“This campaign relies on a delivery mechanism that leverages social engineering and abuses a legitimate file hosting service. The end result of this malware campaign is infecting Windows devices with Chtonic banking malware, a variant of infamous ZeusVM (Zeus family of malware) which means that cybercriminals are aiming at the victims’ banking and payment card credentials. End target: ZeusVM’s variant Chtonic banking malware “This JavaScript is heavily obfuscated to make static analysis very difficult and also to hide some crucial fingerprinting that is designed to evade virtual machines and sandboxes,” wrote Malwarebytes analyst Jérôme Segura. The Dropbox URL is regularly changed and updated to avoid detection. Malwarebytes researchers noted that the infection begins with the fake update disguising as a JavaScript file hidden in the Dropbox file hosting service. For instance, Chrome users are redirected to fake Chrome browser update page while Firefox users are redirected to a site that shows Firefox browser update notification. It is worth noting that the update notification is displayed to one user per IP address and redirects them to download site based on their browser. Until now, researchers have identified thousands of compromised websites hosting the “FakeUpdates campaign.” Simply put, cybercriminals are compromising websites and displaying notifications to visitors that they are using an outdated version of Chrome or Firefox browser. The malware campaign originally began targeting users in December 2017, by compromising websites using Squarespace, Joomla, and WordPress content management system (CMS) and injecting them with malicious redirection code. Malware campaign targets sites on popular CMS The IT security researchers at Malwarebytes have discovered a malware campaign that aims at infecting devices by tricking users into downloading malicious files disguised as Chrome and Firefox browser updates. Another day, another malware scam – This one uses Chrome and Firefox browsers as bait to infect Windows users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |