Archive for author: makoadmin

Stalkerware researcher maia arson crimew strikes again. Big time.

We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see.

This time the target company, Tracki, is one selling GPS trackers and doesn’t hesitate to explicitly market itself as a device for spying on a spouse or other family member. Tracki devices are sold by some major telecommunication companies, sometimes under the Tracki brand or sometimes under their own label.

Tracki’s mother company Trackimo—hey we’re not the ones that made that name up—co-owns a subsidiary called watchinU that offers a Nickelodeon-branded smart watch for kids, the NickWatch, which is currently only available in the UK and Israel.

The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a data breach that maia says could possibly affect almost 12 million users.

Researching the technology behind the tracker and the web portal for customers that want to see all their trackers on a map, maia found various hardcoded usernames and passwords used to load data from a number of administration and support tools.

One of the tools, the Trackimo Troubleshooter, was designed for remote debugging of all Tracki and Trackimo devices, by showing the technical support agents practically all the data from any given device by just entering a device identification number.

This “simple internal support tool” required no other authentication than logging in using a password that shared between Tracki and Trackimo employees. All you need to is a device id which follows a standardized format, so it looks like it’s possible with a bit of scripting to grab all the relevant data from each device.

Tracki support receives multiple subpoenas per week from local and federal law enforcement worldwide. Many are for stalking or harassment but also occasionally for other charges, including domestic violence, attempted murder, and murder. In all these cases, the victim was being tracked by using a Tracki device. maia says Trackimo is not only aware of these use cases, but actively assisted customers to set up nonconsensual tracking of individuals via its helpdesk.

Worryingly, agencies and military programs in the US and other governments around the world use Tracki devices, typically for asset, personnel, and vehicle tracking.

Our takeaway from this research is that by deciding to use stalkerware, of almost any kind, you are not the only one who might be able to follow the target. We have shown time and time again that these companies do not invest as much in keeping their records secure as you would expect or hope.

If you’re curious about the companies and people behind them, please read maia’s blog. It contains a lot of juicy details.

Check your digital footprint

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Millennials are in a bind.

According to a new analysis of research released earlier this year by Malwarebytes, Millennials are significantly more likely than every other generation to feel that there is no need to share their online account logins with boyfriends, girlfriends, spouses, or significant others, and that keeping such information private shows trust between partners.

And yet, Millennials still grant their romantic partners the same level of access as Gen Z partners do to their devices, locations, online banking accounts, ride-sharing services, vacation rental platforms, and more, causing a crisis of consent amongst a small number of Millennial partners who agreed: Their sharing is done only under duress.

The new findings—which come from a follow-on investigation into the data compiled in the Malwarebytes report “What’s mine is yours: How couples share an all-access pass to their digital lives”—reveal a unique problem for Millennials who grew up before the internet took hold of public life. Straddled with fading privacy norms, Millennials are not entirely convinced that healthy relationships should involve such high, digital demands.

A stronger sense of privacy

For Millennials, privacy is seemingly sacred.

Ranking higher than any other age group, 67% of Millennials in committed relationships agreed that they “don’t feel the need to share my device logins or passwords with significant others.” The rates of agreement for the same sentiment were significantly lower amongst Gen Z respondents (57%), Gen X respondents (52%), and Baby Boomer respondents (49%).

Relatedly, Millennials also believed that privacy between romantic partners was crucial to a healthy relationship.

When asked about a similar statement, 73% of Millennials agreed that “keeping your personal login information (account or computer passwords, device PINs, etc.) private in a romantic partnership shows trust between partners.” Again, the rates of agreement amongst other age groups were lower, with just 56% of Gen X respondents and 57% of Baby Boomers feeling the same way. Gen Z respondents also reported a lower rate, at 68%.

Alone, these two findings don’t reveal that Millennials are particularly unique, but it is where Millennials split off—from either Gen Z respondents or older Gen X respondents and Baby Boomers—that their online beliefs come into focus.

For example, Millennials, Gen X respondents, and Baby Boomers all reported similar rates of refusing to share their locations with their romantic partners through apps like Apple’s Find My, or through third-party apps like Google Maps. When asked if they currently share their locations these ways with their significant others, 16% of Millennials said “No, and I never would.” They were joined nearly hand-in-hand with Gen X respondents (17%) and Baby Boomer respondents (18%).

But in looking at Gen Z, a separate vision of location privacy emerges—just 10% of Gen Z respondents said they do not, and never would, share their locations with their significant through the use of apps. Gen Z respondents, for their part, were the most likely to agree that “sharing locations with my significant other makes me feel safer” (85%).

Unsatisfied with account sharing and unconvinced about location sharing, Millennials should report lower rates of those exact activities with their own romantic partners.

The strange thing is they don’t.

Similar sharing

Millennials in committed relationships share just as much access to many of their devices and online accounts as Gen Z respondents do—from their computers to their tablets to their messaging apps and their online photo albums.

When asked if their romantic partners have access to specific types of personal accounts, Millennials and Gen Z reported similar rates of sharing for:

• Computer PIN/password (73% of Millennials and 69% of Gen Z)
• Location sharing apps such as Find My/Find My Device (71% of Millennials and 73% of Gen Z)
• Messaging apps such as WhatsApp, Messenger, Viber, WeChat, etc. (55% of Millennials and 52% of Gen Z)
• Food/grocery deliver apps such as Uber Eats, DoorDash, Instacart, etc. (63% of Millennials and 60% of Gen Z)
• Ride-hailing apps such as Uber, Lyft, etc. (57% of Millennials and 58% of Gen Z)
• Vacation rental apps such as Airbnb, Vrbo, etc. (58% of Millennials and 55% of Gen Z)

In fact, though variations between the two generations did appear for certain behaviors, including sharing access to email accounts, social media, and phone passcodes, the difference in reporting was never large enough to be statistically significant. When it comes to sharing actual account and location access, Millennials are far more similar to Gen Z than to Gen X and Baby Boomer respondents.

But the sharing doesn’t come without wrinkles.

More than any other generation, Millennials were more likely to say they shared account access with their romantic partners only because their partners insisted.

For respondents who granted at least some account and app access to their boyfriends, girlfriends, spouses, or partners, 16% of Millennials agreed:

“My partner insists on sharing account access even though I don’t want to.”

That rate was significantly higher than Gen Z (9%), Gen X (4%), and Baby Boomers (1%).

Millennials were also the most likely to agree that, if they had granted some account access to their romantic partners, it was because of threats they received.

At significantly higher rates than Gen X respondents (2%) and Baby Boomers (2%), and at slightly higher rates than Gen Z respondents (9%), 14% of Millennials agreed: “My partner has threatened me over sharing account access (for example, said they would break up with me, harm me physically or emotionally, not talk to me/shut me out, etc.).”

Different dilemma

Millennials in committed relationships are at a crossroads.

As the last generation to be raised without smartphones, their sense of privacy—particularly around location—stands in stark contrast to Gen Z. They are less likely to see the value in sharing online account access with their romantic partners, and more likely to say that, when they do share such access, it is only because their partner insists.

Where the pressure is coming from, exactly, is unclear. It may be from having relationships with Gen Z partners (the reported average age gap between heterosexual couples in America of 2.3 years allows for intergenerational couples in their late 20s for Millennials and Gen Z). It may also be from other Millennials who are becoming influenced by modern dating norms.

Whatever the cause, there is guidance for setting and adhering to the type of online sharing that works for each couple. To learn more about consensual location sharing, avoiding online harassment, and what risks lie ahead for couples that overshare, visit the Modern Love in the Digital Age hub below.

Last week on Malwarebytes Labs:

• Dozens of Google products targeted by scammers via malicious search ads
• Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version
• We’re making it easier for you to protect your identity
• X accused of unlawfully using personal data of 60 million+ users to train its AI
• Malwarebytes awarded Parent Tested Parent Approved Seal of Approval
• Data theft forum admins busted after flashing their cash in a life of luxury
• AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)
• Google Manifest V3 and Malwarebytes Browser Guard

Last week on ThreatDown:

• Ransomware payments on track to smash $1.1 billion record
• Ransomware review: August 2024
• Malwarebytes expands protection to ARM-powered Windows devices with ThreatDown product portfolio
• Update now! August Patch Tuesday covers several zero-days
• Patch now! Microsoft Office flaw could leak NTLM hashes

Stay safe!

In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page.

Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike.

We describe how they were able to achieve this, relying almost exclusively on stolen or free accounts and leveraging Google’s APIs to create rotating malicious URLs for the browser lock.

All malicious activities described in this blog have been reported to Google. Malwarebytes customers were proactively protected against this attack via the Malwarebytes Browser Guard extension.

Malvertising {keyword:google)

The following image is a collage of malicious ads that all came from Google searches each consisting of two keywords: google {product}. They all tie back to the same advertiser, which we believe may be unaware that their account was compromised. In fact, we previously saw that same advertiser in two other unrelated incidents at the end of June 2024 for Brave (malware download) and Tonkeeper (phishing).

While brand impersonation is commonly done via tracking templates, in this instance the fraudsters relied on keyword insertion to do the work for them. This is particularly useful when targeting a single company and its entire portfolio. Notice how all the ads follow the same pattern with a display URL showing lookerstudio.google.com (a Google product also later abused in this scheme).

Shortly after we reported this initial wave of ads, we saw the same scammers (the final URL after clicking on the ad is also going to lookerstudio.google.com) register a new advertiser account. In this case, despite their identity not having been verified yet, their ad still showed up for a standard “google maps” search. This time, the ad’s display URL mirrors the product (maps.google.com):

Fake Google Search page via Looker Studio

Originally intended as a tool to convert data into dashboards, the scammers are misusing Looker Studio to display a dynamically generated image instead. The image is stretched across the screen to give the illusion that you are at the Google home page, ready to make a new search.

Opening Developer Tools in Chrome, we can see that the “Google search page” is indeed just one large image:

What’s interesting is how this image is used as a lure that requires some user interaction to trigger an action. Leveraging the Looker Studio API, the scammers are embedding a hidden hyperlink that will be launched as a new tab when a victims clicks on the image:

Tech support scam

The embedded linkUrl cddssddds434334[.]z13[.]web[.]core[.]windows[.]net redirects to a fake Microsoft or Apple alert page that will attempt to hijack the browser by going in full screen mode and play a recording. These fake alerts are the most common way innocent people fall victims to tech support scams. In such a situation, many people will assume there is something wrong their computer and will follow the instructions they are given on screen.

Calling the phone number for assistance will kickstart a conversation with a call center often located overseas. Fake Microsoft or Apple representatives will persuade victims to buy gift cards or log into their bank account to pay for the ‘repairs’.

The scam URL is part of web[.]core[.]windows[.]net which belongs to Microsoft Azure and is commonly abused by scammers. In this particular instance, the Looker Studio API provides a new malicious URL (rotated at regular intervals) to make any blocking via conventional means futile.

Conclusion

As we saw in this blog, malicious ads can be combined with a number of tricks to evade detection from Google and defenders in general. Dynamic keyword insertion can be abused to target a larger audience related to the same topic, which in this case was Google’s products.

Finally, it’s worth noting that in this particular scheme, all web resources used from start to finish are provided by cloud providers, often free of charge. That means more flexibility for the criminals while increasing difficulty to block.

As we were investigating this campaign, we checked that Malwarebytes customers were protected. Despite the malicious URLs being hosted on Microsoft Azure and rotating regularly, Malwarebytes Browser Guard was already blocking this attack thanks to its heuristics engine.

Indicators of Compromise

Google advertiser accounts

08141293921851408385
Dhruv
06037672575822200833

Looker Studio URLs

lookerstudio[.]google[.]com/embed/reporting/fa7aca93-cabd-47bf-bae3-cb5e299c8884/
lookerstudio[.]google[.]com/embed/reporting/42b6f86d-2a06-4b38-9f94-808a75572bb8/
lookerstudio[.]google[.]com/embed/reporting/fbd88a24-af73-4c76-94dc-5c55345e291d/

Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con.

What does that mean in layman terms?

You: Let me check whether my system is fully updated

Windows: Sure, all’s well

Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago*

With a downgrade attack, the victim may have done all they can to keep their computer and software up to date, but an attacker can force it to revert to an older, vulnerable version and then use a known bug to infect your device.

With this particular attack, the researcher built a tool called “Windows Downdate” that takes over Windows Updates to turn a completely patched Windows system into a system which is exploitable by thousands of vulnerabilities from the past.

Microsoft has now patched the two vulnerabilities in Windows (CVE-2024-38202 and CVE-2024-21302) that the researcher used to create Windows Downdate. To manually check whether you have received this update:

• Click Settings in the Start menu
• Click Windows Update
• Select Update History

You should see this entry (KB5041585 successfully installed) for Windows 11:

If you don’t see this, you can start the update by clicking the Check for updates button from the Windows Update menu, or download the relevant update from the Microsoft Update Catalog.

For Windows 10 systems the method is the same, but the KB number is KB5041580 and the update catalog can be found by following this link.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Things have changed in cybersecurity. 

Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 (up 14% from 2022). 

But as the threats have evolved, so have we, and over the last year we’ve added products that protect your entire digital life. Now we’re making things even easier: We’re embedding our identity solutions into our Malwarebytes dashboard so you can manage everything in one place.  

Our all-new identity module lets you: 

• Scan for your exposed personal data for free 

• Upgrade or manage your identity theft protection (active alerts and insurance) 

Available now for Windows. More platforms on the way. 

Try it yourself: Simply open Malwarebytes, or if you don’t have our app you can download it here. 

In what may come as a surprise to nobody at all, there’s been yet another complaint about using social media data to train Artificial Intelligence (AI).

This time the complaint is against X (formerly Twitter) and Grok, the conversational AI chatbot developed by Elon Musk’s company xAI. Grok is a large language model (LLM) chatbot able to generate text and engage in conversations with users.

Unlike other chatbots, Grok has the ability to access information in real-time through X and to respond to some types of questions that would typically face rejection by other AI systems. Grok is available for X users that have a Premium or Premium+ subscription.

According to European privacy group NYOB (None Of Your Business):

“X began unlawfully using the personal data of more than 60 million users in the EU/EEA to train its AI technologies (like “Grok”) without their consent.”

NOYB decided to follow up on High Court proceedings launched by the Irish Data Protection Commission (DPC) against Twitter International Unlimited Company over concerns about the processing of the personal data of European users of the X platform, as it said it it was unsatisfied with the outcome of those proceedings.

Dublin-based Twitter International Unlimited Company is the data controller in the EU with respect to all personal data on X.

The DPC claimed that by its use of Grok, Twitter International is not complying with its obligations under the GDPR, the EU regulation that sets guidelines for information privacy and data protection.

Despite the implementation of mitigation measures—after the fact–the DPC says that the data of a very significant number of X’s millions of European-based users have been and continue to be processed without the protection of these mitigation measures, which isn’t consistent with rights under GDPR.

But NOYB says the DPC is missing the mark:

“The court documents are not public, but from the oral hearing we understand that the DPC was not questioning the legality of this processing itself. It seems the DPC was concerned with so-called ‘mitigation measures’ and a lack of cooperation by Twitter. The DPC seems to take action around the edges, but shies away from the core problem.”

For this reason, NOYB has now filed GDPR complaints with data protection authorities in nine countries (Austria, Belgium, France, Greece, Ireland, Italy, Netherlands, Poland, and Spain).

All they had to do was ask

The EU’s GDPR provides an easy solution for companies that wish to use personal data for AI development and training: Just ask users for their consent in a clear way. But X just took the data without asking for permission and later created an opt-out option referred to as the mitigation measures.

It wasn’t until two months after the start of the Grok training, that users noticed X had activated a default setting for everyone that gives the company the right to use their data to train Grok. The easiest way to check if you are sharing your data is to visit https://x.com/settings/grok_settings while you are logged in to X. If there is a checkmark, you are sharing your data for the training of Grok. Remove that checkmark and it stops.

In a similar case about the use of personal data for targeted advertising, Meta argued that it has a legitimate interest that overrides users’ fundamental rights. This counts as one of the six possible legal bases to escape GDPR regulations, but the Court of Justice rejected this reasoning.

Many AI system providers have run into problems with GDPR, specifically the regulation that stipulates the “right to be forgotten,” which is something most AI systems are unable to comply with. A good reason not to ingest these data into their AI systems in the first place, I would say.

Likewise, these companies always claim that it’s impossible to answer requests to get a copy of the personal data contained in training data or the sources of such data. They also claim they have an inability to correct inaccurate personal data. All these concerns raise a lot of questions when it comes to the unlimited ingestion of personal data into AI systems.

When the EU adopted the EU Artificial Intelligence Act (“AI Act”) which aims to regulate artificial intelligence (AI) to ensure better conditions for the development and use of this innovative technology, some of these considerations played a role. Article 2(7)) for example calls for the right to privacy and protection of personal data to be guaranteed throughout the entire lifecycle of the AI system.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.

We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. 

The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents and caregivers. 

Malwarebytes Plus, our Premium Security + Privacy VPN bundle, was tested and reviewed by a group of parents, and scored high in areas of ease of installation and use, value for money, and effectiveness.  

Reviewers noted that Malwarebytes Plus not only enhanced their device security, but also provided them with peace of mind, making them feel more confident about their family’s online safety. 

100% of the reviewers said they found it “very easy” to set up Malwarebytes on their device, with 94% saying they would continue using Malwarebytes after the testing period. 

They also praised the user friendliness of the program:

“Malwarebytes Plus is hands down the best antivirus system on the market. You don’t have to be a rocket scientist to run it – it does all the work for you!” 

94% said Malwarebytes was “very easy” to use for protecting their privacy online. One reviewer highlighted the peace of mind it offers: “I think every parent would feel safe about their children’s computer use after installing this software.” 

Sharon Vinderine, Founder and CEO of Parent Tested Parent Approved said:

“The Parent Tested Parent Approved Seal of Approval is much more than an award; it’s the at-a-glance symbol of trust and reliability for millions of families.” 

Protect your—and your family’s—devices by using Malwarebytes.

Two men without a clear source of income landed cyberfraud charges after being so flash with their ill-gotten cash that it gained the attention of the authorities.

In 2022, Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev arrived in Florida and requested asylum, which was granted by the Department of Homeland Security (DHS).  Both provided DHS with the same residence address in Hollywood, Florida.

However, their lavish lifestyle was unusual. For example, Kublitskii opened a Bank of America account with a cash deposit of $50,000 and rented a luxury house, while Khodyrev purchased a 2023 Corvette with approximately $110,000 cash. All while appearing to not have a job.

The investigation indicated that the two men were involved in the activities of the dark web platform WWH Club and related forums Skynetzone, Opencard, and Center-Club.

WWH Club and the other forums are Dark Web marketplaces where cybercriminals buy, sell, and trade login credentials, personal identifying information (PII), malware, fake identification documents, and financial credentials. The forums even provide training for aspiring cybercriminals.

The FBI was able to determine the IP addresses of the WWH Club site’s administrators after obtaining a search warrant for the US-based Cloud company Digital Ocean. Based on the information derived from the logs, the FBI agent concluded:

“In addition to the forum owner and creator, it appears there are several other top administrators who operate the site and receive a portion of the generated revenue. One of those top administrators operates under the usemame “Makein.” The FBI agent provides details which show there is probable cause to believe that Kublitskii and Khodyrev both serve as administrators of WWH and share the Makein username.”

Makein is also the handle of the owner and primary administrator of Skynetzone.

Part of the offered training at WWH was a scheme that recruited and taught users to purchase items with stolen credit card data. An FBI covert online employee registered for an account on WWH and paid approximately $1,000 in bitcoin to attend the WWH training.

While on the forums, the agent saw an post where a user was selling stolen PII of people and businesses in the US. Buyers could choose how many people’s PII they wished to buy and specify the particular US state of residence, gender, age, and the credit score of their desired victims. In exchange for $110, paid in Bitcoin, the WWH seller sent the undercover agent a folder containing 20 files, each of which contained the name, date of birth, Social Security Number (SSN), state of residency, address, credit score, credit report, and account information from LendingTree.com for a US citizen.

The lead FBI agent explained:

“I know, based on my training and experience, that the presence of account information from LendingTree.com suggests that this stolen PII derived from a February 2022 breach of LendingTree that compromised the data of over 200,000 customers.”

The FBI researched domain registrations, exchanged messages, Bitpay transactions, blockchain analysis, and other digital evidence and came to the conclusion that the suspects shared the Makein account and were responsible for the cybercrimes committed by that persona.

Agents obtained records from Google which revealed that messages from and to their accounts often contained stolen PII and credit card information and which tied the account to the suspects.

With probable cause provided, the FBI agent requested the court to authorize the requested criminal complaint charging the suspects with conspiracy for trafficking in unauthorized access devices and possession of 15 or more unauthorized access devices.

Kublitski has been placed under arrest. It is not clear if Khodyrev was arrested as well. The WWH forums are running as usual and the current administrators acknowledge that the suspects were involved, but only as moderators.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

This week on the Lock and Code podcast…

Somewhere out there is a romantic AI chatbot that wants to know everything about you. But in a revealing overlap, other AI tools—which are developed and popularized by far larger companies in technology—could crave the very same thing.

For AI tools of any type, our data is key.

In the nearly two years since OpenAI unveiled ChatGPT to the public, the biggest names in technology have raced to compete. Meta announced Llama. Google revealed Gemini. And Microsoft debuted Copilot.

All these AI features function in similar ways: After having been trained on mountains of text, videos, images, and more, these tools answer users’ questions in immediate and contextually relevant ways. Perhaps that means taking a popular recipe and making it vegetarian friendly. Or maybe that involves developing a workout routine for someone who is recovering from a new knee injury.

Whatever the ask, the more data that an AI tool has already digested, the better it can deliver answers.

Interestingly, romantic AI chatbots operate in almost the same way, as the more information that a user gives about themselves, the more intimate and personal the AI chatbot’s responses can appear.

But where any part of our online world demands more data, questions around privacy arise.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Zoë MacDonald, content creator for Privacy Not Included at Mozilla about romantic AI tools and how users can protect their privacy from ChatGPT and other AI chatbots.

When in doubt, MacDonald said, stick to a simple rule:

“I would suggest that people don’t share their personal information with an AI chatbot.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.