dcsimg

300 shades of gray: a look into free mobile VPN apps

The times, they are a changin’. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy and how their personal information is transmitted, processed, stored, and shared. Nearly every … [Read more...]

Say hello to Lord Exploit Kit

Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin‘s Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collected so far. Malwarebytes users were already protected against this attack. Exploit kit or … [Read more...]

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

Sodinokibi, also known as Sodin and REvil, is hardly six months old, yet it has quickly become a topic of discussion among cybersecurity professionals because of its apparent connection with the infamous-but-now-defunct GandCrab ransomware. On May 31, the threat actors behind GandCrab formally announced their retirement, detailing their plan to cease selling and advertising GandCrab in a dark … [Read more...]

Fake jquery campaign leads to malvertising and ad fraud schemes

Recently we became aware of new domains used by an old malware campaign known as ‘fake jquery’, previously documented by web security firm Sucuri. Thousands of compromised websites are injected with a reference to an external JavaScript called jquery.js. However, there is something quite elusive about this campaign with regards to its payload. Indeed, to many researchers the … [Read more...]

GreenFlash Sundown exploit kit expands via large malvertising campaign

Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection we realized it was actually the very elusive GreenFlash Sundown EK. The threat actors behind it … [Read more...]

Recipe for success: tech support scammers zero in via paid search

Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top campaigns that is responsible for driving traffic to those Azure-hosted scareware pages. We discovered … [Read more...]

Plugin vulnerabilities exploited in traffic monetization schemes

In their Website Hack Trend Report, web security company Sucuri noted that WordPress infections rose to 90 percent in 2018. One aspect of Content Management System (CMS) infections that is sometimes overlooked is that attackers not only go after the CMSes themselves—WordPress, Drupal, etc.—but also third-party plugins and themes. While plugins are useful in providing additional features for … [Read more...]

Partnerstroka: Large tech support scam operation features latest browser locker

Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name of legitimate brands, and of course, malicious pop-ups. We have been monitoring a particular tech … [Read more...]

How to block ads like a pro

In part one of this series, we had a look at a few reasons why you should be blocking online advertisements on your network and devices. From malvertising attacks and privacy-invading tracking systems to just being an outright annoyance, online ads and trackers are a nuisance that provides an attack vector for malware authors, compromise user security, and plainly, diminish the browsing … [Read more...]