Malwarebytes

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets.

We uncovered an impersonation campaign of the popular Mac utility CleanMyMac that is tricking users into installing a malicious infostealer.

Beware of fake OpenClaw installers, even if Bing points you to GitHub Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.

Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub to deliver infostealers and malware instead of the droids...er...AI assistant you were looking for.

Scammers Have Found An Unexpected New Way Into Your iPhone Luckily, there's a relatively easy fix.

iPhone Calendar scams are on the rise. Learn how to spot them and remove them from your device with our tips featured in Huffington Post.

Supreme Court to decide whether geofence warrants are constitutional Google has urged the justices to strike down the controversial warrants, which can sweep up location data from hundreds of phones near a crime scene.

Google weighs in on a US Supreme Court case, arguing that geofence warrants are unconstitutional.
https://www.malwarebytes.com/blog/news/2026/03/supreme-court-to-decide-whether-geofence-warrants-are-constitutional?utm_campaign=brandsocial&utm_medium=social&utm_source=bluesky

Scams suck. We created our free scam detector to help older users and those who just need a little extra help learning to identify scams.
www.malwarebytes.com/solutions/sc...

Does the UK really want to ban VPNs? And can it be done? Reports of a "Great British Firewall" are exaggerated. And even if they wanted to, here's why it would be virtually impossible.

The idea of a “Great British Firewall” makes for a catchy headline, but it would be riddled with holes and cause huge problems.

High-severity Qualcomm bug hits Android devices in targeted attacks Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component.

‼️ Android users: update now ‼️

Google has fixed 129 vulnerabilities in Android, including a Qualcomm display flaw that is known to be actively exploited.

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

A flaw in Google Chrome let extensions hijack Gemini’s camera, mic, and file access.

Samsung TVs stop spying on viewers in Texas. Here's how to disable ACR anywhere As Samsung settles a lawsuit over how its smart TVs collect and monetize viewing data using ACR, here's how the rest of us can limit the data we're sharing.

If you’d prefer to limit or disable ACR-style monitoring of your watching behavior, here’s where to look.

A fake FileZilla site hosts a malicious download A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring.

When someone downloads the tampered version of FileZilla, Windows loads the malicious library first, allowing the malware to run within a normal FileZilla session.

Adulthood is just getting letters from a company that you've never heard of, telling you they leaked your data that you didn't know they had, and including a multi-step to-do list for you to protect the data that they did not.

Public Google API keys can be used to expose Gemini AI data Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.

Google API keys, long treated as harmless, can now be used by cybercriminals as Gemini AI credentials.

Inside a fake Google security check that becomes a browser RAT Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild.

Fake Zoom and Google Meet scams install Teramind: A technical deep dive Attackers don’t always need custom malware. Sometimes they just need a trusted brand and a legitimate tool.

This article provides a technical deep dive into the recent fake Zoom and Google Meet scams that we reported on two days ago.

How to understand and avoid Advanced Persistent Threats APT stands for Advanced Persistent Threat. But what does that actually mean, and how does it translate into the kind of threat you’re facing?

Learn how Advanced Persistent Threats target individuals and organizations, and why knowing the warning signs can help you stay safe online.

Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later Unsealed court records reveal Instagram executives discussed explicit messages to teens years before a blur feature was introduced.

Meta took six years to blur explicit images on Instagram, even though internal emails show executives were aware in 2018 that minors were receiving them.

The Conduent breach; from 10 million to 25 million (and counting) A third-party breach at Conduent now affects 25 million Americans—many never knew their data flowed through its systems.

A massive healthcare data breach exposed sensitive information including medical information, addresses, dates of birth, and social security numbers of 25 million Americans (and growing).

Developer creates app to detect nearby smart glasses A developer created an Android app that looks for nearby smart glasses. It's not perfect, but it can help people in certian circumstances.

Is it possible to spot smart glasses before they spot you?

Roblox gives predators "powerful tools" to target children, says LA County Los Angeles County sued the online gaming platform Roblox for its alleged failure to protect children from danger.

Los Angeles County is filing a lawsuit against Roblox, claiming Roblox is misleading parents into thinking the platform is safe while leaving children exposed to predators and sexually explicit content.

Fake Zoom meeting "update" silently installs surveillance software A fake Zoom meeting page looks real, triggers a bogus “update,” and silently installs surveillance software.

A fake Zoom meeting site mimics a video call, then uses an “Update Available” countdown to automatically download a malicious installer onto Windows machines—no permission required.

Refund scam impersonates Avast to harvest credit card details A convincing fake Avast site displays a €499.99 charge and promises a refund. Instead, it harvests your name, address, and full credit card details.

A fraudulent website mimicking Avast is deceiving French-speaking users into providing their credit card details under the guise of processing a non-existent refund.

conversation between Meta's Head of AI Safety and Alignment and their OpenClaw bot

>be Head of AI Safety and Alignment at Meta
>set up OpenClaw
>grant it full access to your personal inbox
>it starts mass-deleting emails
>“Don’t do that.”
>wipes out the remaining old emails too
>“I told you not to do that.”
>“Do you remember me saying that?”
>“Yes. I remember. And I ignored it.”

OpenClaw: What is it and can you use it safely? OpenClaw is a hot topic at the moment. But what is it and how can you use the 24/7 AI assistant in a safe way?

Giving OpenClaw root access to your device? What could possibly go wrong.

Password managers keep your passwords safe, unless… Researchers investigated the zero-knowledge claims of password managers and they found some possible attack scenarios

Many issues are now patched, but be cautious and enable multi-factor authentication so a stolen password alone isn’t enough.

Age verification vendor Persona left frontend exposed, researchers say Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.

Researchers discovered a publicly exposed frontend on a government-authorized server, containing 2,456 accessible files from the age verification vendor used by Discord.

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page.

AI-generated passwords are a security risk AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.

Using AI to generate passwords is a bad idea. It may produce passwords that criminals can exploit using dictionary attacks, where they test a list of likely passwords with automated tools.

Intimate products producer Tenga spilled customer data US customers of sex toy manufacturer Tenga may have had some data leaked due to a phishing attack on a Tenga employee

Tenga confirmed reports published by several outlets that the company notified customers of a data breach.

Meta patents AI that could keep you posting from beyond the grave Hopefully Meta really will file this in the "just because we can do it doesn't mean we should" drawer.

Weekend at Zuckerberg's?

Betterment data breach might be worse than we thought This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.

Stolen data from a breach at Betterment is now being shared online by threat actors.
https://www.malwarebytes.com/blog/news/2026/02/betterment-data-breach-might-be-worse-than-we-thought?utm_campaign=brandsocial&utm_medium=social&utm_source=bluesky