Malwarebytes Renewal Invite Phish Uses Calendar Spam to Harvest Credentials

Attackers are distributing malicious calendar invitations that mimic legitimate Malwarebytes renewal reminders. The invites contain a “Renew Now” button that links to a spoofed Malwarebytes login page designed to capture user credentials. Because the invitations appear in the native calendar app, many recipients assume they are authentic and click the link without hesitation.

The campaign can lead to credential theft, enabling attackers to access corporate accounts, pivot laterally, and exfiltrate data. Defenders should treat unexpected calendar events as potential phishing vectors, enforce MFA, block known malicious domains, and educate users to verify renewal notices through official channels before interacting.TITLE: Malwarebytes Renewal Invite Phish Uses Calendar Spam to Harvest Credentials

CONTENT:

Attackers are distributing malicious calendar invitations that mimic legitimate Malwarebytes renewal reminders. The invites contain a “Renew Now” button that links to a spoofed Malwarebytes login page designed to capture user credentials. Because the invitations appear in the native calendar app, many recipients assume they are authentic and click the link without hesitation.

The campaign can lead to credential theft, enabling attackers to access corporate accounts, pivot laterally, and exfiltrate data. Defenders should treat unexpected calendar events as potential phishing vectors, enforce MFA, block known malicious domains, and educate users to verify renewal notices through official channels before interacting.

Categories: Threat Intelligence, Security Culture & Human Factors

Source: Read original article