Malwarebytes
Coverage of Malwarebytes in the Nexus archive.
- This new Windows malware can take over your PC and wipe it clean
Microsoft identified GigaWiper, a modular Windows backdoor combining remote access and data destruction capabilities, which integrates components from Crucio ransomware and FlockWiper. The malware allows espionage features like screen capture and remote control, alongside destructive commands to irreversibly wipe systems, with C2 servers detected and blocked by Malwarebytes.
- Microsoft fixes RoguePlanet zero-day in Defender
Microsoft has patched the RoguePlanet zero-day vulnerability (CVE-2026-50656) in Microsoft Defender, an elevation of privilege flaw that could allow attackers to gain system-level access. The fix is included in the updated Malware Protection Engine version 1.1.26060.3008, which automatically updates for most users. Systems with other antivirus software like Malwarebytes are not affected if Defender is disabled.
- NetNut botnet takes a hit. Don’t be part of the next one.
Google, the FBI, and partners disrupted the NetNut botnet, which used hijacked consumer devices as residential proxies. The operation reduced the botnet's device pool by millions through account disabling, infrastructure sharing, and app warnings. NetNut tricked users into installing malicious apps under the guise of 'bandwidth sharing' payouts.
- [GR] Fake Cloudflare Human Verification Scam (me3k.trappopbuttonrightnow.monster) - Executed PowerShell Script
A user was redirected to a fake Cloudflare Human Verification page that tricked them into executing a PowerShell script. The script downloaded and ran code from a suspicious domain, prompting the user to disconnect their PC from the internet and run malware scans, which found no threats.
- Watch out for renewal scams pretending to be Malwarebytes
Fake subscription renewal notices impersonating Malwarebytes and other companies are being used in phishing and tech support fraud scams. These emails often include fabricated details, high charges, and fake contact information to trick recipients into divulging personal or financial information.
- Got drained 1434 USDT on Arbitrum — exhausted all leads, need help identifying the source Help Needed
The user's MetaMask wallet on Arbitrum was drained of 1434 USDT without authorization, and they are seeking help to identify the source of the issue. The user has already investigated and ruled out several potential causes. The transaction that drained the wallet was a simple ETH transfer to an address funded by SideShift.
- Malicious trading website drops malware that hands your browser to attackers
A malicious trading website has been distributing malware that allows attackers to take control of users' browsers. The threat, highlighted by cybersecurity firm Malwarebytes, poses a significant risk to online security.