IT NEWS

Spyware app LetMeSpy hacked, tracked user data posted online

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it.

From the message posted to the login screen on the LetMeSpy website:

On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.

As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts.

To be clear, much of the data that was stolen is the data from the phone which has the tracking app on it, which has likely been installed without the phone owner’s knowledge. That’s because LetMeSpy is often invisible to the phone’s owner. 

So as long as someone can get quick access to install an app on your Android phone, they can monitor you. Once the app is on your phone, you often can’t tell it’s there. However, in the background, it is maliciously uploading all your calls, texts, and location to the LetMeSpy servers, which is what has now been hacked.

These sorts of apps have been used by people wanting to monitor their partner’s movements, along with parents and employers.

Polish site Niebezpiecznik first reported the breach. In the database file which was later dumped online, the blog said there was:

  • 26,000+ email addresses of the tool’s “operators” along with hashes of their passwords.
  • 16,000+ text messages, including passwords and codes for various services
  • Telephone numbers of people who had contacted the tracked phones
  • Telephone numbers of the people whom the tracked phone owner had called (along with the names associated with them in the contacts list)
  • Database dump in SQL format, containing more data, including locations

Spokesman Adam Sanocki for the Polish data protection authority UODO confirmed to TechCrunch that it had received a breach notice from LetMeSpy. When many breaches happen, the affected company should inform users that their data has been breached. But the users of the service here are the ones tracking people, and, sadly, it’s unlikely they’re going to let the people they are spying on know that their data has been taken.

How to prevent spyware and stalkerware-type apps

  • Set a screen lock on your phone and don’t let anyone else access it
  • Keep your phone up-to-date. Make sure you’re always on the latest version of your phone’s software.
  • Use an antivirus on your phone. Malwarebytes for Android shows you exactly what information you’re sharing with each app on Android, so you can keep an eye on your privacy. Malwarebytes detects the LetMeSpy app as Android/Monitor.LetMeSpy.

Coalition Against Stalkerware

Malwarebytes is a founding member of the Coalition Against Stalkerware. We continue to share intelligence with the Coalition Against Stalkerware to improve industry-wide detections while also guiding the domestic abuse support networks within the coalition through thorny, technical questions of detection, removal, and prevention.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

“Free” Evil Dead Rise movie scam lurks in Amazon listings

Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in streaming land for good measure. In fact, it’s doing so well that the original film from 1981 has crept into the charts too:

A good time to be a Deadite. Not so good if you’re unable to catch a legitimate stream or the movie isn’t out in your region yet. If you decide to pre-order it from Amazon, you’ll see something odd nestled in the physical media section which we’ve highlighted in red. Bizarrely, there’s a podcast claiming to offer up a free version of Evil Dead Rise via streaming.

Fake Evil Dead Rise download

The full movie, in podcast form? I know Amazon has some pretty impressive technology but I don’t think we’re at that level just yet. The full text reads as follows:

!Streaming Evil Dead Rise 2023 Movie Evil Dead Rise 2023 Movie Warner Evil Dead Rise 2023 Pictures! Are you looking to download or watch the new Evil Dead Rise 2023 online?

If you are looking for Watch Evil Dead Rise (2023) : Full Movie Online Free, Watch Evil Dead Rise Streaming Full Movie Online Free ||Prime.

Playing the audio clip reveals about 24 seconds of generic soft rock music, presumably only present because the “podcaster” has to upload something to create a listing. To even access the audio file, you’d need to open it via an Audible account or Amazon Music.

Fake Evil Dead Rise podcast

Clicking the link redirects you through several URLs before settling on what looks like it’s about to offer you a stream of the film.

Fake Evil Dead Rise Stream

Evil Dead Rise for download or streaming, with a “Subscribe to watch: $0.00” message underneath? You can add this to the “Too good to be true” pile.

No matter what you click, on a mobile device you may be offered a download. In testing, we saw a program claiming to offer all manner of media downloads:

Media downloader

In another test, we were directed to an odd payment page:

Mobile sign up

I say odd, because the URL contains the word “antivirus”, which would suggest you’re potentially signing up for a security service of some kind. Despite this, there’s no clear indication of what exactly is being paid for here. Is it a security product? Am I still trying to sign up to the supposedly “free” version of Evil Dead Rise? I don’t know, but the page says this at the top:

“This is a special offer for a limited period of 3 days which comes with a £13.00 welcome gift card to explore and buy products in one of our affiliates’ websites. By acquiring this membership you will be automatically enrolled in our affiliate membership services. The membership fee amount of £29.24 which will be automatically deducted every 14 days unless skipped or cancelled.

That’s a lot of money to pay for who knows what!

Meanwhile, clicking the movie streaming link on a desktop redirects to a generic sign up page with no additional details with regard to terms and conditions or privacy policies. Sites like this typically have a rolling subscription fee mentioned somewhere in the T&Cs. There is simply no reasonable way to know what you’re signing up for here.

How to avoid bogus spam listings on Amazon

  • Watch where you pay. Your typical Amazon transactions should be taking place within the main Amazon site. If you’re buying an item, watch out if you are directed to go to another URL. If in doubt, check with Amazon customer support.
  • Beware of “empty” content. Ebooks and audio files which do little but ask you to go somewhere else to obtain something are almost certainly scams. A one page ebook saying “Go here”, or an audio file which is bereft of audio with hyperlinks going off-site should be treated with suspicion.

This is not the first time we’ve seen inventive uses of Amazon services to promote a scam. We’ve previously covered a range of spam ebooks on the Kindle store used to link to similar streaming services. In this case, we’ve reported the account uploading these podcasts to Amazon and users of Malwarebytes products will find they’re protected from the sites involved. Groovy.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

New technique can defeat voice authentication “after only six tries”

Voice authentication is back in the news with another tale of how easy it might be to compromise. University of Waterloo scientists have discovered a technique which they claim can bypass voice authentication with “up to a 99% success rate after only six tries”. In fact this method is apparently so successful that it is said to evade spoofing countermeasures. 

Voice authentication is becoming increasingly popular for crucial services we make use of on a daily basis. It’s a particularly big deal for banking. The absolute last thing we want to see is easily crackable voice authentication, and yet that’s exactly what we have seen.

Back in February, reporter Joseph Cox was able to trick his bank’s voice recognition system with the aid of some recorded speech and a tool to synthesise his responses.

A user typically enrolls into a voice recognition system by repeating phrases, so the system at the other end gets a feel for how their voice sounds. As the Waterloo researchers put it:

When enrolling in voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique vocal signature (voiceprint) from this provided phrase and stores it on a server.

For future authentication attempts, you are asked to repeat a different phrase and the features extracted from it are compared to the voiceprint you have saved in the system to determine whether access should be granted.

This is where Cox and his synthesised vocals came into play—his bank’s system couldn’t distingusih between his real voice and a synthesised version of his voice. The response to this was an assortment of countermeasures that involve analysing vocals for bits and pieces of data which could signify the presence of a deepfake.

The Waterloo researchers have taken the game of cat and mouse a step further with their own counter-counermeasure that removes the data characterstic of deepfakes.

From the release:

The Waterloo researchers have developed a method that evades spoofing countermeasures and can fool most voice authentication systems within six attempts. They identified the markers in deepfake audio that betray it is computer-generated, and wrote a program that removes these markers, making it indistinguishable from authentic audio.

There are many ways to edit a slice of audio, and plenty of ways to see what lurks inside sound files using visualiser tools. Anything that wouldn’t normally be present can be traced, analysed, and altered or made to go away if needed.

As an example, loading up a spectrum analyser (which illustrates the audio signal in visible waves and patterns) may reveal images hidden inside of the sound. Below you can see a hidden image represented by the orange and yellow blocks every time the audio file plays. While the currently discussed research isn’t available outside of paid access, the techniques relied upon to find any deepfake generated cues will likely work along much the same lines. There will be telltale signs of synthetic markers in the sound files, and with these synthetic aspects removed the detection tools will potentially miss the now edited audio because it looks (and more importantly sounds) like the real thing.

Audio analysis

It remains to be seen what organisations deploying voice authentication will make of this research. However, you can guarantee whatever they come up with will continue this game of cat and mouse for a long time to come.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Online safety tips for LGBTQIA+ communities

The internet is great for bringing people together, helping you feel part of a community, and staying in touch with your nearest and dearest. But it can also be a nasty place – from malware to scammers, to people just being plain awful to others. It’s probably not surprising to read that recent research by the Anti-Defamation League (ADL) showed LGBTQAI+ people were the marginalized group most harassed online, with 51% of transgender people and 47% of LGBQ+ people—compared with 33% of all Americans— reporting online harassment of some sort within the last 12 months.

So, while the tips below are good advice for anyone, the stats show it’s tougher online for LGBTQAI+ people, and that means it’s really important to do as many of them as you can. Think we missed anything? Let us know in the comments section.

1. Secure your online accounts

Avoid handing over your accounts to anyone who shouldn’t have access by getting the security basics right.

  • Use strong, unique passwords for every account
  • Consider a password manager to help you keep hold of all those passwords
  • Enable MFA wherever you can.

These three things do take a bit more time than if you didn’t do them, but they are the best way to keep your accounts secure.

2. Deal with cyberbullies

If someone is bullying you online, block and report them as soon as you can. Pretty much every platform will offer this function, so make sure you use it. Confide in a trusted friend or family member, especially if the bullying is having a significant impact on your mental health. And, if the bullying has reached criminal proportions, consider reporting it to the relevant authority in your region.

3. Be careful when meeting an online friend IRL

It would be all too easy to say “never meet anyone face to face that you met online,” but that’s not practical. However, there are some things you can do to stay as safe as possible.

Meet in a public place, and let a friend know who you are meeting and where. Then check in with them after you return home.

Make sure the person is who they say they are by doing a reverse image search of the person’s picture. If you see the same image posted next to someone else’s name, or even multiple people’s names, then you might well be talking to a scammer.

4.  Stay safe on social

Don’t reveal personal information about you such as your address or date of birth which could be used by fraudsters, doxxers or stalkers. If you’re going away then leave that information off your social media until you return, so your home isn’t targeted.

It’s worth periodically checking your social media privacy settings too to make sure they’re at the level you are comfortable with.

5. Respect others’ privacy

Sure, you might want to show off your camo jumpsuit to your Instagram followers, but maybe the go-go dancer behind you doesn’t want their photo published online. If someone is in a photo that you want to put online, make sure you get explicit consent from them before posting.

6. Steer clear of hate

Finally, we all know there is a lot of nasty stuff going on online. It’s easy to get sucked into reading or interacting with others you disagree with, but that also might be detrimental to your mental health. The hate comes from within them, and it isn’t worth your energy to engage with them. If you know there’s a forum, comments section or somewhere else where you’re likely to encounter hate, avoid it. 


We don’t just talk about threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Top contenders in Endpoint Security revealed: G2 Summer 2023 results

Navigating the world of endpoint security is challenging, with numerous vendors stoking “Fear, Uncertainty, and Doubt” (FUD) and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams.

Enter G2, an industry-leading peer-to-peer review site. Each quarter, G2 releases reports highlighting the products with the highest customer satisfaction and strongest market presence.

In the G2 Summer 2023 Grid Reports, Malwarebytes earned 19 “Leader” badges across five endpoint security categories (Antivirus, EDR, Endpoint Management, Endpoint protection platforms, Endpoint protection suites). We also received awards for the #1 spot in Endpoint Protection and the Easiest Setup for EDR, among many others.

Let’s take a closer look at how organizations evaluated solutions and what they said about using Malwarebytes.

#1 Endpoint Protection: Highest Rated for Results, Relationship, and More

Malwarebytes Endpoint Protection (EP), the essential foundation of our EDR and MDR offerings, won dozens of awards based on receiving the highest customer satisfaction score across a range of areas, including “Best Results,” “Best Support,” “Most Implementable,” and more.

Dashboard for Nebula, the cloud-hosted security platform for EP and EDR

Dashboard for Nebula, the cloud-hosted security platform for EP and EDR

For example, Malwarebytes EP won the “Best Results” badge (highest overall Results score) by having the highest combination of estimated ROI, meets requirements, and likelihood to recommend scores. What some of our customers had to say:

“Malwarebytes is easy to install and configure. It integrates with Windows 10 and runs silently in the background. Infection rate of Malware has dropped dramatically. If I run across a machine that has Malware, installing it cleans it up almost 100% of the time.”

Chris S.

“Malwarebytes was able to detect and block a virus that our previous AV was not able to. Wish we had moved to this product sooner.”

Robert S.

“I consider myself faithful to this software because Malwarebytes has taken me out of problems that other antivirus programs have not been able to solve. It is not a very heavy software and can run in the background without even noticing it thanks to the updates.”

Verónica M.

Customers also praised Malwarebytes for its friendly staff and exceptional support, for which we won the “Best Relationship” badge by having the highest combination of “Likely to Recommend,” “Ease of business,” and “Quality of Support” ratings.

Here’s what some of our customers had to say:

“The support team started us off on the right track by getting us up and running in no time. Any questions I had before and after setup were answered quickly and thoroughly.”

Gary P.

“Highly recommended, and their support team is the best you can ask for!”

Rifaat K.

Easiest To Use EDR

Our EDR solution, paired with our Vulnerability and Patch Management (VPM) modules, delivers an impressive return on investment by quickly enhancing your organization’s security posture. Malwarebytes EDR is designed to be both efficient and cost-effective, allowing your team to see the benefits of your investment immediately.

By focusing on ease of use, quick implementation, and powerful security features without requiring an IT security army, Malwarebytes ensures that your organization is maximizing resources and receiving the best ROI in the industry.

Malwarebytes had the best estimated ROI (payback period in months) in the enterprise Endpoint Management category, which evaluate products that help users keep track of devices in a system and ensure their software is secure and up to date.

“The best part about Malwarebytes is the set it and forget it. It has saved us so much time on deployment and remediation that it pays for itself in no time at all.”

Ron M.

“It keeps our working environment much more secure than our previous solution. Much easier to manage in real time. This thing is a money saver and pays for itself.”

Tyson B.

Most Implementable EDR: Seamless Setup and User-Friendly Experience

On the Enterprise Implementation Index for Endpoint Detection & Response (EDR) Malwarebytes EDR clutched the #1 spot. With a seamless setup process, your team can spend more time focusing on what matters most: protecting your organization from cyber threats. Here’s how we won:

  • Malwarebytes EDR has an Implementation Score several points higher than the industry average.
  • Ease of Setup: Malwarebytes EDR scores several points higher than the industry average in ease of setup.
  • Average User Adoption: Malwarebytes EDR scores several points higher than the industry average in user adoption rate. 

“The Nebula console is one of the most user-friendly interfaces we’ve come across. We can’t recommend it enough.”

Justin N.

“Malwarebytes makes it simple to deploy. Additionally, the user interface has minimal impact on the end-user, so its win-win. Support are happy to help when you do hit the occasional bump and the portal is easy to use and very responsive.”

John K.

“If you are purchasing Malwarebytes, then you have made the correct choice. You will quickly see how easy it is to implement, and how great their support is.”

Mauro B.

“Very easy to install and deploy, setup, and configure – for instance – a 5 machine setup would take roughly ~10 mins from start to finish.”

Verified User

“Easy to use and implement, along with great support and support tools at your disposal, along with courses to help you become more familiar with the inner workings.”

Doug C.

easset upload file32556 270977 e

Two options to easily begin deployment with your endpoint users in Nebula

Experience Malwarebytes for Business: Award-winning ROI, user-friendly, and effective threat defense

Malwarebytes provides IT staff with award-winning business solutions, offering unmatched threat protection, a lightning-fast return on investment, and a smooth, speedy implementation.

Try Malwarebytes EDR today and join the ranks of those who have already discovered the amazing results, support, ROI, and more of our exceptional endpoint security solutions.

UPGRADE TO ENTERPRISE-GRADE PROTECTION

easset upload file515 270977 e

Surveillance camera insecurities argument comes to one inevitable conclusion: Always update

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests.

Surveillance and webcam vulnerabilities are common, and we’ve covered them many times on our blog. What’s interesting with this story is that its being presented as some sort of potential threat to national security and infrastructure. From just one of the comments provided to the BBC:

“We’ve all seen the Italian Job in our youth, where you bring the whole of Turin to a halt through the traffic light system. Well, that might have been fiction then, it wouldn’t be now.”

All very dramatic, but we’ve yet to see The Italian Job play out in real life. Even so, many devices manufactured by one firm, Hikvision, are used by many local councils across the UK. They’re also used to monitor Government buildings. If a device is vulnerable, it’s definitely worth trying to figure out the scale of the problem. With this in mind, what kind of numbers are we talking about?

According to the BBC, a large-scale freedom of information campaign set in motion by Big Brother Watch tried to find out. No fewer than 4,510 Freedom of Information requests were filed with various public bodies between August 2021 and January 2022. 1,289 responses came back, with 806 of those confirming the use of Hikvision or, another brand mentioned by the BBC, Dahua cameras. Of the 806, 227 local councils and 15 police forces use Hikvision, with 35 local councils making use of Dahua.

That’s certainly a lot of cameras. What risk was discovered?

The BBC asked experts to try and compromise a Hikvision camera under test conditions, though specifics are hard to come by. Is “a test network with no firewall and little protection” an accurate reflection of a local council or Government network? Is it fair to assume the manufacturer would be at fault for organisations not applying updates and patches dating back 6 years?

I ask this, because the results with the tested (six year old) camera found a vulnerability from 2017. The testers claim the flaw as “a back door that Hikvision built into its own products”, with somewhere in the region of 100,000 cameras online “still vulnerable” to this issue. Which means that a lot of organisations actually are failing to update their devices.

Having compromised the camera and gaining access to visuals, testers now established if they could access the Dahua cameras by forcing their way into the software controlling them. Once again, they were able to do it and this time gained access to the camera’s microphone.

In both cases, vendors claimed to have patched both of these vulnerabilities soon after the issues came to light. In fact, Hikvision released an open letter to those responsible for the investigation. It reads:

To claim that this stunt has uncovered a security breach or an intentional backdoor in June 2023 is farcical. It sensationalises a problem that was already fixed to universally recognised CVE standards. Furthermore, this test has not been conducted on a typical network, but rather an unsecured one. This test simply cannot be characterised as representative of ‘the cameras lining our streets today’, which would be much better defended than the camera in this so-called ‘test’ the BBC have run.

It goes on:

Hikvision’s conduct with regards to this vulnerability has followed all internationally accepted standards of best practice. When made aware of the vulnerability in March 2017, Hikvision patched it in less than one week. The vulnerability – and Hikvision’s patch – were subject to further scrutiny in the US with the then-Chairman of the US House of Representatives Small Business Committee noting in a public hearing that Hikvision’s work with the US Department of Homeland Security on this vulnerability meant that any continuing issues resulting from unpatched equipment would lie with ‘small businesses that do not engage with the government or the DHS regularly’.

Going further, the Deputy Assistant Secretary for the US Department of Homeland Security Office of Cybersecurity and Communications said they ‘worked with the company’ to resolve the problem and that ‘standard practice was followed’. 

All in all, this one is a bit of a mess and likely won’t be untangled soon. Whether your own devices are brand new or a few years old, they’ll typically prompt you to perform an update. Whether you think years old devices should be taken offline for safety reasons, or that organisations are solely responsible for their security, one thing is for certain: You can feel much more reassured that your own devices are safe by hitting that update button as soon as you possibly can.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Why blocking ads is good for your digital health

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they don’t just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on goes out of its way to track you, tie you to clicks, associations, and more. More adverts, tailored to your theoretical interests, then start to follow you around across other sites. Sometimes, it’s not very sophisticated: Ever searched for the one and only quarter height stepladder you’ll ever buy in your life? Congratulations, every advert is a stepladder.

Sadly, dozens of stepladder adverts are far from your only concern. We’re going to explain why running an ad blocker is a good thing for your digital health, and highlight all of the ways things can go wrong with ads enabled.

Adverts are the biggest of business, with billions of ad impressions per month. Individual companies can rack up billions of impressions just for their own ads, before you try and figure out overall tallies. Disney and Amazon had a total of 40bn impressions between them in the first quarter of 2020, and Google is pretty much powered by advertising:

Google is an attention merchant that – in 2022 – generated over $224 billion (almost 80% of revenues) from ads (Google Search, YouTube Ads, and Network sites.

If you want some idea of the scale of advertising you’re subjected to on a daily basis, things are only moving up. Recent research by Lunio claims that, on average, people might have seen between 500 and 1,000 ads a day in the 1970s. By 2007, when adware vendors dropping ad-spewing installers was common and ad affiliate networks in meltdown was a daily occurrence, it was estimated at 5,000. By 2021, it was an average of 6,000 to 10,000 per day.

You have adverts and pop ups on your phone. You have advertising on your video game console dashboard. There’s another batch of stepladder adverts on your desktop. Your IoT home hub either plays an occasional ad or is plugged into some other service you use to buy things from.

Your television? Well, it might be one of the upcoming models where the TV is free in return for built in adverts constantly playing on a smaller screen. This is probably as good a place as any to remind you to always read the small print, however:

Some of the most common types of advertising you’ll encounter include:

  • Pay per click (PPC). Advertisers pay publishers every time an advert is clicked.
  • Affiliate marketing. With this form of marketing, the creator of a product avoids taking up the marketing slack. Instead, it is essentially outsourced to others in the form of unique affiliate links or clickthroughs offered by apps or programs. If a sale is made, the affiliate earns commission money. There may be additional incentives on offer depending on the product.
  • Mobile ads. These are hugely popular in “free” games, where ads may be served by the app itself, or through a network being used by the app. The links may also lead to additional phone installations.

You’ll bump into others, but these are the three main areas of advertising which you’ll probably experience on a daily basis. They’re also a potential goldmine for scammers.

PPC is one of the oldest forms of advertising. Bogus ad clicking tools that artificially inflate revenue have been around forever, to various degrees of sophistication. Basic forms of malware are programmed to autoclick ads detected on websites. Other enterprising individuals concoct ways of manually clicking ads in ways which would not look suspicious to the advertisers.

Affiliate advertising is where much of the ad network chaos takes place. Back in the adware vendor days, rogue ad campaigns using malware, exploits, or fake products to make adware cash would be shut down after much outrage. The adware vendor would make a lot of noise about “rogue affiliates”, and claim it wasn’t their fault. Everything would go back to this same routine the day after and adware vendors would pretend they were somehow free of blame in all of this. Sometimes they would be sued into the ground and abandon the adware life, and other times the evidence of dubious antics were on display for all to see.

Even now, in the case of rogue advertising involving malware (malvertising) there’s often an affiliate component to the “your PC is now compromised” pipeline. You’ll encounter it in many ways:

  • Rogue sponsored adverts which sit above organic results in services like Google and Yahoo! search engines. These links may imitate brands or other services to entice you to click
  • Fake adverts embedded on websites. These also mimic popular brands to drive clicks
  • Compromised websites which may look like a familiar service, but every link offered up is potentially harmful to your PC

The ads in search engine results which look as though they resolve to legitimate sites like Amazon can also be harmful. This is as a result of advertisers being able to display a brand’s official URL within the ad snippet, even when an ad URL has nothing to do with the brand. From here you could be sent to a phishing page, a fake tech support site, or worse. Below you can see an example of a supposedly genuine sponsored ad which actually leads to a fake Amazon login.

Ad assets

Exploits are often a key component of malvertising attacks, and without the right protection on board you may realise too late that something has gone badly wrong.

On top of all this, we have the previously mentioned tracking going on under the hood. Web beacons are used to monitor activity on a website. Tracking cookies shared by multiple services constantly build up a picture of what you’ve done. So-called “shadow profiles” are used to track the activity of people who don’t even use a particular service.

Finally, we have the issue of speed. Lots of ads, tracking, and page elements being served up from different points of origin can all contribute to slowing down your browsing. You’ve almost certainly experienced the “thrill” of a website serving up the ads before the content at some point. This often happens because the ads are served from dedicated content delivery networks (CDNs). Their purpose is to get the ad in front of you as fast as possible, which can mean ads are the first thing you see. While your connection is (probably) a lot better now than it was five years ago, this can still cause issues in some cases…and who wants adverts to be the first thing they see on a page anyway?

As you may have gathered, it’s the marketing Wild West out there. It’s also worth noting that sites such as YouTube are now experimenting with detecting ad blockers, and disallowing users to view videos until their ad blocker is turned off.

So what can we do about it?

  • Pick the right browser for your needs. Increasingly, browsers offer more options to specify a level of tracking and advertising that you’re comfortable with. Back in 2020, Safari started blocking third party tracking cookies by default. Firefox has gone down the path of individual cookie jars, called “Total Cookie Protection”, which prevents tracking across websites. Elsewhere, Google is still delaying the sunsetting of third party tracking cookies.
  • Extend your options. On the subject of browsers, most will allow you to install extensions to increase your blocking capabilities. Some browsers like Opera include their own ad blocker by default which can be enabled in two clicks. You can also try Malwarebytes Browser Guard, which filters out ads and scams as well as blocking trackers that spy on you.
  • Beware shady blockers. You’ll sometimes see fake blockers riding on the coat tails of legitimate products. You may also run into websites or services which claim to dodge ad blocker detection, but serve up spam or surveys. Always do some research on anything you plan to install. Reviews and store rankings can help with this.
  • Tackle the scripts. It’s not “just” ads on the surface level. You also need to consider the tracking scripts, cookies, and everything else happening invisibly. Ensure your setup allows for taking care of third party ad tracking.
  • Things will break. A note of caution: Blocking scripts or other functionality can break some websites. You’ll need to customise your settings in these situations. Some products integrate ads into the actual structure of a product, so removing or blocking will break the product. Tablet games where you’re granted a new life by watching an ad, for example. There may not be much you can do when this happens. Use the product as is, or cut your losses and move on.

Malwarebytes protects against annoying ads and scams while blocking trackers that spy on you.

TRY NOW

Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized

In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals.

Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made.

EncroChat, a company based in the Netherlands, advertised its services as safer than safe, stating that no messages were saved on its servers, which were located “offshore.” However, Dutch law enforcement figured out the EncroChat servers were located in France and got to work, hoping to catch criminals in the act. And they did.

The EncroChat system was well organized and had gained a lot of trusting users over the years. Criminals felt secure enough to chat freely about everything: Names of customers, drug deliveries, and even assassinations. And their trust was understandable, given what EncroChat promised to offer:

  • Phones were dual boot, so users could alternatively start the Android operating system and their phones would look like a normal, old-fashioned model
  • The phones had a “wipe all” button that would delete all the stored conversations in case of an arrest or other emergency
  • No messages were stored on servers so they could not be seized and decrypted later
  • The service used OTR which is a cryptographic protocol that provides both authentication and end-to-end encryption for instant messaging. This protocol ensures that session keys will not be compromised even if the private key of the server is compromised. Even when a server is seized, the conversations cannot be decrypted or lead back to the participants

EncroChat users paid hefty fees for this service— thousands of dollars per year, per device. The exorbitant fees may explain why the majority of the EncroChat clientele could be found on the wrong side of the law. Other parties that might have a vested interest in keeping their chat messages secret include government parties, journalists, security professionals, or lawyers. However, there are cheaper, if somewhat less sophisticated, alternatives for legitimate secret-keeping that law enforcement does not target.

According to Europol, most EncroChat users were either members of organized crime, or performed drug trafficking. The rest engaged in money laundering, assassinations, and firearms trafficking.

Diagram showing EncroChat users by crime area EncroChat users divided by crime area, courtesy of Europol

Three years later the harvest of the operation stands at:

  • 6,558 suspects arrested, including 197 high value targets  
  • 7,134 years of imprisonment of convicted criminals up to now
  • EUR 739.7 million in cash seized
  • EUR 154.1 million frozen in assets or bank accounts
  • 30.5 million pills of chemical drugs seized
  • 103.5 tonnes of cocaine seized
  • 163.4 tonnes of cannabis seized
  • 3.3 tonnes of heroin seized
  • 971 vehicles seized
  • 271 estates or homes seized
  • 923 weapons seized, as well as 21,750 rounds of ammunition and 68 explosives
  • 83 boats and 40 planes seized

All this was possible thanks to the analysis of 115 million conversations between the roughly 60,000 users of the EncroChat platform.

Similar operations like the one against Sky ECC, and a fake secure chat service set up by the Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP) called AN0M, have shown that despite being unable to break secure encryption, law enforcement agencies have found ways to eavesdrop on the criminals that feel safe using them.


We don’t just report on encryption—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that’s-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT:

  • 81% were concerned about possible security and safety risks.
  • 63% don’t trust the information it produces.
  • 51% would like to see work on it paused so regulations can catch up.

The concerns expressed in the survey mirror the trajectory of the news about ChatGPT since its introduction in November 2022.

ChatGPT is a type of Artificial Intelligence (AI) developed by the organization OpenAI. Trained on vast amounts of text data, it can generate human-like responses to prompts or questions. And just in case you don’t know what that means, you should know that the last sentence you read was written by ChatGPT as part of a response to a request to “Describe ChatGPT in a single paragraph.” This is the whole text it generated:

ChatGPT is a powerful language model developed by OpenAI, based on the GPT-3.5 architecture. Trained on vast amounts of text data, it can generate human-like responses to prompts or questions. With its deep learning capabilities, ChatGPT understands context and produces coherent and contextually relevant text. It can assist with various tasks such as answering questions, providing explanations, and offering suggestions. Although it’s not a human and lacks real-time awareness, ChatGPT’s ability to generate text across multiple languages makes it a versatile tool, albeit one that should be cross-verified with reliable sources for accuracy.

When people explored its capabilities in the days and weeks after its launch, it seemed almost miraculous—a wonder tool that could do everything from creating computer programs and replacing search engines, to writing students’ essays and penning punk rock songs. Its release kick-started a race to disrupt everything with AI, and integrate ChatGPT-like interfaces into every conceivable tech product.

But those that know the hype cycle know that the Peak of Inflated Expectations is quickly followed by the Trough of Disillusionment. Predictably, ChatGPT’s rapid ascent was met by an equally rapid backlash as its shortcomings became apparent.

Chief among them is ChatGPT’s propensity to “hallucinate”, the euphemism that data scientists give to untruths created by machine learning models. Perhaps the best example of just how consequential hallucinations can be is Mata v. Avianca, Inc, a court case in which a lawyer found himself in serious hot water after citing numerous non-existent legal cases hallucinated by ChatGPT when he used it as a research tool.

Against that backdrop, Malwarebytes decided to poll its vast pool of newsletter subscribers to see how they felt about ChatGPT, six months after its launch.

Despite all the hype and hooplah surrounding it, only 35% of our tech-savvy respondents agreed with the statement “I am familiar with ChatGPT,” significantly less than the 50% that disagreed.

Those who claimed to be familiar with ChatGPT did not have a rosy outlook. This is what they told us.

Not accurate or trustworthy

The first issue for ChatGPT is that our respondents don’t trust that it’s accurate or trustworthy. Only 12% agreed with the statement “The information produced by ChatGPT is accurate,” while 55% disagreed, a huge discrepancy.

Responses to "The information produced by ChatGPT is accurate" by respondents familiar with ChatGPT
Responses to “The information produced by ChatGPT is accurate” by respondents familiar with ChatGPT

The responses were similarly bleak for the statement “I trust the information produced by ChatGPT,” with only 10% agreeing and a huge 63% disagreeing.

Responses to "I trust the information produced by ChatGPT" by respondents familiar with ChatGPT
Responses to “I trust the information produced by ChatGPT” by respondents familiar with ChatGPT

A risk to security and safety

Not only was ChatGPT seen as untrustworthy, it was also perceived as a negative influence on safety and security, with few seeing it as a tool that will improve safety, and an overwhelming majority seeing it as a source of risk.

51% disagreed with the statement “ChatGPT and other AI tools will improve Internet safety,” dwarfing the tiny percentage that see it as a positive for safety.

Responses to "ChatGPT and other AI tools will improve internet safety" by respondents familiar with ChatGPT
Responses to “ChatGPT and other AI tools will improve internet safety” by respondents familiar with ChatGPT

Worse still, an extraordinary 81% were concerned about the possible security and/or safety risks.

Responses to "I am concerned about the possible security and/or safety risks posed by ChatGPT" by respondents familiar with ChatGPT
Responses to “I am concerned about the possible security and/or safety risks posed by ChatGPT” by respondents familiar with ChatGPT

They aren’t alone. In March a raft of tech luminaries signed a letter that said “We call on all AI labs to immediately pause for at least 6 months the training of AI systems more powerful than GPT-4.” The letter pulled no punches on the “profound risks” posed by “AI systems with human-competitive intelligence”:

Should we let machines flood our information channels with propaganda and untruth? Should we automate away all the jobs, including the fulfilling ones? Should we develop nonhuman minds that might eventually outnumber, outsmart, obsolete and replace us? Should we risk loss of control of our civilization?

The letter calls for the pause to be used to “jointly develop and implement a set of shared safety protocols for advanced AI design and development that are rigorously audited and overseen by independent outside experts.”

We put the idea to our respondents and 52% of those familiar with ChatGPT agreed, while less than half that number disagreed.

Responses to "Work on ChatGPT and other AI tools should be paused until regulations can catch up" by respondents familiar with ChatGPT
Responses to “Work on ChatGPT and other AI tools should be paused until regulations can catch up” by respondents familiar with ChatGPT

Conclusion

Our survey showed that an overwhelming number of respondents familiar with ChatGPT were concerned about the risks it poses to security and safety. They also don’t trust the information it produces, and would like to see a pause in development so that regulation can catch up. What remains to be seen is whether this is simply a singular moment of anxiety or a trend that will persist.

An AI revolution has been gathering pace for a very long time, and many specific, narrow applications have been enormously successful without stirring this kind of mistrust. For example, at Malwarebytes, Machine Learning and AI have been used for years to help improve efficiency, to identify malware, and improve the overall performance of many technologies.

ChatGPT is a different beast though. It is a generalized AI tool that could help or supplant humans across a broad range of knowledge work, from coding and composing songs to making malware and spreading misinformation.

The uncertainty around how ChatGPT will change our lives, and whether it will take our jobs, is compounded by the mysterious way in which it works. It is an unknown quantity to everyone, even its creators. Machine learning models like ChatGPT are “black boxes” with emergent properties that appear suddenly and unexpectedly as the amount of computing power used to create them increases.

Real world emergent properties have included the ability to perform arithmetic, take college-level exams, and identify the intended meaning of words. The ability to perform these tasks could not be predicted from smaller models, and today’s models cannot be used to predict what the next generation of larger models will be capable of.

That leaves us facing a very uncertain future, both individually and collectively. The continuum of view points held by serious commentators ranges—quite literally—from those who think AI is an existential risk to those who think it will save the world. Given the stakes, the caution of our respondents is no surprise.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Software company accused of illegally profiling millions of mobile phone users

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users.

The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on commercial privacy issues on a European level. After the General Data Protection Regulation (GDPR) came into force on May 25, 2018, commercial privacy violations can now be enforced on a European level, which allows for much more effective procedures and strategic litigation.

The complaint targets BICS, TeleSign, and Proximus. BICS is a Belgium-based communications service that enables phone calls, roaming, and data flows between different communications networks and services all over the world (500 mobile operators in more than 200 countries). Instead of having direct agreements with each other, hundreds of mobile phone providers can connect their networks through the interconnection service of BICS.

TeleSign is a US-based company that provides Application Programming Interfaces (APIs) that deliver user verification, digital identity, and omnichannel communications, to help other brands with secure onboarding, maintain account integrity, prevent fraud, and streamline omnichannel engagement. Among its customers are Ubisoft, ByteDance (TikTok), Skype, and Salesforce. 

Proximus is the Belgium based parent company of both BICS and TeleSign.

The problem

When processing phone customer data, BICS gets detailed information like the regularity of completed calls, call duration, long-term inactivity, range activity, and successful incoming traffic. And it receives these data for about half of the worldwide mobile phone users.

In 2022, Belgian newspaper Le Soir published an article about BICS sharing these data with TeleSign. Based on these data, TeleSign gave every mobile phone user a “trust score” between 0 and 300 points. This trust score helps their customers decide whether to allow users to sign up to a platform or, for example, require an SMS verification first.

According to Telesign’s website, it verifies over five billion unique phone numbers a month, representing half of the world’s mobile users, and provides critical insight into the remaining billions.

The data BICS shares includes information such as the type of technology used to make calls or texts, the frequency of activity, and the duration of calls.

nyob co-founder Max Schrems said:

“Your phone provider likely forwards data to BICS who then forwards it to TeleSign. TeleSign generates a ‘trust score’ about you and sells phone data to third parties like Microsoft, Salesforce or TikTok  – without anyone being informed or giving consent.”

While GDPR allows for sharing data for the purposes of taking appropriate, proportionate, preventive and curative measure and in order to detect fraud and malicious use of networks and services, nyob feels that this is not the case here.

From Max Schrems:

“The responses received by BICS and TeleSign suggest that this business model is not complying with EU privacy laws. We have therefore filed a complaint with the Belgian Data Protection Authority, who is competent for Proximus,  BICS and TeleSign.”

The lawsuit could end up to be very costly. The Belgian Data Protection Authority (DPA) can issue a fine up to 4% of the global turnover of Proximus, which is roughly $250 million.

EU citizens that want to know whether TeleSign has data on them, and has assigned them a score like the complainants, nyob has developed a template that you can use to send an access request to TeleSign. Companies holding data about you have the obligation under GDPR to tell you not just whether they process information about you, but also where they received the data, for which purpose they use it, and with whom they shared it.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW