dcsimg

Browlock flies under the radar with complete obfuscation

Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users. In fact, the effects can be so convincing that people call the rogue Microsoft support number for help because they believe their computer has been hijacked. Crooks are constantly trying out new tricks to defeat modern browsers and evade detection. … [Read more...]

Scammers use old browser trick to create fake virus download

Tech support scammers are reusing an old technique in their existing browser locker (browlock) schemes to force a special kind of file download. Contrary to past attacks, where the purpose was to flood the machine with a large amount of file requests in order to crash the browser, this one is purely a social engineering ploy. Indeed, the flooding technique that abuses … [Read more...]

Exploit kits: fall 2018 review

Exploit kit (EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are still going strong. Smoke Loader, Ramnit, and AZORult are some of the most common payloads we’ve … [Read more...]

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static domain has been active since at least early July, and is being redirected to from an adult website … [Read more...]

Mass WordPress compromises redirect to tech support scams

Content Management Systems (CMSes) such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. … [Read more...]

Partnerstroka: Large tech support scam operation features latest browser locker

Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name of legitimate brands, and of course, malicious pop-ups. We have been monitoring a particular tech … [Read more...]

Exploit kits: summer 2018 review

The uptick trend in cybercriminals using exploit kits that we first noticed in our spring 2018 report has continued into the summer. Indeed, not only have new kits been found, but older ones are still showing signs of life. This has made the summer quarter one of the busiest we’ve seen for exploits in a while. Perhaps one caveat is that, apart from the RIG and GrandSoft exploit kits, we … [Read more...]

Obfuscated Coinhive shortlink reveals larger mining operation

During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive’s infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular Content Management Systems (CMS) to compromise websites and push payloads both client- and … [Read more...]

New macro-less technique to distribute malware

One of the most common and effective infection vectors, especially for businesses, is the use of malicious Office documents. This year alone, we witnessed two zero-days for both Flash and the VBScript engine, which were first actually embedded into Office documents before gaining wider adoption in web exploit kits. In addition to leveraging software vulnerabilities, attackers are regularly abusing … [Read more...]

Exploit kits: Spring 2018 review

Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to malspam campaigns and exploits embedded within Microsoft … [Read more...]