In February 2020, the world’s biggest retailer, Amazon, fended off the largest distributed denial of service (DDoS) attack in history. As peak traffic volume hit 2.3 Tbps, e-commerce security experts declared this attack as “a warning we should not ignore.”  DDoS attacks are nothing new. Every day, security teams deal with these malic

Last week, we touched on a 419 scam, modding on games (in general), a much talked about iCloud scam that “may be worse than ransomware”—not to mention a number of threats targeting Apple users—and a Steam scam. Senior security researcher Jérôme Segura had once again unearthed a couple of malvertising campaigns. First, Segura revealed another roun

We’ve seen reports of a dubious URL being served up via mobile advertising over the last day or two. This is certainly the kitchen-sink approach to making a URL look as “legit” as possible: paly(dot)google(dot)com(dot)store(dot)apps(dot)siteadvisor(dot)club/5MBivfkif2mmhxluoImYurMuwz/pl/ The first part is supposed to look like the Play Stor

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and

We thought we’ve seen the last of the iPhone 6-type scams in 2015. Nothing can be further from the truth. Recently, a fake news piece sporting the all-too-familiar design supposedly belonging to the BBC News is making rounds online, spreading the false word that Apple is now reducing their inventory—specifically, by selling scores of iPhone 6S units for £1 a

Have your children lost entire jam sandwiches down the back of the sofa? Is your cat sick of water pistols? Do they download all the things? We can’t do much about the first two, but that last one is most definitely something we can assist you with. Minecraft is absolutely huge where children are concerned, and for many its their first introduction int

Last week, our resident Mac expert Thomas Reed commented on KeRanger, the first ransomware targeting the OSX platform. We also found the “least visually convincing” 419 spam mail to date. In addition, we took apart Cerber, a new Ransomware-as-a-Service (RaaS) that others believe originated from the Russian underground. When it comes to RaaS, affi

Windows AppLocker is a feature that was introduced in Windows 7 and Windows Server 2008 R2 as a means to limit the use of unwanted applications. AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker was designed to replace the Software Restriction Policies feature. It is considered a potentially po

Last week, we touched on a Facebook video spam, a fake Google Docs phishing site, and a technical yet comprehensive (at least to those who know coding) tut on how to deobfuscate malicious VBScript files. When the ransomware variant known as Locky began to make headlines, malware analyst Hasherezade dissected several samples and explained their behaviour in t

Last week, we proudly revealed a number of brand new stuff from Malwarebytes: an enterprise solution, logo, and website. Heck, this blog was even renamed to Malwarebytes Labs. Do check out that post by our CEO Marcin Kleczynski for more details. We also talked about doxing—what it is and why it is illegal—and how one can protect themselves from it; revealed

  It’s time for our weekly roundup of all things Infosec! On the blog, we covered Safer Internet Day and then followed up with a very unsafe Internet, in the form of DMA Locker Ransomware. We took a look at a reasonably rare example of Airbnb phishing, and also explained how you can do your best to steer clear of PUPs. We finished things off with

Definition of Doxing (sometimes written as doxxing): gathering identifiable information about a person or a group of people with the objective to shame, scare, blackmail or bully the target. What is it? The technique as such was already known in the 1990’s when Usenet users researched and posted the real names belonging to online handles that they had an arg

Today is the 12th Safer Internet Day (SID). Is this the first time you’ve heard about SID? No worries. The video below will brief you on what it’s all about, focusing on this year’s theme “Play Your Part for a Better Internet”. More Than an Invitation, It’s a Challenge In 2015, Insafe, the organization behind the SID global campaign, came up with the

It’s Monday, which means we have a roundup! Over the past week on Malwarebytes Unpacked, we’ve moved from a vulnerability disclosure and launch of a bug bounty program to a new form of Ransomware called DMA Locker. Nuclear Exploit Kit returned to cause problems with a large WordPress compromise campaign, and we weighed in on a problematic situati

The popular Google Chrome browser has some of the best security tools baked in with features such as Safebrowsing which protects users from malicious websites. By extension, ChromeOS which powers the affordable Chromebooks is indeed one of the safest systems one can get these days. Even though the surface of attack is smaller than that of a typical Windows P