article thumbnail

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Cybercriminals could use your account to spread spam and phishing emails to your contacts.

article thumbnail

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. In this case, the loan app evaded detection on Google Play, by loading a WebView to redirect users to an external website from where they could download the app hosted on an Amazon EC2 server.

Passwords 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

article thumbnail

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing 257
article thumbnail

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

Tech Republic Security

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

article thumbnail

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

article thumbnail

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

Monitor your accounts. Check your accounts periodically for unexpected changes and notifications of suspicious login attempts. Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Phishing 112