Latest news with #Malwarebytes
Daily Mirror
21-05-2025
- Daily Mirror
Everyone with an app on their Android phone put on red alert
A worrying new Android threat has been discovered that millions must not ignore. Everyone who loves using Android must be on high alert and take care before installing any new apps onto their devices. It seems cyber crooks are, once again, trying to attack this hugely popular platform and not heeding the advice could leave smartphones rammed with annoying adverts that are impossible to remove. The team at Malwarebytes has raised the latest alert after discovering the so-called "Kaleidoscope" bug. Over 100 applications are thought to have this threat tucked inside, and millions have already downloaded them. The attack works by online thieves releasing fake versions of real apps found on the Google Play Store. Once installed, they look like the real deal and even have the same app ID as official versions. Sadly, if a user is tricked into downloading them - usually via unofficial app stores - they then face a screen with unskippable adverts. Due to the way the attack works, the advertiser never knows anything is wrong, and the users can't use their device without getting annoyed. It's a lose-lose for companies and consumers as firms are paying for the adverts to be shown and the phone owner gets a screen full of messages. As Malwarebytes explains, "Advertisers believe they are paying for ads shown in the 'legitimate' app, while users who download versions from third-party app stores are bombarded with the same ads—but they can't skip them. Because both apps use the same app ID, advertisers never know the difference." In a bid to stop anyone else becoming a victim of this attack, Malwarebytes has issued some important advice - don't ignore these 5 top tips if you don't want a phone full of annoying and unskippable adverts.. To keep your devices free from ad fraud related malware: • Get your apps from the Google Play store whenever you can. • Be careful about the permissions you allow a new app. Does it really need those permissions for what it's supposed to do? In this case the 'Display over other apps' should raise a red flag. • Dubious ad sites often request permission to display notifications. Allowing this will increase the number of ads as they push them to the device's notification bar. • Use up-to-date and active security software on your Android.
Daily Record
20-05-2025
- Daily Record
Android users urged to follow four new rules amid red alert
Android users have once again been placed on red alert as the popular technology provider has been hit by cyber criminals. This new bug is said to become infuriating if advice isn't followed, as users' phones will be left full of highly annoying adverts that are impossible to get rid of. According to the team at Malwarebytes, the 'Kaleidoscope' bug has been hidden within over 130 Android apps that can be accessed around the world. Once these apps are downloaded, the user's phone will then be overloaded with unskippable apps. If this wasn't bad enough, the new threat is even more worrying than previous attacks due to the way that criminals are targeting the Android operating system, reports the Express. Therefore, it is important that Android heed the advice given by experts. Hackers are now having to try out new methods to fool people into falling into their trap as Google is starting to get better at removing dodgy apps from its Play Store. According to Malwarebytes, the latest scam from crooks involves creating lookalike applications that are dished out via third-party app stores. Despite looking like the original app - with many even sharing the same app ID - these scam apps actually include the Kaleidoscope bug, which makes the 'innocent' looking app the 'evil twin'. This threat allows hackers to display sponsored messages without the advertisers realising that something is wrong. As a result, this scam is detrimental to both companies and users, as firms are paying for certain adverts to be shown while Android users are instead being drowned in irritating messages. Malwarebytes explained: "Advertisers believe they are paying for ads shown in the 'legitimate' app, while users who download versions from third-party app stores are bombarded with the same ads—but they can't skip them. Because both apps use the same app ID, advertisers never know the difference." It is easy to see why these irritating apps are finally being caught out as it is thought that they have been installed millions of times already. Thankfully, in a move to stop other Android users from becoming a victim of the scam, Malwarebytes have given users four steps to follow to keep their smartphones safe from 'evil twin' apps. To keep your devices free from ad fraud related malware: • Get your apps from the Google Play store whenever you can. • Be careful about the permissions you allow a new app. Does it really need those permissions for what it's supposed to do? In this case the 'Display over other apps' should raise a red flag. • Dubious ad sites often request permission to display notifications. Allowing this will increase the number of ads as they push them to the device's notification bar. • Use up-to-date and active security software on your Android.
Axios
20-05-2025
- Business
- Axios
Gen Z's new side hustle: selling data
Many young people are more willing than their parents to share personal data, giving companies deeper insight into their lives. Why it matters: Selling data is becoming the new selling plasma. Case in point: Generation Lab, a youth polling company, is launching a new product, today — betting that buying this data is the future of polling. "We think corporations have extracted user data without fairly compensating people for their own data," says Cyrus Beschloss, CEO of Generation Lab. "We think users should know exactly what data they're giving us and should feel good about what they're receiving in return." How it works: Generation Lab offers people cash — $50 or more per month, depending on use and other factors — to download a tracker onto their phones. The product takes about 90 seconds to download, and once it's on your phone, it tracks things like what you browse, what you buy, which streaming apps you use — all anonymously. There are also things it doesn't track, like activity on your bank account. VERB then uses that data to create a digital twin of you that lives in a central database and knows your preferences. Say a political advocacy group wants to know where women under 30 get their news, they can use VERB to query one or all the twins who fit that demographic in an interface that feels like ChatGPT. If a venture capital firm wants to figure out which apps are trending among young people, they can ask. The intrigue: Generation Lab says this method of polling will give companies, nonprofits, and news organizations more accurate information about how young people really think by tracking their behavior instead of asking them about it. 'For decades, market research has been the equivalent of a doctor asking a patient to describe their symptoms. VERB is an MRI machine,' Generation Lab's pitch deck says. The polling company is aiming to get to 5,000 users of the tracker by the end of September. Between the lines: Many younger Americans consider sharing data the tradeoff for being online. They're already giving away their data for free, and are even more willing to share it for cash. 88% of Gen Z is open to sharing personal information with social media companies, 20 points higher than older generations, eMarketer notes. 33% of Gen Z agrees or strongly agrees with the statement 'I don't mind being tracked by websites or apps,' compared with 22% of older adults, according to a 2023 survey from the cybersecurity company Malwarebytes. Gen Z-ers and millennials are also more likely to expect incentives or rewards for sharing data — whether that's money or a personalized social media algorithm, a 2022 Euromonitor International study found.
The Star
17-05-2025
- Science
- The Star
'Creepy good': AI can now tell your location from obscure photographs
There are some good reasons to worry about what is visible in background photos, because AI is getting very good at guessing where you are based on the smallest of clues. — Pixabay BERLIN: The capabilities of AI chatbots could soon be verging on transgression, according to recent research showing some managing to figure out a person's location from obscure photographs and others now able to generate almost undetectable "deepfake" videos. In a series of tests, computer virus software provider Malwarebytes found ChatGPT to be "creepy good" at "geo-guessing" locations from photographs that had been scrubbed of their metadata, which often contain details such as location, time and date. "There are some good reasons to worry about what is visible in background photos, because AI is getting very good at guessing where you are based on the smallest of clues," according to Malwarebytes. The chatbot was albe to use clues and cues in architecture and environment to narrow down possible locations in photos before either nailing it or coming uncannily close. "A wheelbarrow of a specific brand or a bird with a limited habitat are enough to provide hints about your location," Malwarebytes warned. The same week, a tram from Fraunhofer Heinrich-Hertz-Institute and Humboldt University in Berlin published the results of tests that show AI capable of generating "subtle heart-beat-related signals" in so-called deepfake videos. "The current evolution of image generation techniques makes the detection of manipulated content through visual inspection increasingly difficult," the team said, but some real-life subtleties such as heartbeats were "lost during the deepfake generation process," a limitation that has been "useful for deepfake detection." Not anymore, however: The team was able to make deepfakes containing what appear to be human pulses. The researchers' findings, which were published in the science and technology journal Frontiers in Imaging, suggest that heartbeat detection techniques are "no longer valid for current deepfake methods." That said, all hope may not be lost – if clutching at high-tech straws counts: "Analysing spatial distribution of bloodflow regarding its plausibility can still help to detect high-quality deepfakes," the researchers said, in what is likely to be small consolation and even less use to anyone hoping to quickly separate fake from real footage seen on social media. – dpa/Tribune News Service
Associated Press
14-05-2025
- Business
- Associated Press
AI-Powered Cybercrime Surges as Hackers Embrace Generative and Autonomous AI, According to New Malwarebytes Report
New report warns organizations about the imminent rise of autonomous attackers and a looming transformation of cybercrime as we know it SANTA CLARA, Calif., May 14, 2025 /PRNewswire/ -- Malwarebytes, a global leader in real-time cyber protection, today released its latest ThreatDown report, Cybercrime in the Age of AI, which reveals how threat actors leverage generative artificial intelligence (AI) to create entirely new forms of cyberattacks. The report predicts that AI agents will soon usher in a world of far more frequent, sophisticated, and difficult-to-detect cyberattacks. From AI-generated phishing campaigns, deepfake scams, and malware, the report outlines the growing arsenal of tools at cybercriminals' disposal and how businesses can best defend themselves from the onslaught of attacks. 'Cybercrime is undergoing a transformation,' said Marcin Kleczynski, Founder and CEO at Malwarebytes. 'We're not just seeing a rise in the quantity of attacks, we're seeing entirely new forms of deception and automation that would have been unimaginable just a few years ago. As AI technology matures, Malwarebytes will continue to deliver robust solutions to detect, respond to, and protect against the evolution of cybercrime.' AI Makes Cybercrime More Accessible and Convincing Since ChatGPT's release in late 2022, criminals have rushed to exploit generative AI. Threat actors today are weaponizing these tools to write malware, craft convincing phishing emails, and launch realistic social engineering attacks. In one case from January 2024, a finance worker was manipulated into transferring $25 million during a video call populated entirely by AI-generated deepfakes of company executives. Criminals have also found creative ways to bypass built-in AI safeguards, using techniques like prompt chaining, prompt injection, and jailbreaking to produce their own malicious outputs. In 2023, Malwarebytes' own researchers used prompt chaining to demonstrate that ChatGPT could be duped into writing ransomware, despite safeguards to prevent it. Autonomous AI Attackers Are on the Horizon While generative AI has already lowered the barrier to entry for cybercrime, the report warns that agentic AI is poised to escalate these kinds of attacks. Agentic AI can replace human attackers, automating, accelerating, and scaling labor-intensive techniques like ransomware. Many research teams have successfully created AI agents for offensive cybersecurity, including: These examples mark a new chapter in cybersecurity, where AI is no longer just a tool for attackers but AI becomes the attacker, operating at scale, 24/7, and at speeds human defenders may struggle to match. As cybercriminals grow more skilled at developing and deploying AI agents, these tools will inevitably be used to increase the volume and speed of labor-intensive attacks, especially the most dangerous kind: big game ransomware. Defending Against AI-Powered Attacks To counter the growing threat of AI-powered cybercrime, organizations must reduce their attack surface, monitor systems continuously, and respond to alerts immediately. That includes deploying endpoint protection, such as ThreatDown Managed Detection and Response (MDR), capable of catching the increased quantity of AI-generated threats and using 24/7 expert analysts to spot evolving tactics. To read the full report, visit Plus, to learn about the latest threats and cyber protection strategies for businesses, visit or follow ThreatDown on LinkedIn and X. About Malwarebytes Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. ThreatDown, Malwarebytes' corporate product portfolio, simplifies endpoint security by combining award-winning detection and remediation with quick deployment in an easy user-interface – with one agent and one console - to protect people, devices, and data in minutes. Since 2008, Malwarebytes has been detecting and eliminating threats that others missed for half a billion individuals and thousands of businesses. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit Malwarebytes Media Contact: Julianne Cavanaugh, Public Relations [email protected] View original content to download multimedia: SOURCE Malwarebytes
