WebProNews

Tag: Malwarebytes

  • Scammers Are Abusing the Microsoft Edge News Feed

    Scammers Are Abusing the Microsoft Edge News Feed

    Scammers are abusing Microsoft Edge’s news feed, running malicious ads in an effort to direct users to tech support scams.

    Edge is Microsoft’s Chromium-based web browser that replaced Internet Explorer. Like many browsers, Edge provides a news feed for users. The feed also contains various advertisements, which scammers have figured out how to abuse.

    Malwarebytes researchers outlined how the scam works:

    When a user clicks on one of the malicious ads, a request to the Taboola ad network is made via an API (api.taboola.com) to honor the click on the ad banner. The server will respond with the next URL to load.

    This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers. What’s worth noticing is the cloud infrastructure that is being leveraged here, making it very difficult to block.

    Malwarebytes said this particular scam is one of the biggest it has seen, and has been active for at least a couple of months. Users should use an ad and malware blocker, and may be better off using another browser until Microsoft addresses the issue.

  • Android Malware Keeps Reinstalling Itself

    Android Malware Keeps Reinstalling Itself

    An Android malware application has been discovered reinstalling itself even after a factory reset.

    Malwarebytes is a cybersecurity firm that was contacted by an Android user who was having trouble removing a particularly nasty and persistent malware, xHelper. No matter what the user did, the malware kept reinstalling itself, even after a factory reset.

    Malwarebytes’ researchers initially thought it might be a preinstalled malware, since the device was not from a mainstream manufacturer. Lesser-known manufacturers have been known to have malware preinstalled on their devices. Even taking that into consideration, however, the malware continued reinstalling.

    Ultimately, the researchers realized the reinfections were being triggered by Google Play, even though the malware is not on Google Play. Even when an Android device is reset, unlike applications, files and directories remain. In one of those directories, the researchers found an Android application package (APK) that seemed to be triggered by Google Play. Once triggered, it would install, run and then uninstall itself to minimize the chance of being detected. In those few seconds it was installed, however, it would reinfect the phone with the xHelper malware, which would then install even more malware.

    Malwarebytes entire report is well worth a read—especially the instructions on how to remove the malware. It remains to be seen, however, exactly how the malware is using Google Play as a trigger.