IT NEWS

What your peers said: G2 comparison of top Endpoint Security vendors

Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams.

Enter G2, an industry-leading peer-to-peer review site. Each quarter, G2 releases reports highlighting the products with the highest customer satisfaction and strongest market presence.

In the G2 Spring 2023 Grid Reports, Malwarebytes earned the title of ‘Leader’ in 24 categories, including the #1 spot in Endpoint Protection, the Best ROI for EDR, and #1 for EDR implementation in the mid-market segment.

Let’s take a closer look at how organizations evaluated solutions and what they said about using Malwarebytes.

#1 Endpoint Protection: Highest Rated for Results, Relationship, and More

Malwarebytes Endpoint Protection (EP), the essential foundation of our EDR and MDR offerings, won dozens of awards based on receiving the highest customer satisfaction score across a range of areas, including “Ease of setup,” “Ease of admin,” “Quality of support”, and more.

easset upload file45183 262669 e

Dashboard for Nebula, the cloud-hosted security platform for EP and EDR

For example, Malwarebytes EP won the “Best Results” badge (highest overall Results score) by having the highest combination of estimated ROI, meets requirements, and likelihood to recommend scores. What some of our customers had to say:

“Malwarebytes is easy to install and configure. It integrates with Windows 10 and runs silently in the background. Infection rate of Malware has dropped dramatically. If I run across a machine that has Malware, installing it cleans it up almost 100% of the time.”

Chris S.

“Malwarebytes was able to detect and block a virus that our previous AV was not able to. Wish we had moved to this product sooner.”

Robert S.

“I consider myself faithful to this software because Malwarebytes has taken me out of problems that other antivirus programs have not been able to solve. It is not a very heavy software and can run in the background without even noticing it thanks to the updates.”

Verónica M.

Customers also praised Malwarebytes for its friendly staff and exceptional support, for which we won the “Best Relationship” badge by having the highest combination of “Likely to Recommend” , “Ease of business,” and “Quality of Support” ratings. Here’s what some of our customers had to say:

“The support team started us off on the right track by getting us up and running in no time. Any questions I had before and after setup were answered quickly and thoroughly.”

Gary P.

“Highly recommended, and their support team is the best you can ask for!.”

Rifaat K.

Best ROI for EDR: Rapid Return on Investment

Our EDR solution delivers an impressive return on investment by quickly enhancing your organization’s security posture. Malwarebytes EDR is designed to be both efficient and cost-effective, allowing your team to see the benefits of your investment immediately.

By focusing on ease of use, quick implementation, and powerful security features without requiring an IT security army, Malwarebytes ensures that your organization is maximizing resources and receiving the best ROI in the industry.

Malwarebytes had the best estimated ROI (payback period in months) on the Enterprise Grid® Report for Endpoint Detection & Response (EDR) at just 14 months, compared to Crowdstrike at 22 months.

“The best part about Malwarebytes is the set it and forget it. It has saved us so much time on deployment and remediation that it pays for itself in no time at all.”

Ron M.

“It keeps our working environment much more secure than our previous solution. Much easier to manage in real time. This thing is a money saver and pays for itself.”

Tyson B.

Most Implementable EDR: Seamless Setup and User-Friendly Experience

On the Mid-Market Implementation Index for Endpoint Detection & Response (EDR) Malwarebytes EDR clutched the #1 spot. With a seamless setup process, your team can spend more time focusing on what matters most: protecting your organization from cyber threats. Here’s how we won:

  • Malwarebytes EDR has an Implementation Score of 89%, which is higher than the industry average of 82%.
  • Ease of Setup: Malwarebytes EDR scores 95% in ease of setup, compared to the industry average of 90%.
  • Average User Adoption: Malwarebytes EDR has an average user adoption rate of 91%, surpassing the industry average of 85%.
  • Time to Go Live (Months): The average time it takes for Malwarebytes EDR to become fully operational is just 0.49 months, over 2X shorter than the industry average of 1.41 months.

“If you are purchasing Malwarebytes, then you have made the correct choice. You will quickly see how easy it is to implement, and how great their support is.”

Mauro B.

“Very easy to install and deploy, setup, and configure – for instance – a 5 machine setup would take roughly ~10 mins from start to finish.”

Verified User

“Easy to use and implement, along with great support and support tools at your disposal, along with courses to help you become more familiar with the inner workings.”

Doug C.

easset upload file84552 262669 e

Two options to easily begin deployment with your endpoint users in Nebula

Experience Malwarebytes for Business: Award-winning ROI, user-friendly, and effective threat defense

Malwarebytes provides IT staff with award-winning business solutions, offering unmatched threat protection, a lightning-fast return on investment, and a smooth, speedy implementation.

Try Malwarebytes EDR today and join the ranks of those who have already discovered the amazing results, support, ROI, and more of our exceptional endpoint security solutions.

Upgrade to Enterprise-Grade Protection

easset upload file19709 262669 e

Instagram scam promises money in exchange for your image

We’re seeing a number of complaints on Reddit and elsewhere regarding a scam which flares up every so often. It’s called the “Muse scam”, and targets users of Instagram.

Let’s hear from one of the Reddit posters impacted:

An artist approached me on Instagram asking if they could use one of my photos for their up and coming project at a legitimate art museum. The profile looked good too. Actual photos of the person messaging me and photos of their work in a well laid out time line as well. I told them they could use my photo but they had insisted I needed to be paid in order to show the museum the proof of my consent. And that my payments were through the museum as well. I was a bit uncomfortable but they assured me everything was safe and even showed me screenshots of other people doing this as well. I thought “what could go wrong?”

What could go wrong, indeed.

Then a third party started messaging me after I had given the artist my phone number and full name. The messages were coming from an email. They quickly pressured me into doing a mobile check deposit and that everything was legit. It all happened so fast. I didn’t even have time to fully think it through but I guess that is exactly what they want. I did the deposit.

“Luckily” for this person, the payment amount in this example ($100 for art supplies) is not typical for this scam, and significantly lower than usual. The most common approach involves the scammer sending you a check, often in the region of $2,500. This is supposed to be your “payment”. From this, you’re supposed to take something in the region of $500 and forward this money on to the artist for the cost of materials. From another recent Reddit example:

Someone said that they’ll want some muse for an art thing, and so she send me a check of $2500 to pay me $500 with the remaining $2000 sent to her. Is this a scam?

It is indeed. At this point, if you pay up then you’re $500 down from your own money. You also have a check pending against your account. After a few weeks, with the scammer long gone, the check will eventually bounce and you’ll absorb the cost of the remaining check money from your own finances.

Some of the scammers also include attachments with their messages. Some recipients were convinced they’d received some sort of malware and have, in extreme cases, formatted their device just to be on the safe side.

She sent me an email with an image of a cheque, I stupidly opened the image and 5 seconds later my email closed the image and sent it to my junk folder. I checked windows virus protection and it said threat detected, I tried resolving the treat but the button wasn’t doing anything, so I promptly shut down my computer and unplugged my router.

This scam is all a spin on the much older fake check scam, covered in detail by the FTC. Some of the variations include:

  • Personal assistant scam. Fraudsters make you think a personal assistant job is for the taking, then send you a check to buy gift cards for your “boss”. They get the card codes, you’re left with the remnant of a fake check.
  • Car wraps. Fraudsters offer to cover your car with ads, for a price. Sadly, that price is “You’ve been ripped off”.
  • Overpayments. If you sell items online, people will occasionally send you too much as if by accident. If they do this by check, beware: it may well be a scam.

Avoiding the fake muse scam

  • Beware of uncommon art practices. It’s tough out there for an artist. Nobody is going to randomly approach you with the promise of free money and work for the cost of materials alone.
  • Avoid checks. The moment someone offers to send you money by check and have you forward some of that cash somewhere else, it’s high alert time. If you see people warning about this type of attack online, they usually reference somewhere in the region of $2,000 to $2,500 as the scammer sweet spot. While the actual amount referenced could be anything, this does serve as a useful first glance indicator.
  • Fix the damage. Call whichever wire transfer company was used to send the money and lodge a complaint. You may be able to get the money back so it’s worth asking, although very unlikely. Do the same for money orders. Contact your bank and let them know what’s happened.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Malware authors join forces and target organisations with Domino Backdoor

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members.

Domino has been seen in attacks since at least February 2023 according to researchers at IBM Security Intelligence. Domino is being used to further the spread of backdoors like Cobalt Strike and information stealers such as Project nemesis.

This specific group has previously been seen making use of a malware loader called “Dave Loader”, serving up a variety of well known files like IcedID (a modular banking trojan) and the infamous Emotet. The latter, another banking trojan which branched out into delivering additional malware files, was most recently seen in an IRS themed spam campaign. As the IBM researchers note, both of these are often used as a starting point for ransomware attacks.

Recently, the Dave Loader attacks have been observed including what has now come to be known as Domino files, and the Domino Backdoor in particular. Along with gathering “basic system information”, it receives an encrypted payload once the initial system data has been sent to the command and control center.

The file placed on the target PC was found to be similar enough to the original Domino Backdoor that it’s been named the Domino Loader. This Loader drops a payload called Nemesis Project, a .NET infostealer.

This “project” stealer has been around for a couple of years now, and tries to grab data from numerous browsers and applications including gaming platforms, VPNs, and cryptocurrency wallets. The researchers note that the stealer in question was originally advertised on forums with a sale price of $1,300 and in terms of data theft, the author of the file has this to say:

  • Collection of data from Chromium browsers (passwords, cookies, bookmarks, history)
  • Collection of data from Gecko browsers (cookies, passwords, history)
  • Grabbing links from the desktop
  • Collection of system information in HTML format
  • Telegram sessions
  • Collection of Discord tokens

It can also be set to block startup inside of a virtual machine (often used to test malware files), lock the startup if found to be running in a CIS country, and self-delete after sending the stolen data. Alongside all of this, Nemesis comes with a control panel, operated online, where the data can be accessed. All in all, it’s not something you’d want lurking on your network.

Bleeping Computer highlights that many ransomware groups and malware authors often work together, as it’s frequently an easier way to get a head start on compromising a network. The constant mashing up of files and intrusion tactics makes it harder for organisations to get to grips with the latest wave of attacks and also keeps security researchers on their toes. This current campaign is, sadly, no different.


Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Introducing the Malwarebytes Admin app: Endpoint security at your fingertips

If you’re on the beach sipping piña coladas, the last thing you probably want to do is rush to your desktop and address a critical security issue.

And yet, this is the reality for many IT security professionals today. Regardless of the time or current location, security pros are expected to drop everything at a moment’s notice and swoop in to save the day.

But being tethered to a desktop workstation can blur the boundaries between work and personal life. This inflexibility not only leads to additional stress and pressure on IT professionals, but also can delay response times as they scramble back to their workstation to put out fires. Even just taking a break is hard without the fear of leaving the system unattended.

Enter the Malwarebytes Admin app.

Designed as a companion to the Nebula console, the mobile app now allows administrators to manage alerts and perform essential tasks right from their iOS devices. No more being tied to a computer–you can now handle incidents and execute administrative functions wherever you are.

So sit back, relax, and enjoy an interrupted piña colada as we will delve into the key features of the Malwarebytes Admin App.

Getting started: Setting up the Malwarebytes Admin app

easset upload file5244 264349 e

  1. Download the Malwarebytes Admin app from the App Store. It is available for free for all Nebula users.
  2. Log in with your Nebula console credentials. The app is accessible to users with admin or read-only privileges on the Nebula console.

‎NOTE: Malwarebytes Admin is an enterprise solution intended for IT admins. Malwarebytes Admin will not operate on your device without the required license for Nebula.

Navigating the app: Dashboard and features

easset upload file50588 264349 e

Once logged in, the first screen you will see is the Dashboard.

Here, you can quickly assess the protection status of all endpoints, view detections by type, and view your license usage.

Managing endpoints: Endpoint list and actions

easset upload file17244 264349 e

easset upload file14238 264349 e

The Endpoint List displays all the endpoints you are managing.

The badges let you know which endpoints need immediate attention. The list can be filtered by status, OS, OS version, group, or policy, and you can search for specific endpoint names.

easset upload file70675 264349 eSelecting the “Actions” button lets you take various actions on the chosen endpoints, such as scanning, isolating, updating agents, checking for updates, and remediating endpoints.

Viewing endpoint information

easset upload file49274 264349 eTapping on a specific endpoint allows you to view its general information, such as host, location, operating system, and network interfaces.

Adding users

easset upload file44260 264349 e

With the Malwarebytes Admin app, you can add new users to the console by sending email invitations. You can assign roles (Super Admin, Admin, Read-only), add users to existing groups, delete users, resend invites, and edit user roles or group membership.

Future developments

While the Malwarebytes Admin app currently offers a wide range of features, there are some functionalities reserved for future updates. For example, while the app is only available for iOS right now, an Android app will be coming out soon. Additional features include detailed information on detections, push notifications on alerts, and more.

A game changer for IT security professionals

There’s no question that having to be attached to a desktop when managing threats and challenges faced by IT security professionals can exacerbate the stress they experience daily. That’s why we released the Malwarebytes Admin app, a game-changer for endpoint security management.

No more having to make a beeline out of the bathtub to resolve critical alerts. Receive instant notifications on your phone and quickly review, investigate, and resolve issues in just a few taps.

Download the app today and experience the convenience of having the power of Nebula right in your pocket!

GET THE MALWAREBYTES ADMIN APP 

LockBit ransomware on Mac: Should we worry?

News broke over the weekend that ransomware gang LockBit had begun targeting Mac users, triggering some concern in the Apple community. But have no fear: Apple security experts have dissected the ransomware, taking a deep dive into what it can and cannot do, and concluded that it is, actually, toothless.

“Yes, it can indeed run on Apple Silicon. That is basically the extent of its impact,” said Patrick Wardle (@patrickwardle), known macOS cybersecurity expert and founder of the non-profit, Objective-See. “macOS users have nothing to worry about.”

Here’s why.

The signature is invalid

Using a utility called codesign, Wardle saw that the payload’s signature value is “ad-hoc” compared to an Apple Developer ID. Because the signature is invalid, macOS won’t execute it.

easset upload file59701 264346 e
If you’re brave enough to run the payload on your macOS, you’ll be met with this message, says Wardle. (Source: Objective-See)

The encryptor is likely a test file

Azim Khodjibaev (@AShukuhi), a security researcher at Cisco Talos, floated the theory to BleepingComputer that the encryptors designed for macOS were “meant as a test and were never intended for development in live cyberattacks.”

Wardle further confirmed this theory, stating the malware is far from complete. Indicators in the malware’s code suggest it’s Linux-based but compiled for macOS with basic configuration settings included. The code also shows its developers have yet to consider macOS’s TCC (Transparency, Consent, and Control) and SIP (System Integrity Protection), two security features meant to protect user files and folders.

With TCC and SIP present, the ransomware will only be able to encrypt a little, if at all.

The code is buggy and will crash

Laying further credence to the test file theory, Wardle found the macOS payload contains a buffer overflow, which will cause it to crash when executed.

easset upload file61047 264346 e

No worries for now!

Apple users can rest easy knowing that this macOS ransomware, as it is now, will hardly impact anyone. However, as Wardle quickly pointed out, this may be different in future releases.

“The fact that a large ransomware gang has apparently set its sights on macOS should give us pause for concern and also catalyze conversations about detecting and preventing this (and future) samples in the first place,” he says in his blog.

With LockBit operating as a ransomware-as-a-service (RaaS) outfit, its ambition is to offer a range of ransomware. Currently, we have at least two available offerings: LockBit Black (based on BlackMatter’s code) and LockBit Green (based on Conti’s code). So expanding to target systems outside its repertoire is not only a logical move but also strategic.

“For most organizations, the main takeaway is Macs are probably safe, for now, but your Windows servers were always the prime target anyway,” says Malwarebytes Security Evangelist Mark Stockley. However, Mark warned:

“You’re only safe until you’re not, and there’s no timeline on getting this working. We won’t get a warning in advance, we’ll just hear (probably from LockBit itself) that an organization with lots of Macs has been turned over. So…what are you going to do if you have lots of Macs in your organization? Wait for the horse to bolt and then shut the door, or shut the door now?”

In an interview with BleepingComputer, LockBit’s public-facing representative LockBitSupp says the Mac encryptor is “actively being developed.”

LockBit was by far the most dominant ransomware in 2022, and hasn’t slowed down in 2023, which is why it’s one of the five threats you can’t afford to ignore in the Malwarebytes 2023 State of Malware report.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Swatting-as-a-Service is a growing and complicated problem to solve

One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence (AI), a person or group of persons calling themselves Torswats is suspected to be behind dozens, if not hundreds of swatting incidents.

Swatting is where someone makes a hoax emergency call to law enforcement in order to get armed police (hence the SWAT reference) to target a particular address. Swatting is a crime that has evolved from a dangerous type of prank to a cybercrime that can be ordered as a service.

NPR reported that in October 2022, 182 schools in 28 states received fake threat calls with a familiar pattern behind this wave of false calls. A voice-over-internet-protocol (VOIP) number in Ethiopia which was tied to a call about a “suspicious backpack” in a classroom call had logged calls to 79 other places across Louisiana, Arizona, and New Mexico.

Even in the stage when swatting was a prank popular among gamers, it was dangerous because of the potential consequences. Not only does it take emergency services away from their actual tasks, there have been swatting incidents that had fatal consequences. Police officers are placed in danger as victims may try to defend themselves against an unsuspected raid.

Swatting is a criminal offense in many jurisdictions, often punishable by fine or imprisonment. So swatters want to keep their identity hidden. And Torswats seems to do a good job at that. Some of the people paying Torswats for their services have been arrested, but the Telegram channel remains open for business.

Telegram is an anonymous chat platform that uses encrypted communication and does not require users to reveal their true identity. While not intended for that purpose, it is popular among criminals of all kinds and trades because they have a natural desire to stay anonymous.

Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the origin of the call is different from the true origin. Swatters use this to make the caller ID display show a phone number different from that of the origin.

Text to speech conversion software has evolved to a point where it is almost impossible for a human to discern the generated speech patterns from a real human. AI can be used to instill “voice acting” into the spoken text so the message sounds panicky, threatening, or whatever emotion is needed to make the message sound more realistic.

Torswats carries out these alarming calls as part of a paid service they offer. Payments are made in cryptocurrency to maintain anonymity. For $75, Torswats says they will close down a school. For $50, customers can buy more extreme swatting services, in which authorities can be expected to handcuff the victim and search their house.

Counter actions

If you are afraid of swatters targeting you for your online actions, you can use a VPN to hide your IP address. That gives them one less opportunity to find your physical address.

Just like there are tools and programs to generate fake voices, there are initiatives that aim to fight this increasingly widespread practice. But many of them are based on biometrics which allows the program to determine whether the text was spoken by the person or the deepfake version trying to impersonate them.

The future probably lies in deep-learning algorithms that analyze a caller’s voice and recognize unique characteristics that are tied to deepfakes. These programs will be used to assist emergency services dispatchers in recognizing AI generated voices.

Let’s hope Torswats and other operations like theirs will soon learn what it feels like to get—legitimately–arrested.


We don’t just report on encryption—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy by using Malwarebytes Privacy VPN.

Payment giant’s point-of-sale outage caused by ALPHV ransomware

On April 12, 2023, payment giant NCR reported it was looking into an issue with its point-of-sale (POS) systems that caused an outage, leaving customers unable to use the system.

The NCR Aloha POS systems are popular in hospitality services. Customers include Wendy’s, Chuck e Cheese, Café Rio, Leeann Chin, and FATZ Café. The NCR website claims the company helps over 100,000 restaurants run their operations. The outage primarily caused problems in the US but some European and Asia Pacific online ordering services were affected as well.

On April 13, NCR found that the root cause of the outage was the result of a ransomware incident. At this point it contacted customers, notified law enforcement, and initiated an investigation aided by third-party security experts.

In a statement on April 17, NCR reassured customers it was working hard to quickly restore functionality:

“We are committed to re-establishing secure access to the impacted Aloha and Counterpoint applications as quickly as possible. We are restoring impacted applications in a new secure environment. We will have further updates on the timeline for rebuilding this new environment, and we are targeting this week to bring these applications back online. We will also be contacting customers with a few key steps to access our new environment.”

Although NCR has released no specific information about the responsible ransomware group, it is rumored that ALPHV aka BlackCat was behind the attack after security researcher Dominic Alvieri found a post to that effect on the ALPHV leak site.

ALPHV has since removed the post in which they claimed to have stolen credentials belonging to NCR’s customers and threatened to publish these data if a ransom was not paid.

“We take a lot of credentials to your clients networks used to connect for Insight, Pulse, etc. We will give you this list after payment,”

The ransomware-as-a-service (RaaS) group ALPHV, also known as BlackCat or Noberus, is currently one of the most active. ALPHV was ranked #4 in our list of most prolific ransomware gangs last month.

ALPHV ransomware is used by affiliates who conduct individual attacks, breaching organizations using stolen credentials or by exploiting weaknesses in unpatched Microsoft Exchange servers. During the attacks, data is stolen and encrypted and the victim is asked to pay a ransom for both a decryption tool, and to prevent the stolen data from being leaked.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Spring cleaning tips for your browser

When you are resting up from the physical part of your spring cleaning and you’re sitting behind your laptop or swiping left on your phone, why don’t you speed up your browsing experience with a few simple actions?

Let’s start with your browser, as that usually has the most impact on your perception of how “fast” your device is. In this post we will focus on the settings for Chrome since that is the browser with the biggest market share, but many browsers (like Edge) will have the same settings because they are based on the same Chromium codebase or they will have very similar settings (Firefox). We’ll also mention where you can find similar or the same settings in Safari, if available. These will be shown in red.

There may be slight differences in the methodology and screenshots, based on the type of device, the operating system, your language settings, and maybe even the manufacturer of your device, but the basics should be pretty much the same as the Windows-based methods and screenshots shown in this post.

Backups

Before we start let’s take some precautions to minimize the chance of having regrets about our actions afterwards.

1. Backup your currently open bookmarks: More (three dots) > Bookmarks > Bookmark all tabs… (Safari: In the Menu bar > select Bookmarks > then choose Add Bookmarks for these {number of open} Tabs.)

bookmark all open tabs

This will create a Set of bookmarks of the currently open tabs.

You will see a prompt where you can provide a name for this set of bookmarks. Something with the date in it would make it easier to find if you plan to do this more often.

Name that set and save it by clicking the Save button.

type a name for the set of bookmarks

2. Exporting your data can be used to synchronize your browser between devices, but it can also be used as a backup for your data.

To create a backup click on More (three dots) > Settings > Turn on sync… Then log in to your Google account and access sync settings by clicking on Settings:

turn on synchronization

(Safari: click the Apple menu in the top left corner of your screen. Then click System Preferences > Click iCloud > select the checkbox next to Safari.)

Then select Manage what you sync and turn on Sync everything if it’s disabled, or make a custom selection of what you want to back up.

manage what to synchronize

Once you’ve decided what to sync, it’s all automatically available across devices, as long as you sign in with the same Google account. When push comes to shove you can use this as a backup to restore your browser. If you were not using sync between devices before you started, you may want to turn it off once you are satisfied everything went well.

Speeding up

1. Check if you have the latest version of Google Chrome. Updates not only introduce new features, they also improve security and fix bugs.

Under More (three dots) > Help > About Google Chrome you can find what version you are on. If there is an update available, Chrome will download and install it. When it’s done you need to relaunch the browser to complete the update. 

update installed, you need to relaunch

Safari: Go to the Apple menu > System Settings > click on Software Update > if updates are available click Restart Now to install them. Once your macOS has updated, Safari will be up to date too.

2. Close some of those tabs that open every time you start your browser. Each site will take some time to load and that slows down your browser. Remember, you can create a set of sites that you need every day and the rest can be moved to your bookmarks so you can always find them.

Now you can start closing tabs and create a set of tabs that you would like to start your sessions with. Once all the unnecessary tabs are closed, click on More (three dots) > Settings > On startup. Select Open a specific page or set of pages.

select your opening tabs

Click on Use current pages and the currently open tabs will be the ones you see at the start of every browser session.

Safari: open the tabs you want to start with and use the method outlined under backups to create a set of bookmarks. Name that set of bookmarks, for example “Startup”. Go to Safari menu > Preferences > select Choose tabs folder from the New windows open with drop-down list. Select the folder of bookmarks (e.g. Startup) you created. Then, click Choose.

3. Under Performance > Memory Saver you can find another way to minimize the impact of your open tabs. When on, Chrome frees up memory from inactive tabs. This gives active tabs and other apps more computer resources and keeps Chrome fast. Your inactive tabs automatically become active again when you go back to them. 

memory saver settings

4. Clean out some clutter you have picked up over time. Click on More (three dots) > Settings > Privacy and security. Click on Clear browsing data. This will open a prompt where you can select which data to clear. The top four are usually the ones you will want to clear. If you are using Chrome as a password manager you will certainly want to leave the fifth one unchecked.

select the data to remove

Cookie warning: if you delete all your cookies, you will find that you will have to log in on several sites, so have your password manager ready or be selective about which cookies to delete. If you uncheck Cookies and other site data here, you can select which ones to delete if you click More (three dots) > Settings > Privacy and security > Cookies and other site data > See all site data and permissions. This allows you to go over a complete list and make more granular decisions. You can use the trash can symbol behind each site’s symbol to remove the site data and permissions.

a more granular approach

Or use the dropdown arrow to have even more options.

Safari: Click the Safari menu > Clear History… > in the Clear field choose All History > click Clear History.

 

5. When it comes to browser extensions that you only use occasionally, you might consider disabling them until you need them. And if you no longer use them at all, remove them. Depending on the type of extension, the difference in surfing speed can be noticeable.

Click More (three dots) > Settings > Extensions to see an overview of the currently installed browser extensions.

installed extensions

The one(s) with the slide to the right (showing blue) are enabled and the one(s) with the slider to the left (showing in grey) are disabled. Any unwanted or no longer needed extensions can be removed by clicking on the Remove button in the extension’s tile.

Safari: Choose Safari > Settings > Extensions. To turn off an extension, deselect its checkbox. To uninstall an extension, select the extension and click the Uninstall button.

6. Preload your pages. Click More (three dots) > Settings > Privacy and security > Cookies and other site data. Here you can turn on Preload pages for faster browsing and searching.

prefetch settings

7. Scan your device with Malwarebytes to see if any malware is lurking on it. Clearing up any malware on your system is a surefire way to speed it up. And it means you are safer, too!

If you came here looking for a resolution for an extremely slow browser and all of the above didn’t help, there could be other reasons at play. You can try resetting Chrome to default or even uninstall and re-install Chrome.

If a certain site isn’t working properly, you can also try opening the site in an Incognito window. Click More (three dots) and then New Incognito Window. Then copy and paste the URL of the problem site in the address bar and see if it works now. If it does solve the issue, then circle back to point 4 and remove all the cookies and data of the domain that the problem site belongs to.


Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Avoid this “lost injured dog” Facebook hoax

Facebook users are advised to be wary of posts involving injured dogs receiving treatment at a vet surgery, or pets sitting next to people post-operation adorned with bandages and plaster casts.

The dog-themed missives all follow a similar format, with the primary change between them being the location the post is supposedly coming from. Here’s an example:

Hello. If anyone is looking for this sweet girl, found her lying on the side road in [hashtagged location name]. She was hit by a car in a hit and run incident.I took her to the vet. She is in a critical condition,sustained multiple fractures and on pain relief and oxygen.She is not chipped. I know someone is looking for her. Please bump this post to help me find the owner.

Fake Facebook dog operation post

The images are randomly sourced, with many of the posts reusing the same photographs. Comments are often disabled.

Who is doing this? Well, in terms of the individual accounts on display, they’re a variety of personal accounts with little to no posting history. They’ve either been compromised first and then wiped clean of content, or they’re spam accounts with a recent creation date. The examples we’ve seen strongly suggest the latter.

As for posting tactics, they follow the standard Facebook spam tactic of being posted to local community / classified / real estate groups for maximum exposure. This is something which happens a lot, and was used to great effect in the “dead daughter / free PS5” campaign from the middle of last year.

What, specifically, are these bogus dog in the vet stories for? The scammers are banking on sympathetic engagement off the back of the heartstring tugging tale. With enough engagement, eyeballs, replies, anything at all of value…the posts switch to something else altogether.

This is exactly what was happening back in December with another Facebook scam. There, mostly freshly minted accounts posted up harrowing tales of missing toddlers dumped outside the gates of their homes. Eventually, they would become adverts promoting a variety of decidedly non-missing baby content.

Content switcheroo scams on Facebook are incredibly manipulative, and there’s a fair chance that such behaviour likely drives people away from engaging with genuine “missing baby / relative / injured pet” warnings down the line.

There are, however, a few things you can do to keep your Facebook house in order.

Avoiding Facebook hoaxes

  • No replies allowed. Disabled replies can be a major warning flag. If you’re asking for help or giving a warning, why limit the number of people who can reply?
  • If there’s a photograph, try performing a reverse image search. This is where you try to deduce the origin of the image. These scams are lazy; image reuse is rife, often going back many years. There are dedicated sites for this, such as TinEye. There, you either upload an image or provide a URL and TinEye will find any matches from across the internet. Most search engines also offer some reverse image search functionality, though quality of results will inevitably vary. It’s worth noting that sometimes scammers will flip an image (from left to right or vice versa) to try and fool reverse image searches. Deepfaked images will also typically not produce results.
  • Copy / paste that text. Take the text of the suspicious post and search for that, too. You may well find a whole raft of cut and paste efforts across multiple social media portals.
  • Freshly baked scammers. If the site the message or photo is posted to displays details about the person who posted it, see if it’ll let you observe things like account creation date or if the name on the account has been altered. A new account with no other content has likely been set up to scam people.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Update Chrome now! Google patches actively exploited flaw

In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser—the first in 2023—currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, as this flaw is present in Chrome versions before this one. Updating your browser can be done manually or automatically.

If you use other Chromium-based browsers, you may need to update them as well.

The vulnerability, tracked as CVE-2023-2033, is exploitable when a user visits a malicious webpage using an unpatched Chrome browser. The page could run arbitrary code in the browser, potentially leading to your computing device being hijacked. Google knows an exploit code for this flaw already exists and is circulating in the wild.

CVE-2023-2033 is a type-confusion bug in V8, Google’s open-source JavaScript and WebAssembly engine. As with zero-day patch announcements, the company supplied little to no details on how attackers could exploit this flaw. However, we know that attacks on V8, although uncommon, are considered one of the most dangerous. Exploiting a weakness in V8 typically leads to a browser crashing.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” says Google in the advisory. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Google is giving all its Chrome users enough time to update to the latest version until technical details are released.

How to manually update Chrome

Google Chrome typically updates automatically. However, it’s worth double checking. To check if your browser is up to date:

  • Click the three vertical dots at the upper right-hand side of the URL bar.
  •  Select Help > About Google Chrome.

Simply doing this should trigger Chrome to update. Once done, the browser will ask you to relaunch. Click the button to confirm and complete the update process.

Google would never let users manually download and install a separate file to update Chrome. Scammers and threat actors have used this tactic many times in the past, and, for a time, it worked. Now and then, this tactic is adopted in a malicious campaign, to catch those who aren’t familiar with how Chrome works or how Google updates its products.

Stay safe!


Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW