Fantasy Hub RAT-for-rent hides in fake Android apps, stealing logins, PINs, and messages—all with a single SMS permission.

Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums.

Malware-as-a-Service (MaaS) means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse stolen information. Usually, it’s up to the buyer to spread the malware, but Fantasy Hub goes a step further—it comes with full documentation, video tutorials, and a subscription model that makes it easy for even inexperienced attackers to use. Its creators provide step-by-step guides to create fake Google Play pages that imitate apps like Telegram or online banking portals, complete with realistic reviews. It’s a Remote Access Trojan (RAT) that anyone can distribute.

Distribution relies heavily on social engineering and phishing. Attackers use Fantasy Hub’s templates and tools to set up convincing fake app pages, tricking users into downloading the malicious software. A “dropper” option even lets buyers upload any Android app APK and get back a modified version with Fantasy Hub added.

These counterfeit apps look legitimate, and often request only a single permission: SMS access. But that permission unlocks much more. The SMS handler role bundles multiple powerful permissions: contacts, camera, and file access into a single authorization step, unlocking extensive control over the device’s messaging, contacts, and camera functions. Fantasy Hub is designed to bypass standard security checks and can remain concealed, making detection difficult for users.

**What can it do?**

Once installed, Fantasy Hub can steal SMS messages, call logs, contacts, photos, and videos. It can also intercept, reply to, and delete notifications. More dangerously, it can initiate live audio and video streams using the device’s camera and microphone without the user’s consent. It’s been found in imitation banking apps, displaying fake windows to harvest user credentials such as usernames, PINs, and passwords. As part of the handy pack provided by Fantasy Hub’s creators, attackers are given tools to tailor these phishing windows for almost any banking app they wish to target.

While individuals at at risk from this malware, the threat extends to organizations that use Bring Your Own Device (BYOD) policies or rely on mobile banking and work apps. A single infected phone could expose company data or communications.

**How to stay protected**

Fantasy Hub shows how easily cybercriminals can now buy and run complex spyware. But a few simple habits can help you stay safe:

*   **Stick to trusted sources.** Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
*   **Protect your devices.** Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware as Android/Trojan.Spy.ACRF949851CC4.
*   **Scrutinize permissions.** Does it really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for SMS or camera access.
*   **Unsolicited communications.** Stay wary of messages, emails, or links urging you to “update” or install outside the official app stores.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Fantasy Hub is spyware for rent—complete with fake app kits and support 

The only thing you’re winning here is a spot on marketing lists you never asked to join.

You’ve probably seen it before—a bright, urgent message claiming you’ve qualified for a $750 or $1000 Walmart gift card. All you have to do is answer a few questions. It looks harmless enough. But once you click, you find yourself in a maze of surveys, redirects, and “partner offers”—without ever actually reaching the end and claiming your prize.

This so-called “survey” is part of a lead-generation and affiliate marketing scam, designed not to reward you but to harvest your data and push you through ad funnels that make money for others, at the cost of your privacy.

****What’s really going on?****

It’s a scam because these pages rarely deliver any real gift card. What they’re after is your personal data.

As you move through each step, you’re asked for details like your name, email, phone number, ZIP code and even your home address. In some cases, you’re prompted to share interests such as home repair, debt help, or insurance quotes—each answer helps categorize you for targeted marketing.

Even if the page itself doesn’t steal money, that information is still valuable. It can be used to target you with more ads and offers, add you to marketing lists, or personalize follow-up contact. In other words, completing the questionnaire hands over data that can be exploited for profit—even when no gift card ever appears.

In some cases, the funnel gets even more specific. For example, if the survey asks you about home projects and you say you’re planning to replace your windows, you might be redirected to what looks like a legitimate home improvement site—often just another form asking for the same details again. The whole thing is designed to keep you filling out more forms, giving up more of your data, to more websites and affiliates.

These scams don’t aren’t just annoying time-wasters. They are harvesting your data, eroding your privacy and exposing you to wider risks. Once your details are shared, they can travel far beyond that fake survey.

Your information may:

*   Be resold to advertisers and data brokers, who build detailed profiles about your habits, spending, and location.
*   Lead to a surge of spam calls, texts, and phishing emails tailored to your interests.
*   Feed more convincing scams down the line, since criminals can now personalize their lures using real information about you.
*   End up on unregulated marketing lists that circulate for years, keeping your data in play long after you’ve closed the page.

That’s the hidden cost of a “free” gift card: each click fuels a network that profits from your identity, not your participation.

****Why do people fall for it?****

The hook is simple—free money and easy participation. But this fake Walmart promotion taps into three powerful psychological triggers:

1.  **The sense of luck**: “You’ve been selected!” sounds personal and special.
2.  **The promise of low effort**: Answering a few questions feels harmless.
3.  **The illusion of credibility**: Walmart’s branding lends legitimacy.

These scams spread mainly through advertising and malvertising networks—pop-ups, spam emails, social media ads, or sketchy website banners that imitate real promotions.

You might spot them alongside news articles or as “sponsored links” that sound too good to be true. Some appear via push notifications or redirects, whisking you from a real website to a fake reward page in seconds.

The designs often use official logos, countdown timers, and congratulatory language to make them look like authentic brand campaigns—tricking people into lowering their guard.

It’s an easy mental shortcut: “If this was fake, it wouldn’t look so professional.” That’s what these scammers count on—the appearance of legitimacy mixed with urgency and reward.

****How to protect yourself****

These gift card offers aren’t just harmless internet fluff—they’re the front door to a sprawling network of data collection and affiliate profiteering. Each click, form, and redirect is designed to extract value from your attention and information, not to reward you.

Recognizing these scams early is the best defense. Here’s how to stay safe:

1.  **Be suspicious of online surveys promising big rewards.** Legitimate promotions from major retailers rarely require long questionnaires or partner offers.
2.  **Never give personal information to unknown pages.** If a site asks for your phone number or address for a “free prize,” it’s a red flag.
3.  **Use browser protection tools.** Extensions like Malwarebytes Browser Guard can block known scam domains and malvertising networks before they load.
4.  **Check the URL carefully.** Real Walmart promotions will always come from official domains (like walmart.com or survey.walmart.com), not random URLs with extra words or numbers.
5.  **Stay alert and skeptical.** Online quizzes and reward offers are a favorite bait for scammers. When in doubt – close the tab.

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Watch out for Walmart gift card scams 

A list of topics we covered in the week of November 3 to November 9 of 2025

November 7, 2025 - AV-Comparatives put 13 top Android security apps to the test against stalkerware. Malwarebytes caught them all.

November 7, 2025 - ClickFix campaign pages now have embedded videos to helpfully walk users through the process of infecting their own systems.

November 6, 2025 - There’s a modern-day train heist happening across America, and some of the bandana-masked robbers are sitting behind screens.

November 6, 2025 - Forget card skimmers—this Android malware uses your phone’s NFC to help criminals pull cash straight from ATMs.

November 5, 2025 - Chrome’s enhanced autofill makes storing your passport and ID easy—but convenience like this can come at a high cost.

 A week in security (November 3 &#8211; November 9) 

AV-Comparatives put 13 top Android security apps to the test against stalkerware. Malwarebytes caught them all.

The AV-Comparatives Stalkerware Test 2025 delivers a sobering look at the evolving threat posed by stalkerware on mobile devices. Despite measures from both the tech industry and platform providers, stalkerware-type apps, which are apps that can be installed covertly to spy on a victim’s private life, remain a critical concern.

This comprehensive assessment, developed in collaboration with Electronic Frontier Foundation (EFF), evaluated 13 leading Android security solutions against 17 diverse stalkerware-type apps. Key findings show that stalkerware persists even as providers and coalitions crack down: it’s sideloaded from developer websites, designed to evade detection, and frequently stores sensitive victim data on insecure servers, often exposing it to wider risks like public data leaks.

For this test, each security app was assessed for its ability to clearly detect and report stalkerware, not just using generic labels, but with explicit warnings tailored to support possible victims.

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises.

Of the 13 security products tested in September 2025, only a few stood out for detection accuracy, clarity, and responsible alerting, with Malwarebytes the only one to score a 100% detection rate.

From the report:

> The results show clear differences in performance between mobile security products. **Malwarebytes** stood out by detecting all stalkerware testcases, achieving a 100% detection rate. 

It went on to say:

> Bitdefender, ESET, Kaspersky, and McAfee followed closely with 94% each, showing consistently high effectiveness. Avast, Avira, and F-Secure also performed well, identifying 88% of the test set, while Norton and Sophos achieved moderate coverage, detecting around 82%. At the lower end, G Data (65%), Google (53%), and Trend Micro (59%) missed a substantial portion of the stalkerware.

**Why it matters to Malwarebytes**

As one of the founding members of the Coalition Against Stalkerware, Malwarebytes sees this result as much more than a technical win. For us, the mission goes beyond simply blocking malicious software. Stalkerware-type apps are often used by abusers to systematically invade privacy and exert control. Their impact is highly personal, making reliable detection and safe reporting imperative.

Our participation in the coalition reflects a commitment to industry best practices: preventing stalkerware-type apps from being quietly installed, giving users detailed and honest threat information, and ensuring that every detection alert is crafted with survivor safety in mind. Scoring 100% in this test validates years of advocacy and development focused on the real-world needs of victims and their supporters, which goes beyond focusing on theoretical malware samples.

Ultimately, consistent leadership in stalkerware detection means standing alongside partners and survivor organizations to raise public awareness, drive safer technology, and provide every user with a clear path to reclaim their privacy. For Malwarebytes, achieving a perfect score isn’t just a mark of product quality; it’s proof of our commitment to your privacy and security.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025 

ClickFix campaign pages now have embedded videos to helpfully walk users through the process of infecting their own systems.

Early on in 2025, I described how criminals used fake CAPTCHA sites and a clipboard hijacker to provide instructions for website visitors that would effectively infect their own machines with an information stealer known as the Lumma Stealer.

**ClickFix** is the name researchers have since given to this type of campaign—one that uses the clipboard and fake CAPTCHA sites to trick users into running malicious commands themselves.

Later, we found that the cybercriminals behind it seemed to be running some A/B tests to figure out which infection method worked best: ClickFix, or the more traditional file download that disguises malware as a useful application.

The criminals probably decided to go with ClickFix, because they soon came up with a campaign that targeted Mac users to spread the infamous Atomic Stealer.

Now, as reported by researchers from Push Security, the attackers behind ClickFix have tried to make the campaign more “user-friendly.”  The latest fake CAPTCHA pages include embedded video tutorials showing exactly how to run the malicious code.

Image courtesy of Push Security

The site automatically detects the visitor’s operating system and provides matching instructions, copying the right code for that OS straight to the clipboard—making typos less likely and infection more certain.

A countdown timer adds urgency, pressuring users to complete the “challenge” within a minute. When people rush instead of thinking things through, social engineering wins.

Unsurprisingly, most of these pages spread through SEO-poisoned Google search results, although they also circulate via email, social media, and in-app ads too.

**How to stay safe**

With ClickFix running rampant—and it doesn’t look like it’s going away anytime soon—it’s important to be aware, careful, and protected.

*   **Slow down.** Don’t rush to follow instructions on a webpage or prompt, especially if it asks you to run commands on your device or copy-paste code. Attackers rely on urgency to bypass your critical thinking, so be cautious of pages urging immediate action. Sophisticated ClickFix pages add countdowns, user counters, or other pressure tactics to make you act quickly.
*   **Avoid running commands or scripts from untrusted sources.** Never run code or commands copied from websites, emails, or messages unless you trust the source and understand the action’s purpose. Verify instructions independently. If a website tells you to execute a command or perform a technical action, check through official documentation or contact support before proceeding.
*   **Limit the use of copy-paste for commands.** Manually typing commands instead of copy-pasting can reduce the risk of unknowingly running malicious payloads hidden in copied text.
*   **Secure your devices.** Use an up-to-date real-time anti-malware solution with a web protection component.
*   **Educate yourself on evolving attack techniques.** Understanding that attacks may come from unexpected vectors and evolve helps maintain vigilance. Keep reading our blog!

**Pro tip:** Did you know that the free Malwarebytes Browser Guard extension warns you when a website tries to copy something to your clipboard?

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Fake CAPTCHA sites now have tutorial videos to help victims install malware 

There’s a modern-day train heist happening across America, and some of the bandana-masked robbers are sitting behind screens.

There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens.

According to new research, a group of cybercriminals has been attacking trucking, freight, and logistics companies for months, impersonating brands and even diverting real cargo shipments to unapproved locations so that the stolen goods can be sold or shipped elsewhere.

The impact, the researchers said, extends far beyond the logistics industry:

> “Such crimes can create massive disruptions to supply chains and cost companies millions, with criminals stealing everything from energy drinks to electronics. The most targeted commodities are food and beverage products.”

Although the cyberattacks were mostly seen in North America, cargo theft is a problem across the world, impacting consumers and businesses that rely on the often-overlooked network of trucks, trains, ships, planes, and people.

In these attacks, cybercriminals compromise the accounts of carrier companies that transport goods from one location to the next. By posing as legitimate carriers, they can place real bids on shipments and then redirect them to unauthorized destinations, where they or their partners will receive and steal the cargo.

Researchers found that attackers take control of these accounts in at least one of three ways.

**1\. Fake load boards**

Attackers may post a fake order on what’s called a “load board,” a digital marketplace that connects shippers with carriers so that cargo can be assigned and accepted. But when legitimate carriers inquire about the fake load board posting, the criminals reply with an email that includes a malicious link that, when clicked, installs Remote Monitoring and Management (RMM) software. (To make the scam more convincing, the cybercriminals also compromise a “broker” account so their load board posting looks legitimate.)

Despite the sneaky install method, RMM software itself is entirely legitimate. It’s used by IT support teams to remotely fix issues for employees. But that legitimacy makes RMM software perfect for any cybercriminal campaign because it may raise fewer red flags from older antivirus tools.

Once the attackers gain access to a carrier’s account, they can also deploy malware to steal account credentials, giving them greater access to a company’s network.

**2\. Compromised email accounts**

A second observed attack method involved hijacking an active email address and then impersonating the owner when responding to emails about cargo orders and shipments. Here, too, cybercriminals inserted malicious links into emails that eventually install RMM tools.

**3\. Social engineering**

Finally, researchers also observed the attackers sending direct phishing emails to carriers, using classic social engineering tricks—like sending a bogus bill to lure victims into clicking malicious links.

While many of the well-tested security best practices still apply—like not clicking on links inside emails—one of the strongest defenses is to use a security product that notifies users about RMM tools (also sometimes referred to as Remote Desktop Programs) installed on their device. RMM tools are legitimate, but because of their abuses in cybercriminal campaigns, it is important that every installation is verified and tracked.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Hackers commit highway robbery, stealing cargo and goods 

Forget card skimmers—this Android malware uses your phone’s NFC to help criminals pull cash straight from ATMs.

The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts.

Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically stealing the cards.

NFC is a wireless technology that allows devices such as smartphones, payment cards, and terminals to communicate when they’re very close together. So, instead of stealing your bank card, the attackers capture NFC (Near Field Communication) activity on a mobile phone infected with the NGate malware and forward that transaction data to devices at ATMs. In NGate’s case the stolen data is sent over the network to the attackers’ servers rather than being relayed purely by radio.

NFC comes in a few “flavors.” Some produce a static code—for example, the card that opens my apartment building door. That kind of signal can easily be copied to a device like my “Flipper Zero” so I can use that to open the door. But sophisticated contactless payment cards (like your Visa or Mastercard debit and credit cards) use dynamic codes. Each time you use the NFC, your card’s chip generates a unique, one-time code (often called a cryptogram or token) that cannot be reused and is different every time.

So, that’s what makes the NGate malware more sophisticated. It doesn’t simply grab a signal from your card. The phone must be infected, and the victim must be tricked into performing a tap-to-pay or card-verification action and entering their PIN. When that happens, the app captures all the necessary NFC transaction data exchanged — not just the card number, but the fresh one-time codes and other details generated in that moment.

The malware then instantly sends all that NFC data, including the PIN, to the attacker’s device. Because the codes are freshly generated and valid only for a short time, the attacker uses them immediately to imitate your card at an ATM; the accomplice at the ATM presents the captured data using a card-emulating device such as a phone, smartwatch, or custom hardware.

But, as you can imagine, being ready at an ATM when the data comes in takes planning—and social engineering.

First, attackers need to plant the malware on the victim’s device. Typically, they send phishing emails or SMS messages to potential victims. These often claim there is a security or technical issue with their bank account, trying to induce worry or urgency. Sometimes, they follow up with a phone call, pretending to be from the bank. These messages or calls direct victims to download a fake “banking” app from a non-official source, such as a direct link instead of Google Play.

Once installed, the app app asks for permissions and leads victims through fake “card verification” steps. The goal is to get victims to act quickly and trustingly—while an accomplice waits at an ATM to cash out.

**How to stay safe**

NGate only works if your phone is infected and you’re tricked into initiating a tap-to-pay action on the fake banking app and entering your PIN. So the best way to stay safe from this malware is keep your phone protected and stay vigilant to social engineering:

*   **Stick to trusted sources.** Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
*   **Protect your devices.** Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
*   **Do not engage with unsolicited callers.** If someone claims to be from your bank, tell them you’ll call them back at the number you have on file.
*   **Ignore suspicious texts.** Do not respond to or act upon unsolicited messages, no matter how harmless or urgent they seem.

Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.NGate.C; Android/Trojan.Agent.SIB01022b454eH140; Android/Trojan.Agent.SIB01c84b1237H62; Android/Trojan.Spy.Generic.AUR9552b53bH2756 and Android/Trojan.Banker.AURf26adb59C19.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android malware steals your card details and PIN to make instant ATM withdrawals 

Malwarebytes for Windows introduces powerful privacy controls, so you get to decide how Microsoft uses your data—all from one simple screen.

It’s getting harder to keep your Windows space truly yours, as Microsoft increasingly serves annoying ads and tracks your data across third-party apps.

Pushing back against your eroding privacy has been a scattered and sometimes complicated process… but we’re making it easier for you. With the latest version of Malwarebytes for Windows, we’ve introduced **Privacy Controls**—a simple screen that brings several privacy settings together in one place, so you can easily decide how Microsoft handles your data.

With four simple toggles, you can decide whether to:

*   Allow third-party apps to use your Advertising ID
*   Allow third-party content on your lock screen
*   Allow third-party content on your Start screen
*   Allow Microsoft to use Windows diagnostic data

You can also disable all privacy-impacting features at once.

There’s more good news for your privacy. Malwarebytes now also alerts you when “**Remote Desktop Programs**” are installed on your device.

Remote Desktop Programs are powerful, often legitimate tools used by IT teams and tech support to fix problems remotely—especially since remote work became common. But the remote access these programs provide is powerful, which makes them a target for cybercriminals. If a real tech support account is compromised, a hacker could use the remote desktop program to tamper with your devices or spy on sensitive information.

There’s also a type of scam—called a tech support scam—where criminals trick people into installing remote desktop programs so they can take control of the victim’s device, potentially stealing data or money down the line.  

By flagging these programs, Malwarebytes gives you more visibility into what’s on your computer, so you can stay in control of your privacy and security.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Take control of your privacy with updates on Malwarebytes for Windows 

New data shows hackers targeted UK water systems five times since 2024, raising concerns about critical infrastructure defenses worldwide.

Digital intruders have been targeting UK drinking water systems in what seems to be a growing risk.

Recorded Future News sent a request to the UK’s Drinking Water Inspectorate (DWI), the organization responsible for ensuring that drinking water is safe, for details on cyberattacks affecting the country’s water system. Using freedom of information laws, the site discovered five incidents that had taken place since January 1, 2024.

**A steady stream of water attacks**

These aren’t the first attacks on UK water systems. In August 2022, the Clop ransomware gang hit South Staffordshire Water, thinking that it was actually Thames Water. The attack focused on stealing customer data, meaning water supplies weren’t disrupted, although corporate systems were affected.

In late 2023, pro-Iranian hackers disrupted water supplies in County Mayo, Ireland. The intruders, known as the Cyber Av2ngers group, caused outages across 160 homes for two days. The attack was politically motivated by the utility’s apparent use of an Israeli-made tool.

These are far from the only attacks on water systems around the world. In February last year, CISA warned that a Chinese state-sponsored group had spent nine months moving laterally through a US water facility.

In that incident, attackers gained access using an administrator’s login and spent months inside the infrastructure, nosing around databases and other assets. CISA linked the intrusion to Volt Typhoon—a group that also targeted telecommunications companies around the world. The attackers were described as “OT adjacent,” meaning they had reached administrative systems close enough to potentially impact the operational technology that controls water flow.

The attacks keep coming. Just last month, the Canadian Centre for Cybersecurity reported an attack on a municipal water facility. Hacktivists managed to alter water pressure, causing “degraded service” for the local community.

It’s always worrying when attackers target critical national infrastructure. When attackers hit Colonial Pipeline in 2021, they only compromised its administrative network (the part that handles paperwork). But the company was spooked enough that it shut down its fuel distribution systems too, as a protective measure, causing gasoline prices to spike across the US East Coast.

**A possible legal shake-up**

Many attacks on water systems might go unreported, depending on where they happen. The UK’s Network and Information Systems (NIS) regulations dictate that critical national infrastructure organizations should reveal cyber attacks to the public. However, that only applies if those attacks caused disruption.

That’s why the attacks uncovered by Recorded Future haven’t been made public until now. While worrying, they didn’t affect the UK’s water supply. A 2022 review of the NIS regulations criticized this limited disclosure, noting that attacks with the potential to disrupt services often went unreported.

Although the attacks reported to Recorded Future were voluntarily disclosed by the DWI by suppliers, upcoming legal changes could lower the bar for mandatory reporting. The UK’s proposed Cyber Security and Resilience Bill would expand disclosure requirements, increasing transparency about attacks that could affect the water supply. The Bill is expected to reach Parliament in 2025—though time is running short.

**A resource under pressure**

Water is under considerable threat already in the UK, with major droughts declared this year. The Met Office reports that this year’s February-to-April period was the driest since 1956, with rainfall at just half the long-term average. River flows have dropped sharply, soil moisture is down, and the National Drought Group has met to coordinate a national response.

Water companies already have plans to manage shortages, the UK government says. But as the cyberattacks mount, the question is: are their system defenses strong enough too?

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Cyberattacks on UK water systems reveal rising risks to critical infrastructure 

Chrome’s enhanced autofill makes storing your passport and ID easy—but convenience like this can come at a high cost.

Google has rolled out a new autofill feature for Chrome that goes beyond storing just your passwords, addresses, and credit card numbers. The new “enhanced autofill” can now stash your driver’s license, passport details, VIN, or license plate information. Sounds convenient, right?

But just because you can, it doesn’t mean you should.

Let’s face it: filling out government forms or travel bookings online is a pain. Anything that saves a few minutes—or spares you from hunting down your passport at the back of a drawer—feels like a win, especially if Chrome can neatly autofill those fields. And yes, Google promises encryption, explicit permission for autofill, and manual activation only if you want it.

But let’s think this through. Is storing your most personally identifiable information—like government-issued IDs—in the market-dominant browser a good idea? Because that’s what Chrome is.

Chrome’s market share (over 73% at the time of writing) makes it the internet’s biggest bullseye for criminals. Whether you’re using the enhanced autofill or the regular one, browser-based storage schemes are relentlessly hunted by password stealers, infostealers, and other types of malware.

And let’s not forget phishing attempts. Maybe having to dig through your drawer while you think about why a website needs that information isn’t such a bad thing after all.

Sure, Chrome encrypts autofill data, only saves your info with permission, and asks for confirmation before pasting it into a form. You can also ramp up security with two-factor authentication (2FA) and a Chrome sync passphrase. But when cybercriminals get the right kind of access (by stealing a browser session, finding an unlocked device, or getting you to install a rogue extension), your sensitive information is in danger. And with what Chrome can now store, that could mean your identity.

Chrome’s enhanced autofill promises a smoother online ride, but the consequences of storing government IDs in your browser could outweigh the perks. Cybercriminals love a big target—and with Chrome’s popularity, the bounty only grows. When the reward for a criminal is your passport, driver’s license, or identity, convenience should come second to caution.

Thankfully, someone decided it was a good idea to turn off this feature by default, but if you want to check, here’s how to find it:

*   Open Chrome.
*   In the main Chrome menu, click on **Settings**.
*   Under **Autofill and passwords**, select **Enhanced autofill** if present.

**Better alternative: password managers**

We would advise that if you must store this kind of information digitally, use a password manager. These tools are built for secure storage—they’re audited for security, separate from browser processes, and don’t automatically serve up your data to any site that happens to have the right input fields.

Stick to a dedicated password manager and stay in control of what’s stored and where it gets filled out. Remember: the less a browser knows about your life, the safer you are when someone eventually tries to break in.

**Other recommendations:**

*   Make sure your browser is up to date.
*   Use a real-time up-to-date anti-malware solution with web protection.
*   Use two-factor authentication or passkeys to enhance the security of your important accounts.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Source

Malwarebytes