HackDig : Dig high-quality web security articles for hackers

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One of those campaigns we dubbed ‘malsmoke’ h
Publish At:2020-11-16 15:06 | Read:169 | Comments:0 | Tags:Exploits Social engineering Threat analysis exploit kits Fal

Taurus Project stealer now spreading via malvertising campaign

For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately responsible for downloading the Taurus binary. Taurus was orig
Publish At:2020-09-30 12:27 | Read:265 | Comments:0 | Tags:Malwarebytes news exploit kits Fallout EK malvertising preda

Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly with the Google Chrome browser can pull off a variety of tric
Publish At:2020-09-14 13:15 | Read:522 | Comments:0 | Tags:Podcast advanced persistent threats APT Center for Public He

Malàsmoke gang could infect your PC while you watch porn sites

A cybercrime group named Malàsmoke has been targeting porn sites over the past months with malicious ads redirecting users to exploit kits. A cybercrime group named Malàsmoke has been targeting porn sites over the past months, it is placing malicious ads on adult-themed websites to redirect users to exploit kits and deliver malware. According to resear
Publish At:2020-09-12 08:31 | Read:423 | Comments:0 | Tags:Breaking News Cyber Crime Malware Exploit kits Hacking hacki

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight a successful run. In late August, we started seeing a Fallou
Publish At:2020-09-09 15:55 | Read:504 | Comments:0 | Tags:Social engineering ad networks bad ads exploit kit exploit k

Authors of Purple Fox EK adds 2 Microsoft exploits

The authors of the Purple Fox EK have integrated two new exploits for Microsoft vulnerabilities to the Purple Fox EK. The Purple Fox EK continues to be improved by its authors that implemented two new exploits for Microsoft critical- and high-severity Microsoft vulnerabilities. The Purple Fox EK appears to have been built to replace the notorious RIG e
Publish At:2020-07-07 12:01 | Read:592 | Comments:0 | Tags:Breaking News Cyber Crime Malware exploit kit Hacking malver

49 malicious Chrome extensions caught pickpocketing crypto wallets

byLisa VaasGoogle has kicked 49 malicious Chrome browser extensions out of its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The extensions were discovered by researchers from MyCrypto – an open-source interface for the blockchain that helps store, send and receive cryptocurrency – and
Publish At:2020-04-16 07:57 | Read:1108 | Comments:0 | Tags:Cryptocurrency Data loss Google Google Chrome Malvertising M

Fake Malwarebytes Site Used by Malvertising Attack to Spread Raccoon

A malvertising campaign used a copycat website for anti-malware software provider Malwarebytes to distribute the Raccoon infostealer.Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain “malwarebytes-free[.]com.” Registered on March 29 via REGISTRAR OF DOMAIN NA
Publish At:2020-04-08 09:50 | Read:925 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Malvert

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on second- and third-tier adult sites, leading to the Fallout or
Publish At:2020-04-07 14:49 | Read:1045 | Comments:0 | Tags:Exploits and vulnerabilities copycat criminals copycat sites

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called “Domen” being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year,
Publish At:2020-02-28 14:45 | Read:945 | Comments:0 | Tags:Threat analysis buren ransomware Domen domen toolkit intelra

Rudy Giuliani’s Twitter mishaps invite typosquatters and scammers

Former cybersecurity czar Rudy Giuliani has been targeted by typosquatters on Twitter, thanks to copious misspellings and other keyboarding errors made in a number of his public tweets. In a tweet sent out on Sunday, Giuliani meant to send his 650,000-plus followers to his new website, RudyGiulianics.com. Instead, a space added after “Rudy” sent
Publish At:2020-02-19 14:35 | Read:1143 | Comments:0 | Tags:Scams adware browser extensions cybersecurity czar giuliani

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

In the early days, practically all tech support scammers would get their own leads by doing some amateur SEO poisoning and keyword stuffing on YouTube and other social media sites. They’d then leverage their boiler room to answer incoming calls from victims. Today, these practices continue, but we are seeing more advanced operations with a clear sep
Publish At:2020-01-22 16:50 | Read:1227 | Comments:0 | Tags:Threat analysis 404Browlock 404error browlock browlocks Brow

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven’t been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult websites to compromise more devices. The current Chromium-d
Publish At:2019-12-18 16:50 | Read:1430 | Comments:0 | Tags:Threat analysis EK exploit kit Gozi malvertising Qakbot Qbot

How to Tell Safe Advertisements From Dangerous Malvertising

Advertising is the life blood of the internet. Some of the world’s biggest and most influential tech companies earn a large chunk of their revenue through harmless and safe advertisements, but some of the most successful cybercriminals also rely on advertising. When good ad networks are tricked into delivering malware, it’s known as malvertising.
Publish At:2019-10-18 10:20 | Read:1476 | Comments:0 | Tags:Endpoint Fraud Protection Adware Artificial Intelligence (AI

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

By Jaromir Horejsi and Joseph C. Chen (Threat Researchers) We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequen
Publish At:2019-10-01 08:20 | Read:2875 | Comments:0 | Tags:Bad Sites Botnets Malware botnet KovCoreG malvertising Nodst

Tools