Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them.

Cybercriminals have a new way of sending millions of scam text messages to people. Typically when fraudsters send waves of phishing messages to phones—such as toll or delivery scams—they may use a huge list of phone numbers and automate the sending of messages. But as phone companies and telecom services have rolled out more tools to detect scams in texts, criminals have started driving around cities with fake cell phone towers that send messages directly to nearby phones.

Over the last year, there has been a marked uptick in the use of so-called “SMS blasters” by scammers, with cops in multiple countries detecting and arresting people using the equipment. SMS blasters are small devices, which have been found in the back of criminals’ cars and sometimes backpacks, that impersonate cell phone towers and force phones into using insecure connections. They then push the scam messages, which contain links to fraudulent websites, to the connected phones.

While not a new type of technology, the use of SMS blasters in scamming was originally detected in Southeast Asian countries and has increasingly spread to Europe and South America—just last week, Switzerland’s National Cybersecurity Centre issued a warning about SMS blasters. The devices are capable of sending huge volumes of scam texts indiscriminately. The Swiss agency said some blasters are able to send messages to all phones in a radius of 1,000 meters, while reports about an incident in Bangkok say a blaster was used to send around 100,000 SMS messages per hour.

“This is essentially the first time that we have seen large-scale use of mobile radio-transmitting devices by criminal groups,” says Cathal Mc Daid, VP of technology at telecommunication and cybersecurity firm Enea, who has been tracking the use of SMS blasters. “While some technical expertise would help in using these devices, those actually running the devices don’t need to be experts. This has been shown by reports of arrests of people who have been basically paid to drive around areas with SMS blasters in cars or vans.”

SMS blasters act as illegitimate phone masts, often known as cell-site simulators (CSS). The blasters are not dissimilar to so-called IMSI catchers, or “Stingrays,” which law enforcement officials have used to scoop up people’s phone data. But instead of being used for surveillance, they broadcast false signals to targeted devices.

Phones near a blaster can be forced to connect to its illegitimate 4G signals, before the blaster pushes devices to downgrade to the less secure 2G signal. “The 2G fake base station is then used to send (blast) malicious SMSes to the mobile phones initially captured by the 4G false base station,” Mc Daid says. “The whole process—4G capture, downgrade to 2G, sending of SMS and release—can take less than 10 seconds,” Mc Daid explains. It’s something people who receive the messages may not even notice.

The growth of SMS blasters comes at a time when scams are rampant. In recent years, technology firms and mobile network operators have increasingly rolled out greater protections against fraudulent text messages—from better filtering and detection of possible scam messages to blocking tens of millions of messages per month. This month, UK telecom Virgin Media O2 said it has blocked more than 600 million scam text messages during 2025, which is more than its combined totals for the last two years. Still, millions of scam messages get through, and cybercriminals are quick to try to evade detection systems.

Because blasters operate outside of traditional mobile networks, the messages they send are not subject to the security measures that have been put in place by mobile providers. “None of our security controls apply to the messages that phones receive from them,” says Anton Reynaldo Bonifacio, the chief information security officer and chief AI officer at Philippines communications firm Globe Telecom. “Once phones are connected to these fake cell sites, they can spoof any sender ID or number to send the scam message.”

Back in 2022, Globe Telecom made the decision to stop delivering SMS messages that contain URLs, and Bonifacio says he believes scammers use the blasters to “bypass” these measures. “The technology used to be more niche, but I think sales and assembly of these IMSI catcher devices have become more prevalent for criminal organizations,” he says. Researchers have found SMS blasters being sold openly online for thousands of dollars.

Samantha Kight, the head of industry security at the mobile operator industry group the GSMA, says the Asia-Pacific region has been most impacted by SMS blasters so far, but there are cases appearing in Western Europe and South America. “It might be a problem in one or two regions, but then we tend to see these things pop up in different regions,” Kight says. Reporting from Commsrisk and Risky Business, have highlighted reports of SMS blasters being used in Thailand, Vietnam, Japan, New Zealand, Qatar, Indonesia, Oman, Brazil, Hong Kong, and more in recent months. Law enforcement officials in London say they have so far seized seven SMS blasters, and in June, a student from China was sentenced to jail for more than a year after being caught using one of the devices.

Kight says that tackling SMS blasters involves telecom operators and government regulators being aware of the devices, law enforcement agencies taking actions, as well as people recognizing and reporting scam messages to the relevant authorities. “As the mobile industry, we want to be able to find these, we want people to trust what’s on their device, and we want to be able to protect them,” Kight says.

Yomna Nasser, a software engineer at Android, says people can stop their phones connecting to 2G networks in their settings. “Once enabled, your device will no longer scan for or connect to 2G cell towers,” Nasser says, adding the only exception is if an emergency call is being made and 3G, 4G and 5G are not available. Android’s Advanced Protection mode will also disable 2G automatically on some newer phones. Apple did not answer WIRED’s request for comment by the time of publication, although its Lockdown Mode will disable 2G connections.

Ultimately, you may not know if an SMS blaster is used to send you a scam. Ben Hurley, a detective sergeant with the City of London’s Dedicated Card and Payment Crime Unit, which is investigating cases locally, says that while the delivery is different, the actual scams themselves haven’t changed. Phishing messages are often designed to get you to click on a malicious link and hand over your personal information. “It’s a new way of doing the same thing,” Hurley says. “It’s changed how we have to investigate it, but actually it’s not changed the end result,” he says, adding that people should always be cautious of clicking links in unknown messages and take a moment before acting if the message feels suspicious.

As with all cybercrime, though, there is a chance that those operating the schemes and blasters could evolve their tactics. “The actual SMS blaster devices they use are relatively unsophisticated so far,” Mc Daid says, adding that the type of technology originally came from the world of governments, law enforcement, and militaries. If criminals are able to gain access to more sophisticated technology and expertise, he says, “this could be the beginning of a cat and mouse game.”

Cybercriminals Have a Weird New Way to Target You With Scam Texts

Researchers have discovered a large ad fraud campaign on Google Play Store.

Researchers have discovered a large ad fraud campaign on Google Play Store.

The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign “SlopAds.”

Ad fraud is a type of fraud that lets advertisers pay for ads even though the number of impressions (the times that the ad has been seen) is enormously exaggerated.

While the main victims of ad fraud are the advertisers, there are consequences for the users that had these apps installed as well, such as slowed-down devices and connections due to the apps executing their malicious activity in the background without the user even being aware.

At first, to stay under the radar of Google’s app review process and security software, the downloaded app will behave as advertised, if a user has installed it directly from the Play Store.

_Image courtesy of HUMAN Satori_

But if the installation has been initiated by one of the campaign’s ads, the user will receive some extra files in the form of a steganographically encrypted payload.

If the app passes the first check it will receive four .png images that, when decrypted and reassembled, are actually an .apk file. The malicious file uses WebView (essentially a very basic browser) to send collected device and browser information to a Control & Command (C2) server which determines, based on that information, what domains to visit in further hidden WebViews.

The researchers found evidence of an AI (Artificial Intelligence) tool training on the same domain as the C2 server (ad2\[.\]cc). It is unclear whether this tool actively managed the ad fraud campaign.

Based on similarities in the C2 domain, the researchers found over 300 related domains promoting SlopAds-associated apps, suggesting that the collection of 224 SlopAds-associated apps was only the beginning.

Google removed all of the identified apps listed in this report from Google Play. Users are automatically protected by Google Play Protect, which warns users and blocks apps known to exhibit SlopAds associated behavior at install time on certified Android devices, even when apps come from sources outside of the Play Store.

You can find a complete list of the removed apps here: SlopAds app list

**How to avoid installing malicious apps**

While the official Google Play Store is the safest place to get your apps from, there is no guarantee that it will remain a non-malicious app just because it is in the Google Play Store. So here are a few extra measures you can take:

*   Always check what permissions an app is requesting, and don’t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense?
*   Occasionally go over your installed apps and remove any you no longer need.
*   Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.)
*   Protect your Android with security software. Your phone needs it just as much as your computer.

Another precaution you can take if you’re looking for an app, do your research about the app before you go to the app store. As you can see from the screenshot above, many of the apps are made to look exactly the same as very popular legitimate ones (e.g. ChatGPT).

So, it’s important to know in advance who the official developer is of the app you want and if it’s even available from the app store.

As researcher Jim Nielsen demonstrated for the Mac App Store, there are a lot of apps trying to look like ChatGPT, but they are not the real thing. ChatGPT is not even in the Mac App Store, it is available in the Google Play Store for Android, but make sure to check that OpenAI is listed as the developer.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 224 malicious apps removed from the Google Play Store after ad fraud campaign discovered 

Apple has released security updates for all platforms to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data.

Apple has released security updates for iPhones, iPads, Apple Watches, Apple TVs, and Macs as well as for Safari, and Xcode to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data.

****How to update your iPhone or iPad****

For iOS and iPadOS users, you can check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

****How to update macOS on any version****

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

*   Click the Apple menu in the upper-left corner of your screen.
*   Choose **System Settings** (or **System Preferences** on older versions).
*   Select **General** in the sidebar, then click **Software Update** on the right. On older macOS, just look for **Software Update** directly.
*   Your Mac will check for updates automatically. If updates are available, click **Update Now** (or **Upgrade Now** for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.
*   Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).
*   Make sure your Mac stays plugged in and connected to the internet until the update is done.

****How to update Apple Watch****

*   Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.
*   Keep your Apple Watch on its charger and close to your iPhone.
*   Open the Watch app on your iPhone.
*   Tap **General > Software Update**.
*   If an update appears, tap **Download and Install**.
*   Enter your iPhone passcode or Apple ID password if prompted.

Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.

****How to update Apple TV****

*   Turn on your Apple TV and make sure it’s connected to the internet.
*   Open the Settings app on Apple TV.
*   Navigate **to System > Software Updates**.
*   Select **Update Software**.
*   If an update appears, select **Download and Install**.

The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.

**Updates for your particular device**

Apple has today released version 26 for all its software platforms. This new version brings in a new “Liquid Glass” design, expanded Apple Intelligence, and new features. You can choose to update to that version, or just update to fix the vulnerabilities:

iOS 26 and iPadOS 26

iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

iOS 18.7 and iPadOS 18.7

iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

iOS 16.7.12 and iPadOS 16.7.12

iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

iOS 15.8.5 and iPadOS 15.8.5

iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

macOS Tahoe 26

Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)

macOS Sequoia 15.7

macOS Sequoia

macOS Sonoma 14.8

macOS Sonoma

tvOS 26

Apple TV HD and Apple TV 4K (all models)

watchOS 26

Apple Watch Series 6 and later

visionOS 26

Apple Vision Pro

Safari 26

macOS Sonoma and macOS Sequoia

Xcode 26

macOS Sequoia 15.6 and later

**Technical details**

Apple did not mention any actively exploited vulnerabilities, but there are two that we would like to highlight.

A vulnerability tracked as CVE-2025-43357 in Call History was found that could be used to fingerprint the user. Apple addressed this issue with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26, and iPadOS 26.

A vulnerability in the Safari browser tracked as CVE-2025-43327 where visiting a malicious website could lead to address bar spoofing. The issue was fixed by adding additional logic.

Address bar spoofing is a trick cybercriminals might use to make you believe you’re on a trusted website when in reality you’re not. Instead of showing the real address, attackers exploit browser flaws or use clever coding so the address bar displays something like login.bank.com even though you’re not on your bank’s site at all. This would allow the criminals to harvest your login credentials when you enter them on what is really their website.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Update your Apple devices to fix dozens of vulnerabilities 

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.
"These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks," HUMAN’s Satori Threat Intelligence and

Ad Fraud / Mobile Security

A massive ad fraud and click fraud operation dubbed **SlopAds** ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.

"These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks," HUMAN's Satori Threat Intelligence and Research Team said in a report shared with The Hacker News.

The name "SlopAds" is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server.

The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S. (30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat.

What makes the activity stand out is that when a SlopAds-associated app is downloaded, it queries a mobile marketing attribution SDK to check if it was downloaded directly from the Play Store (i.e., organically) or if it was the result of a user clicking on an ad that redirected them to the Play Store listing (i.e., non-organically).

The fraudulent behavior is initiated only in scenarios where the app was downloaded following an ad click, causing it to download the ad fraud module, FatModule, from the C2 server. On the other hand, if it was originally installed, the app behaves as advertised on the app store page.

"From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication," HUMAN researchers said.

"This tactic creates a more complete feedback loop for the threat actors, triggering fraud only if they have reason to believe the device isn't being examined by security researchers. It blends malicious traffic into legitimate campaign data, complicating detection."

The FatModule is delivered by means of four PNG image files that conceal the APK, which is then decrypted and reassembled to gather device and browser information, as well as conduct ad fraud using hidden WebViews.

"One cashout mechanism for SlopAds is through HTML5 (H5) game and news websites owned by the threat actors," HUMAN researchers said. "These game sites show ads frequently, and since the WebView in which the sites are loaded is hidden, the sites can monetize numerous ad impressions and clicks before the WebView closes."

Domains promoting SlopAds apps have been found to link back to another domain, ad2\[.\]cc, which serves as the Tier-2 C2 server. In all, an estimated 300 domains advertising such apps have been identified.

The development comes a little over two months after HUMAN flagged another set of 352 Android apps as part of an ad fraud scheme codenamed IconAds.

"SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities," Gavin Reid, CISO at HUMAN, said.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

Every VPN says it’s the best, but only some of them are telling the truth.

*   **The Best VPN for Streaming**
    
    Screenshot courtesy of Scott Gilberson via NordVPN
    
    NordVPN has a long history, and it's one of the most prominent VPN services on the market. It comes with one of the largest VPN networks available, enough features to make Surfshark blush, and decent (though not the best) speeds. It's a little more expensive than I'd hoped for, but that's the price you pay for such an extensive network and feature set.
    
    Where NordVPN really excels is in media. Streaming providers like Netflix and HBO Max are privy to how VPNs circumvent geo-restrictions, and a small network means you're more likely to get blocked. The fact that NordVPN has such a large network gives it an edge in streaming and less sensitive online browsing. It really wins with its NordWhisper protocol. The company recommends using its WireGuard-based NordLynx protocol most of the time, but NordWhisper sacrifices a bit of speed to obfuscate VPN traffic further, getting around most blocks.
    
    NordWhisper isn't made for normal streaming environments, but it's great to have on restrictive networks. If you're traveling internationally and using hotel Wi-Fi, for instance, NordWhisper can help circumvent VPN blocks. The company saw a minor breach in 2018 and stirred up controversy in 2022 with a subtle change in wording regarding cooperation with law enforcement. In both cases, it responded quickly and maintained transparency, so contrary to what you may have read, NordVPN is safe to use.
    
    Specs
    
    **Number of devices:** 10
    
    **Number of servers:** 7,400+
    
    **Applications:** Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Google TV, Apple TV
    
    **Features:** Kill switch, split tunneling, double-hop, dark web monitoring, P2P servers
    

**Other VPNs We’ve Tested**

**Private Internet Access (PIA)** has a long history in the VPN space, and it's maintained a track record of defending user privacy—even in the face of actual criminal activity. In 2016, a criminal complaint was filed in Florida against Preston Alexander McWaters for threats made online. McWaters was eventually convicted and sentenced to 42 months in prison. Investigators traced the online threats back to PIA's servers and subpoenaed the company. As the complaint reads, “A subpoena was sent to \[Private Internet Access\] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.” McWaters engaged in several other identifying activities, according to the complaint, but PIA wasn't among them. Despite such a clear view of a VPN provider upholding its no-logging policy, PIA didn't impress me during my tests. It's slightly more expensive than a lot of our top picks, and it delivered the worst speeds out of any VPN I tested, with more than a 50 percent drop on the closest US server. (Windscribe, for context, only dropped 15.6 percent of my speed.)

**MysteriumVPN** is the go-to dVPN, or decentralized VPN, as far as I can tell. The concept of a decentralized VPN has existed for a while, but it's really gained traction over the last couple of years. The idea is to have a network of residential IP addresses that make up the network, routing your traffic through normal IP addresses to get around the increasingly common block lists for VPN servers. Mysterium accomplishes this network with MystNodes. It's a crypto node. People buy the node to earn crypto, and they're put into the Mysterium network. It's not inherently bad, but routing your traffic through a single residential IP is a little worrisome. Even without the decentralized kick, Mysterium was slow, and it doesn't maintain any sort of privacy materials, be it a third-party audit, warranty canary, or transparency report.

**PrivadoVPN** is one of the popular options to recommend as a free VPN. It offers a decent free service, with a handful of full-speed servers and 10 GB of data per month. You'll have to suffer through four—yes, four—redirects begging you to pay for a subscription before signing up, but the free plan works. The problem is how new PrivadoVPN is. There's no transparency report or audit available, and although the speeds are decent, they aren't as good as Proton, Windscribe, or Surfshark. PrivadoVPN isn't bad, but it's hard to recommend when Proton and Windscribe exist with free plans that are equally as good.

**How We Test VPNs**

Functionally, a VPN should do two things: keep your internet speed reasonably fast, and actually protect your browsing data. That's where I focused my testing. Extra features, a comfy UI, and customization settings are great, but they don't matter if the core service is broken.

Speed testing requires spot-checking, as the time of day, the network you're connected to, and the specific VPN server you're using can all influence speeds. Because of that, I always set a baseline speed on my unprotected connection directly before recording results, and I ran the test three times across both US and UK servers. With those baseline drops, I spot-checked at different times of the day over the course of a week to see if the speed decrease was similar.

Security is a bit more involved. For starters, I checked for DNS, WebRTC, and IP leaks every time I connected to a server using Browser Leaks. I also ran brief tests sniffing my connection with Wireshark to ensure all of the packets being sent were secured with the VPN protocol in use.

On the privacy front, the top-recommended services included on this list have been independently audited, and they all maintain some sort of transparency report. In most cases, there's a proper report, but in others, such as Windscribe, that transparency is exposed through legal proceedings.

5 Best VPN Services (2025), Tested and Reviewed

Big name AI chatbots are happy to create phishing emails and malicious code to target senior citizens.

If you are under the impression that cybercriminals need to get their hands on compromised AI chatbots to help them do their dirty work, think again.

Some AI chatbots are just so user friendly that they can help the user craft phishing text, and even malicious HTML and Javascript code.

A few weeks ago we published an article about the actions Anthropic was taking to stop its Claude AI from helping cybercriminals launch a cybercrime spree.

A recent investigation by Reuters journalists showed that Grok was more than happy to help them craft and perfect a phishing email targeting senior citizens. Grok is the AI marketed by Elon Musk’s xAI. Reuters reported:

> “Grok generated the deception after being asked by Reuters to create a phishing email targeting the elderly. Without prodding, the bot also suggested fine-tuning the pitch to make it more urgent.”

In January 2025, we told you about a report that AI-supported spear phishing mails were equally as effective as phishing emails thought up by experts, and able to fool more than 50% of targets. But since then, the development of AI has grown exponentially and researchers are worrying about how to recognize AI-crafted phishing.

Phishing is the first step in many cybercrime campaigns. It poses an enormous problem with billions of phishing emails sent out every day. AI helps criminals to create more variation which makes pattern detection less effective and it helps them fine tune the messages themselves. And Reuters focused on senior citizens for a reason.

The FBI’s Internet Crime Complaint Center (IC3) 2024 report confirms that Americans aged 60 and older filed 147,127 complaints and lost nearly $4.9 billion to online fraud, representing a 43% increase in losses and a 46% increase in complaints compared to 2023.

Besides Grok, the reporters tested five other popular AI chatbots: ChatGPT, Meta AI, Claude, Gemini, and DeepSeek. Although most of the AI chatbots protested at first and cautioned the user not to use the emails in a real-life scenario, in the end their “will to please” helped overcome these obstacles.

Fred Heiding, a Harvard University researcher and an expert in phishing helped Reuters put the crafted emails to the test. Using a targeted approach to reach those most likely to fall for them, about 11% of the seniors clicked on the emails sent to them.

An investigation by Cybernews showed that Yellow.ai, an agentic AI provider for businesses such as Sony, Logitech, Hyundai, Domino’s, and hundreds of other brands could be persuaded to produce malicious HTML and JavaScript code. It even allowed attackers to bypass checks to inject unauthorized code into the system.

In a separate test by Reuters, Gemini produced a phishing email, saying it was “for educational purposes only,” but helpfully added that “for seniors, a sweet spot is often Monday to Friday, between 9:00 AM and 3:00 PM local time.”

After damaging reports like these are release, AI companies often build in additional guardrails for their chatbots, but that only highlights an ongoing dilemma in the industry. When providers tighten restrictions to protect users, they risk pushing people toward competing models that don’t play by the same rules.

Every time a platform moves to shut down risky prompts or limit generated content, some users will look for alternatives with fewer safety checks or ethical barriers. That tug of war between user demand and responsible restraint will likely fuel the next round of debate among developers, researchers, and policymakers.

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Grok, ChatGPT, other AIs happy to help phish senior citizens 

Several of our staff have reported receiving a job offer as an online evaluator. A job that pays very well for a few hours of work.

Looking at our team’s recent text messages, you’d think that remote online evaluators are in high demand right now.

Several members of our team have received the almost exact same job offer scam texts. The content of the messages is almost identical, but there is a variation in background images.

> “We are hiring  
>  Join our professional team  
> Job content Job title: remote online evaluator  
> Salary: $100-$600 per day  
> Working hours: 1-2 hours per day  
> Time: freedom can be done at home anytime  
> Job requirements: Age 25+
> 
> If you’re interested in this position, please answer ‘yes’ or ‘interested’ and I’ll send you the details. “

This type of scam has been around for a while, but the ones sending this exact same text have really taken off the last week. All the recipients that reported this scam are in the US and the messages all came from different US numbers.

You can rely on the fact that the only lazy job here is the scammer’s. There are different possible scenarios when the targets reply, but they all have negative consequences.

*   Advance fee scams are the most likely scenario. This is where the prospective employer explains what the job entails and then asks the target to pay for materials, start capital, or other onboarding costs. Typically, these payments are required in cryptocurrencies like USDT or Bitcoin.
*   Identity theft. Under the guise of needing your personal information before you can start working, the scammers will send you to a website to fill out sensitive information (full name, address, date of birth, SSN, banking details).
*   Money mule or laundering. The victim is actually working unknowingly to launder stolen money or cryptocurrency on behalf of the scammers. They will act as the person where the police come knocking first, giving the scammer more time to grab the money and run.
*   Phishing for further exploitation. Even if there is no immediate ask for money, they may direct the victim to click malicious links or install apps that harvest data.

**How to stay safe from hiring scams**

There are a few simple but very effective guidelines to stay out of the grasp of scammers that reach out to you with unsolicited job offers:

*   Don’t reply. Even if you reply ‘no’, all you’re doing is sending a signal that you’re reading their texts.
*   Never give out your personal information based on an unsolicited message.
*   Treat employers that want you to send them money before you can earn some with a healthy dose of suspicion. The same is true for those that pay a small amount and then ask for more in return.
*   Ignore offers that are too good to be true. They probably ARE too good to be true.
*   Is there a company name on the job ad? If not, question why.
*   If there is a company name mentioned, does the location of the company match the location of the phone number?

If you have already engaged with the scammers, there are some actions that can help you limit any damage:

*   Stop communication immediately.
*   Do not send money.
*   Contact your bank if you’ve shared any financial information.
*   Consider an identity monitoring service.
*   File a police/FTC report.
*   US recipients can forward scam texts to 7726 (SPAM).

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Watch out for the &#8220;We are hiring&#8221; remote online evaluator message scam 

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?**

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.

CVE-2025-47967: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity.
This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

A list of topics we covered in the week of September 8 to September 14 of 2025

Last week on Malwarebytes Labs:

*   AI browsers or agentic browsers: a look at the future of web surfing
*   From Fitbit to financial despair: How one woman lost her life savings and more to a scammer
*   Meta ignored child sex abuse in VR, say whistleblowers
*   When AI chatbots leak and how it happens
*   Fake Bureau of Motor Vehicles texts are after your personal and banking details
*   ‘Astronaut-in-distress’ romance scammer steals money from elderly woman
*   Ransomware attack at blood center: Org tells users their data’s been stolen
*   Pre-approved GLP-1 prescription scam could be bad for your health
*   Plex users: Reset your password!
*   Popeyes, Tim Hortons, Burger King platforms have “catastrophic” vulnerabilities, say hackers
*   Google misled users about their privacy and now owes them $425m, says court
*   This “insidious” police tech claims to predict crime (Lock and Code S06E18)
*   iCloud Calendar infrastructure abused in PayPal phishing campaign

Stay safe!

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

Tag

#android