmaster users will need to be on their guard. Read our tips below for some helpful advice on what to do in the event of a data breach.

You can also check what personal information of yours has already been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

All parties involved have refrained from any further comments. We’ll keep you posted.

**Protecting yourself from a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 The Ticketmaster &#8220;breach&#8221;—what you need to know 

Making sure that your iPhone can't be tracked is virtually impossible once someone has access to your Apple account

On iOS and iPadOS, location services are typically turned on when you first set up your device. However, there may be reasons why you don’t want your device to be located, perhaps because you don’t want to be found but need to keep the device with you.

There are a few options to hide your location from prying eyes.

_Please note: I will only mention iOS from here on, but the instructions are almost the same for iPadOS._

**Turn off location services by app**

Some apps will not work properly without location services, but it’s certainly worth checking which ones are actually using them.

*   Go to **Settings** > **Privacy & Security** > **Location Services**.
*   If **Location Services** is on, you will see a list of apps with permissions.

*   Scroll down to select an app.
*   Now you can tap the app and select an option of **Never**, **Ask Next Time Or When I Share**, **While Using the App**, or **Always**.
*   From here, apps should provide an explanation of how they will use your location information. Some apps might offer only two options.

**Turn location services off entirely**

You can turn Location Services on or off at **Settings** > **Privacy & Security** > **Location Services**. Move the slider control to the left to turn Location Services off.

Note that turning Location Services of will also disable the Find My feature for the device.

**Turn off Find My iPhone**

Find My iPhone allows a user to track their devices. It allows you to locate the device from another device, make it play a sound if you are close, and even remotely erase your device if you suspect it has fallen in the wrong hands.

To disable Find My iPhone:

*   Go to **Settings**
*   Select your account name.
*   Choose **Find My**
*   Turn the feature off. You will need to enter your iCloud password.

An iPhone can still be tracked in some cases, even if it is in Airplane Mode. The only way tracking is not possible is to turn the iPhone off completely.  And even then, since iOS 15, iPhone models 11 and up will transmit their location even when powered off if the **Find My Network** is enabled in your settings.

To turn off **Find My network:**

*   Go to **Settings**
*   Select your account name.
*   Choose **Find My**
*   Turn **Find My network** off.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 How to turn off location tracking on iOS and iPadOS 

This post explains how to disable various location services on Android devices.

Android devices come with location services. Some apps need access to location services to function properly. However, there may be reasons why you don’t want your device to be located, often because you don’t want to be found and the device is always with you.

Depending on who you are trying to hide your location from, there are several levels of hiding your location.

_Disclaimer: the exact instructions for your make and model of Android device may look a bit different._

**Turn off location for particular apps**

There are apps active on most Android devices that could give away the location of the device. To check which apps have access to your device’s location:

*   Swipe down from the top of the screen.
*   Find the Location icon 
*   Touch and hold Location.
*   Tap App location permissions.
*   Under **Allowed all the time**, **Allowed only while in use**, and **Not allowed**, find the apps that can use your device’s location.
*   To change the app’s permissions, tap it. Then, choose the location access for the app.
*   If you see any apps that you don’t recognize, be sure to turn the permission off.

**Turn off location entirely**

Alternatively, you can turn Location off entirely:

*   Swipe down from the top of the screen.
*   Find the location icon 
*   If it’s highlighted, tap it to turn it off.
*   You’ll see a warning that some apps may not function properly. Confirm by tapping **Close**.

**Turn off Find My Device**

Find My Device is a service which makes your device’s most recent location available to the first account activated on the device. Find My Device is included with most Android phones, and it’s automatically turned on once you add a Google account to your device.

How to turn off **Find My Device:**

*   Open **Settings**.
*   Tap (**Biometrics &**) **Security**.
*   Tap **Find My Device**, then tap the switch to turn it off.

Turning off Find My Device may backfire if you ever truly need to find your device because you lost it. But if someone may have the login credentials for the Google account associated with the phone, you may want to turn it off.

The last resort is to turn your phone off.

Even in airplane mode, GPS on your phone is still working. As long as a phone isn’t turned off, it’s possible to track the location because the device sends signals to nearby cell towers. Even when it’s turned off, the service provider or internet provider can show the last location once it’s switched back on.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 How to turn off location tracking on Android 

The notorious BreachForums seem to have returned, but the question is: who's pulling the strings?

Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago.

At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once again or set up as a lure by law enforcement to entrap more data dealers and cybercriminals.

The administrator of the new forum posts under the handle ShinyHunters, which is a name associated with the AT&T breach and others, and believed to be the main administrator of the previous BreachForums.

Yesterday, ShinyHunters posted a new dataset for sale that allegedly stems from Live Nation/Ticketmaster.

_Post by ShinyHunters to sell the Live Nation Ticketmaster data set_

> “Live Nation / Ticketmaster
> 
> Data includes
> 
> 560 million customer full details (name, address, email, phone)
> 
> Ticket sales, event information, order details
> 
> CC detail – customer last 4 of card, expiration date
> 
> Customer fraud details
> 
> Much more
> 
> Price is $500k USD. One time sale.”

But, an avatar and a handle are easily copied, and there are a few things that raised our spidey-senses that something is up.

First, the data set was offered for sale on another dark web forum by a user going by SpidermanData with the exact same text.

_SpidermanData offering the same data set on another forum_

Second, this data set seems way too big for its nature. Live Nation and Ticketmaster are big enough to be considered a monopolist, but 560 million users seems like a stretch.

After looking at the shared evidence, security researcher CyberKnow tweeted:

> “While there is some new data in the shared evidence there is also old customer information, making it possibly this is a series of data jammed together.”

Third, a new feature is that visitors need to register before they can see any content. Why would the administrators change that?

And, last but not least, would the FBI let the cybercriminals regain control over the domains that easily? That would be quite embarrassing.

So, we dare conclude that this dataset’s goal is to generate some attention and act as a lure to let old forum users know that BreachForums is alive and kicking. But who is running the show, is the question that we hope to answer soon.

Stay tuned for updates on this developing story.

**Protecting yourself from a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Check if your data has been breached**

Our Digital Footprint portal allows you to quickly and easily check if your personal information has been exposed online. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? 

Stalkerware app pcTattleWare had its websites defaced and databases leaked after researchers found several security flaws.

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device.

What goes around comes around, you might say. As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security .

In 2021, we reported that “employee and child-monitoring” software vendor pcTattleTale hadn’t been very careful about securing the screenshots it sneakily took from its victims’ phones. A security researcher found an issue while using a trial version of pcTattleTale, noticing that the company uploaded the screenshots to an unsecured online database (meaning anyone could view the screenshots as they weren’t protected by any form of authentication—such as a user name and password).

Last week another security researcher, Eric Daigle, found the company appears to have learned nothing from its previous security issue. Daigle found that pcTattleTale’s Application Programming Interface (API) allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed. Despite repeated warnings from Daigle and others, no improvements were made.

Then, yet another researcher found yet another bug in pcTattletale which allowed them to gain full access to the backend infrastructure. This allowed them to deface the website and steal the AWS credentials which turned out to be the same for all devices. Amazon has now locked pcTattletale’s entire AWS infrastructure.

After a quick sweep, stalkerware researcher, Maia Crimew stated:

> “pcTattletale currently holds over 17 terabytes of victim device screenshots (upwards of 300 million of them from over 10 thousand devices), with some of them dating back to 2018.”

According to 2023 research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse’s or significant other’s text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.

Given the low security of the apps available to home users, this is extremely concerning. Installing monitoring software is not just a huge invasion of privacy, there is a big chance that it will backfire.

**Removing stalkerware**

Malwarebytes, as one of the founding members of the Coalition Against Stalkerware, makes it a priority to detect and remove stalkerware-type apps from your device. It is good to keep in mind however that by removing the stalkerware-type app you will alert the person spying on you that you know the app is there.

Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes can help you.

1.  Open your Malwarebytes dashboard
2.  Tap **Scan** **now**
3.  It may take a few minutes to scan your device.

 If malware is detected you can act on it in the following ways:

*   **Uninstall**. The threat will be deleted from your device.
*   **Ignore Always**. The file detection will be added to the Allow List, and excluded from future scans. Legitimate files are sometimes detected as malware. We recommend reviewing scan results and adding files to Ignore Always that you know are safe and want to keep.
*   **Ignore Once**: A file has been detected as a threat, but you are not sure whether to add it to your Allow List or delete. This option will ignore the detection this time only. It will be detected as malware on your next scan.

On Windows machines Malwarebytes detects pcTattleTale as PUP.Optional.PCTattletale.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 pcTattleTale spyware leaks database containing victim screenshots, gets website defaced 

A list of topics we covered in the week of May 20 to May 26 of 2024

May 22, 2024 - A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.

May 22, 2024 - Microsoft unveiled an AI search tool on new laptops that will require regular screenshots of all device activity to be recorded and stored.

May 21, 2024 - This post explains how to remove additional users and accounts from your Android device

May 21, 2024 - This post explains how to remove additional users and accounts from your Windows device

May 20, 2024 - This week on Lock and Code, we talk about what people lose when they let AI services make choices for dinners, reservations, and even dating.

 A week in security (May 20 &#8211; May 26) 

Several credit card companies have revealed how they envision using artificial intelligence to "improve" their products.

Many companies are starting to implement Artificial Intelligence (AI) within their services. Whenever there are large amounts of data involved, AI offers a way to turn that pile of data into actionable insights.

And there’s a big chance that our data are somewhere in that pile, whether they can be traced back to us or not. In this blog we’ll look at the different ways in which credit card companies are planning to use AI.

Two of the major credit card companies, MasterCard and Visa, made announcements this month on how they will use AI in the near future.

Mastercard announced the introduction of generative AI for earlier detection of credit card fraud.

Johan Gerber, executive vice president of security and cyber innovation at Mastercard, said:

> “Generative AI is going to allow to figure out where did you perhaps get your credentials compromised, how do we identify how it possibly happened, and how do we very quickly remedy that situation not only for you, but the other customers who don’t know they are compromised yet.”

Generative AI models learn the patterns and structure of their input training data and then generate new data with similar characteristics.

There’s an enormous amount of stolen credit and debit card details available on various marketplaces, some of which aren’t even on the dark web. These details come from many different data breaches, and they can go unnoticed for extended periods of time. Analyzing the data and spotting patterns in the abuse can help the credit card company identify and inform affected customers before the criminals actually use the card.

VISA, on the other hand, said it will use AI to tailor a better shopping experience. This, it says, will allow it to share more information about customers’ preferences based on their shopping history with retailers.

VISA will require consumer consent for sharing the required information. According to VISA CEO Ryan McInerney, consumers will have the option, through their bank app, to revoke access to their information.

And last but not least, American Express Global Business Travel revealed in February that it started an AI initiative to improve efficiency. As one of the early results it reported it has reduced customer call times by about a minute.

All in all, credit card companies are gathering data to predict our behavior. They are not the only ones, for sure, but they do have access to some information that most people are not prone to share freely, our finances.

Sure, less time spent being held up by that slightly less annoying chatbot, or a warning about a compromised credit card before the abuse happens, that sounds great. But an online store guessing what I am likely to purchase isn’t something I’m so keen on—about the same level of spooky as targeted ads.

Does increased efficiency outweigh the cost of handing over our data? What we’d like to see are improved security AND ease of use. Let us know how you feel in the comments below.

 How AI will change your credit card behind the scenes 

A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.

A cybercriminal going by the names of EquationCorp and USDoD has released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data.

_Post by USDoD on a breach forum_

The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more. Dates reportedly range from 2020 to 2024.

The exact source of the database is as yet unknown.

USDoD is a high-profile player in this field, closely associated with “Pompompurin”, the operator of the first iteration of data leak site BreachForums. USDoD is said to have plans to set up a successor to the second iteration of BreachForums which was recently seized by law enforcement. Releasing this database may be USDoD’s way to round up some interested users.

USDoD is also believed to be involved in a breach at TransUnion, the data of which was (partly) dumped in September, 2023.

Needless to say, having the criminal information leaked could have a tremendous impact, not only for the listed individuals but also for the justice system. We’ll keep you updated.

**Protecting yourself from a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out how much of your own data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll give you a free report, along with tips on what to do next.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Criminal record database of millions of Americans dumped online 

Microsoft unveiled an AI search tool on new laptops that will require regular screenshots of all device activity to be recorded and stored.

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference.

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

This is “Recall,” a much-advertised feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023. With Recall on the new Copilot+ PCs, users no longer need to manage and remember their own browsing and chat activity. Instead, by regularly taking and storing screenshots of a user’s activity, the Copilot+ PCs can comb through that visual data to deliver answers to natural language questions, such as “Find the site with the white sneakers,” and “blue pantsuit with a sequin lace from abuelita.”

As any regularly updated repository of device activity poses an enormous security threat—imagine hackers getting access to a Recall database and looking for, say, Social Security Numbers, bank account info, and addresses—Microsoft has said that all Recall screenshots are encrypted and stored locally on a device.

But, in terms of security, that’s about all users will get, as Recall will not detect and obscure passwords, shy away from recording pornographic material, or turn a blind eye to sensitive information.

According to Microsoft:

> “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

The consequences of such a system could be enormous.

With Recall, a CEO’s personal laptop could become an even more enticing target for hackers equipped with infostealers, a journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents with malware, and entire identities could be abused and impersonated by a separate device user.

In fact, Recall seems to only work best in a one-device-per-person world. Though Microsoft explained that its Copilot+ PCs will only record Recall snapshots to specific device _accounts_, plenty of people share devices _and_ accounts. For the domestic abuse survivor who is forced to share an account with their abuser, for the victim of theft who—like many people—used a weak device passcode that can easily be cracked, and for the teenager who questions their identity on the family computer, Recall could be more of a burden than a benefit.

For Malwarebytes General Manager of Consumer Business Unit Mark Beare, Recall raises yet another issue:

> “I worry that we are heading to a social media 2.0 like world.”

When users first raced to upload massive quantities of sensitive, personal data onto social media platforms more than 10 years ago, they couldn’t predict how that data would be scrutinized in the future, or how it would be scoured and weaponized by cybercriminals, Beare said.

“With AI there will be a strong pull to put your full self into a model (so it knows you),” Beare said. “I don’t think it’s easy to understand all the negative aspects of what can happen from doing that and how bad actors can benefit.”

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Microsoft AI &#8220;Recall&#8221; feature records everything, secures far less 

This post explains how to remove additional users and accounts from your Android device

Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user.

For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your device.

The steps may be slightly different depending on your Android version, device type, and vendor, but most users should be able to follow these steps.

For the primary user:

*   Open **Settings**
*   Tap **System** > **Multiple users**.

_If you can’t find this setting, try searching your Settings app for users._

*   Tap the name of the user you want to remove.
*   Tap **Delete user** > **Delete**. If successful, the user will be removed from the list.
*   If you want to stay the only user, you can turn the **Multiple users** feature off.

If you’re not the primary user (you can’t delete the primary user):

*   Under **Multiple Users** tap **More** (three stacked dots).
*   Tap **Delete _\[username\]_ from this device**. Important: You can’t undo this.
*   The device will switch to the owner’s profile.

Note: Android devices allow two types of additional users:

*   **Secondary user:** This is any user added to the device other than the system user. Secondary users can be removed (either by themselves or by an admin user) and cannot impact other users on a device. These users can run in the background and continue to have network connectivity.
*   **Guest user:** Temporary secondary user. Guest users have an explicit option to quickly delete the guest user when its usefulness is over. There can be only one guest user at a time.

Another privacy issue can be caused by having additional accounts on the device. Accounts are contained within a user but are not linked to a particular user. The tracking issue I discussed was caused by adding one of my Google accounts to my wife’s phone.

To remove unwanted accounts:

*   Under **Settings**_,_ tap on **Accounts and Backups**
*   Then tap on **Manage Accounts**
*   Select the account you want to remove and you will see the option to do that.

If you’re having trouble finding any of these settings on your specific Android device, reach out through the comments and when we can, we’ll add as many specific instructions as possible to the post.

Source

Malwarebytes