Malwarebytes Labs researchers uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans.
The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them. In this blog post, Malwarebytes Labs expose the techniques behind this scam and provide mitigation steps to stay away from them.
Read more…
Source: Malwarebytes Labs
Related:
- Key Microsoft legacy tool is still being abused to launch malware campaigns
May 21, 2026
Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying. A new Bitdefender report has claimed that since the start of 2026, there’s been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. Read more… Source: ...
- GitHub says internal repos exfiltrated after poisoned VS Code extension attack
May 20, 2026
GitHub, the world’s biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company’s initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a “poisoned VS Code extension” as the cause. The Microsoft-owned code shack continues to ...
- Microsoft shuts down illegal code-signing operation used by ransomware criminals to mask their malware
May 19, 2026
Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. Read more… Source: The ...
- WantToCry ransomware remotely encrypts files
May 19, 2026
SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting ...
- NGINX Rift attackers waste no time targeting exposed servers
May 18, 2026
Exploit attempts are already hammering a newly disclosed NGINX bug dubbed “NGINX Rift,” proving once again that attackers read patch notes faster than most admins. Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting ...
- Chaotic Eclipse strikes again with another worrying Windows security flaw
May 18, 2026
Threat actors could escalate privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability which allegedly should have been fixed years ago, new reports have claimed. A researcher with the alias Chaotic Eclipse recently disclosed a Proof-of-Concept (PoC) exploit for a zero-day vulnerability they named “MiniPlasma”. In a new GitHub entry, ...