Latest news with #Malwarebytes'
Tom's Guide
3 days ago
- Tom's Guide
Hackers are using fake Booking.com sites to infect summer travelers with dangerous malware — how to stay safe
Summer is here and if you haven't booked your holiday travel plans yet, you're going to want to be extra careful when doing so. The reason being, hackers are now using popular booking sites to infect unsuspecting travelers with dangerous password-stealing malware. According to the cybersecurity firm Malwarebytes, a new campaign has been spotted online that uses malicious links on social media and gaming sites to trick people into visiting fake sites impersonating the popular online booking service Given that almost half (40%) of people book their travel through general web searches, there are plenty of opportunities for hackers to lead them astray in an attempt to steal their hard-earned cash and sensitive data. Here's everything you need to know about this new campaign along with some tips and tricks to help you stay safe from hackers while booking your summer getaway. In a new blog post, Malwarebytes' researchers explain that this new campaign was first spotted online at the end of last month. When a user clicks on one of the malicious links impersonating they're taken to a verification page where fake CAPTCHAs are then used to trick them into copying code over to their clipboard. This occurs when they click on the checkbox next to the text 'I'm not a robot' on one of these fake CAPTCHA that CAPTCHAs are used so frequently online these days, most people wouldn't think twice before clicking one. However, these fake verification prompts are similar to those we've seen in recent ClickFix attacks. For those unfamiliar, these types of attacks are designed to trick you into infecting your own computer with malware but fortunately, they're easy to spot. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Instead of solving a puzzle or identifying a certain object in a set of pictures, a new verification prompt appears that asks you to do something you never should: run a command prompt and then execute the code that was copied over to your clipboard. This is a major red flag and an easy indication that you're not actually on official website. Still though, unsuspecting travelers trying to lock in a great deal quickly could potentially fall for this tactic. If they do, their computer will be infected with the AsyncRAT the instant they run the code that was previously copied to their clipboard. Given that we're dealing with a Remote Access Trojan here, this malware is able to spy on your computer, steal all sorts of sensitive personal and financial information, record your keystrokes, upload and download files, access your webcam and more. Given that hackers and other cybercriminals can easily put links to fake sites on social media and even in search engines through malicious ads, you need to be extremely careful when booking a vacation or anything else online for that matter these days. Instead of typing the address for a site like into your browser and heading to the first link, you want to scroll all the way down past the ads to the company's actual site. Better yet, if you know a company's web address, just type that into your browser's address bar instead. If you are prompted to verify your identity when visiting a travel site, pay close attention to the form of verification used. Typing out the numbers and letters in a scrambled image or identifying which images in a set are actual cars are both legitimate verification methods. Pressing Win + R to open a command prompt and run code that was copied to your clipboard without your knowledge definitely isn't though. To stay safe from any malware that might slip through the cracks, you want to make sure that your PC is protected with the best antivirus software or your Apple computer has the best Mac antivirus software installed. For additional protection though, you might also want to consider signing up for one of the best identity theft protection services as they can help you recover your identity or any funds lost to fraud from scams. Summer is a great time to get out and go somewhere new but if you rush to get that last-minute booking in, you could be putting yourself and your data at risk. That's why you always want to take some extra precautions when making travel plans and if a deal or a website seems too good to be true, it probably is.
Associated Press
14-05-2025
- Business
- Associated Press
AI-Powered Cybercrime Surges as Hackers Embrace Generative and Autonomous AI, According to New Malwarebytes Report
New report warns organizations about the imminent rise of autonomous attackers and a looming transformation of cybercrime as we know it SANTA CLARA, Calif., May 14, 2025 /PRNewswire/ -- Malwarebytes, a global leader in real-time cyber protection, today released its latest ThreatDown report, Cybercrime in the Age of AI, which reveals how threat actors leverage generative artificial intelligence (AI) to create entirely new forms of cyberattacks. The report predicts that AI agents will soon usher in a world of far more frequent, sophisticated, and difficult-to-detect cyberattacks. From AI-generated phishing campaigns, deepfake scams, and malware, the report outlines the growing arsenal of tools at cybercriminals' disposal and how businesses can best defend themselves from the onslaught of attacks. 'Cybercrime is undergoing a transformation,' said Marcin Kleczynski, Founder and CEO at Malwarebytes. 'We're not just seeing a rise in the quantity of attacks, we're seeing entirely new forms of deception and automation that would have been unimaginable just a few years ago. As AI technology matures, Malwarebytes will continue to deliver robust solutions to detect, respond to, and protect against the evolution of cybercrime.' AI Makes Cybercrime More Accessible and Convincing Since ChatGPT's release in late 2022, criminals have rushed to exploit generative AI. Threat actors today are weaponizing these tools to write malware, craft convincing phishing emails, and launch realistic social engineering attacks. In one case from January 2024, a finance worker was manipulated into transferring $25 million during a video call populated entirely by AI-generated deepfakes of company executives. Criminals have also found creative ways to bypass built-in AI safeguards, using techniques like prompt chaining, prompt injection, and jailbreaking to produce their own malicious outputs. In 2023, Malwarebytes' own researchers used prompt chaining to demonstrate that ChatGPT could be duped into writing ransomware, despite safeguards to prevent it. Autonomous AI Attackers Are on the Horizon While generative AI has already lowered the barrier to entry for cybercrime, the report warns that agentic AI is poised to escalate these kinds of attacks. Agentic AI can replace human attackers, automating, accelerating, and scaling labor-intensive techniques like ransomware. Many research teams have successfully created AI agents for offensive cybersecurity, including: These examples mark a new chapter in cybersecurity, where AI is no longer just a tool for attackers but AI becomes the attacker, operating at scale, 24/7, and at speeds human defenders may struggle to match. As cybercriminals grow more skilled at developing and deploying AI agents, these tools will inevitably be used to increase the volume and speed of labor-intensive attacks, especially the most dangerous kind: big game ransomware. Defending Against AI-Powered Attacks To counter the growing threat of AI-powered cybercrime, organizations must reduce their attack surface, monitor systems continuously, and respond to alerts immediately. That includes deploying endpoint protection, such as ThreatDown Managed Detection and Response (MDR), capable of catching the increased quantity of AI-generated threats and using 24/7 expert analysts to spot evolving tactics. To read the full report, visit Plus, to learn about the latest threats and cyber protection strategies for businesses, visit or follow ThreatDown on LinkedIn and X. About Malwarebytes Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. ThreatDown, Malwarebytes' corporate product portfolio, simplifies endpoint security by combining award-winning detection and remediation with quick deployment in an easy user-interface – with one agent and one console - to protect people, devices, and data in minutes. Since 2008, Malwarebytes has been detecting and eliminating threats that others missed for half a billion individuals and thousands of businesses. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit Malwarebytes Media Contact: Julianne Cavanaugh, Public Relations [email protected] View original content to download multimedia: SOURCE Malwarebytes
