article thumbnail

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. In this case, the loan app evaded detection on Google Play, by loading a WebView to redirect users to an external website from where they could download the app hosted on an Amazon EC2 server.

Passwords 145
article thumbnail

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor.

Phishing 123
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. You may also wish to download Google Authenticator to another mobile device that you control.

article thumbnail

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

Risk 303
article thumbnail

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming.

article thumbnail

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability. XR500, the issue was fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Click Downloads. Click Download.

Firmware 113
article thumbnail

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. The lure that convinces people to download these apps varies. This does not make multifactor authentication useless.

Phishing 132