Malwarebytes
Malwarebytes business and news from across the web.- Grand Theft Auto 6 'VIP early access' scam sites are already popping up, Malwarebytes warnsCybersecurity firm Malwarebytes is warning consumers about scam websites falsely offering early access to Grand Theft Auto 6 for hundreds of dollars, payable in cryptocurrency. These fraudulent sites exploit the immense hype surrounding the game's release, which is scheduled for November 19 on PlayStation 5 and Xbox Series X/S, with no PC release date announced. Malwarebytes advises caution, especially when payments are requested in cryptocurrency, as such transactions are irreversible.
- Fake Windows Support website offers 'cumulative update' for version 24H2 but delivers password-stealing malware that can avoid anti-virus detectionA sophisticated phishing scam is distributing password-stealing malware disguised as a 'cumulative update' for Windows Update version 24H2. The fake update, offered through a fraudulent Microsoft support website, can evade antivirus detection due to its obfuscated JavaScript within an Electron shell. Cybersecurity firm Malwarebytes has updated its antivirus to detect this threat and advises users to be wary of unofficial download sources.
- Morning Safety DanceHackers are reportedly distributing the leaked Claude AI code, bundling it with malware. This development follows Malwarebytes' confirmation of its no-logs VPN policy.
- Web-code library with millions of weekly downloads poisoned by malicious release: 'This is unironically a malware…The popular JavaScript library Axios was targeted in a sophisticated supply chain attack, with malicious versions distributing a remote access trojan. Attackers, identified as a North Korea-nexus threat actor, pre-built payloads and poisoned release branches, with malware calling home within seconds of installation. While malicious versions were quickly removed, cybersecurity firms warn of potential compromise and recommend thorough security assessments.
- Morning Safety DanceMalwarebytes has released version 6.29.0.0 of its Windows Firewall Control software. The update was noted by Ant.
- Malwarebytes says a fake Google Account security page is distributing 'what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild'Cybersecurity firm Malwarebytes has identified a sophisticated phishing campaign using a fake Google Account security page to distribute a highly capable browser-based surveillance toolkit. This malware can infect Windows, macOS, and Android devices, capable of clipboard monitoring, SMS interception, and even acting as a WebSocket relay to bypass network security. The Android version includes a custom keyboard for keystroke logging and notification listening for two-factor authentication codes.