THREAT INTEL

Moltbot

Clawdbot’s rename to Moltbot sparks impersonation campaign

January 29, 2026

This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral.

SMS phishing

Watch out for AT&T rewards phishing text that wants your personal details

January 27, 2026

Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.

Two rats

Can you use too many LOLBins to drop some RATs?

January 21, 2026

An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools.

Camouflage

How real software downloads can hide remote backdoors

January 14, 2026

Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.

Trojan horse

Fake WinRAR downloads hide malware behind a real installer

January 8, 2026

We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.

phish hook in laptop

Inside a purchase order PDF phishing campaign

December 17, 2025

A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.

Android

Android mobile adware surges in second half of 2025

December 16, 2025

Malwarebytes threat research reveals spike in adware and malicious malware families Triada and MobiDash heading into the holiday season.

remote login gotoresolve

How attackers use real IT tools to take over your computer

December 3, 2025

We’ve seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims’ systems.

A computer from the 1990s

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

November 13, 2025

In 2025, receiving a .vbs “invoice” is like finding a floppy disk in your mailbox. It's retro, suspicious, and definitely not something you should run.