Attackers are using browser update to spread malware!!!
Hello and welcome to Dark Street Hackers!!!
Today we are going to discuss about browser and some risk factors related to it. Yes, you guys may have heard previously about web browser exploitation. And today also we are going to talk about that, how an attacker can trick you in fake update notification and phish you to have malware in the form of browser update.
Investigator recently uncovered a malevolent Fake Browser Update campaign that being delivered a ransomware and banking spyware and adware into target computer via fake browser update. Attackers are spreading this fake browser mostly via compromised websites that are powered by WordPress and also attackers used other hacked CMS websites.
1000s of hacked sites are being used just for this campaign along with various stages of infection process by injecting malicious pieces of software from the legitimate web pages. Fake updates assert that the popup comes from an "Update Center" based on the web browser type by saying "a critical error occurred due to an outdated version of the browser, upgrade your browser as soon as possible."
Assaulters pushing the fake notifications based on the web browser being used by victims to access the compromised websites and they have a malicious popup for all widely used browsers including messages for Chrome, Net Explorer and Edge.
Likewise the popups urged end user to download and set up the update in order to avoid "Loss of personal and stored data, confidential information leaks, and browser errors" that you can in above image.
The update link directed to some of the compromised website in which the attacker to load an exe and zip files that will eventually drop into the victims computer.
Imitation Browser Update Infection Procedure
Initially, attackers choose the two ways either provide links to an exterior script or inject the whole script code into the hacked web pages. Researchers from Sucuri referred to few of the external software links used by this in this campaign:
hxxps: //wibeee. com[. ]ua/wp-content/themes/wibeee/assets/css/update.js - 225 infected sites.
hxxp: //kompleks-ohoroni. kiev[. ]ua/wp-admin/css/colors/blue/update.js - fifty four for the second.
hxxp: //quoidevert[. ]com/templates/shaper_newsplus/js/update.js - 198 attacked sites.
Fake browser upgrade overlay window made by these update.js data files which contain an obfuscated script along with the download link of false update file.
Once the victims click on the update link, hacked site drop the Zip file quite very small around 3kb. That zip file will be containing malicious codes which will be working as a ransomware in victims computer. Further examination done by a specialist Peter Gramantik, reveals that the contain. js document with 100 space character that trick to cover the file extension.
"In this case, the destructive code uses the home windows Script Host functionality to download external files, implement them, and then erase. "
According to Sucuri, the script attempts to download browser.jpg document from compromised third-party sites. You should not be fooled by the harmless. jpg extension and the further analysis in virustotal reveal that the DIGITAL file is a ransomware.
Lately uncovered fake browser update file also contains a banking malware which can be used for the same infection methods.
Also, Sucuri Stats that, To track their phishing campaign, hackers include Histats into all versions of their malware. At this point, each uses the following two Histats ids that infected practically truck websites.
In order to be safe from such kind of campaigns, we the Dark Street Hackers, advise you not to click on any suspicious links or download any file from any website which is not legitimate or genuine one.
Stay safe, Stay tuned!!!
Today we are going to discuss about browser and some risk factors related to it. Yes, you guys may have heard previously about web browser exploitation. And today also we are going to talk about that, how an attacker can trick you in fake update notification and phish you to have malware in the form of browser update.
Investigator recently uncovered a malevolent Fake Browser Update campaign that being delivered a ransomware and banking spyware and adware into target computer via fake browser update. Attackers are spreading this fake browser mostly via compromised websites that are powered by WordPress and also attackers used other hacked CMS websites.
1000s of hacked sites are being used just for this campaign along with various stages of infection process by injecting malicious pieces of software from the legitimate web pages. Fake updates assert that the popup comes from an "Update Center" based on the web browser type by saying "a critical error occurred due to an outdated version of the browser, upgrade your browser as soon as possible."
Assaulters pushing the fake notifications based on the web browser being used by victims to access the compromised websites and they have a malicious popup for all widely used browsers including messages for Chrome, Net Explorer and Edge.
Likewise the popups urged end user to download and set up the update in order to avoid "Loss of personal and stored data, confidential information leaks, and browser errors" that you can in above image.
The update link directed to some of the compromised website in which the attacker to load an exe and zip files that will eventually drop into the victims computer.
Imitation Browser Update Infection Procedure
Initially, attackers choose the two ways either provide links to an exterior script or inject the whole script code into the hacked web pages. Researchers from Sucuri referred to few of the external software links used by this in this campaign:
hxxps: //wibeee. com[. ]ua/wp-content/themes/wibeee/assets/css/update.js - 225 infected sites.
hxxp: //kompleks-ohoroni. kiev[. ]ua/wp-admin/css/colors/blue/update.js - fifty four for the second.
hxxp: //quoidevert[. ]com/templates/shaper_newsplus/js/update.js - 198 attacked sites.
Fake browser upgrade overlay window made by these update.js data files which contain an obfuscated script along with the download link of false update file.
Once the victims click on the update link, hacked site drop the Zip file quite very small around 3kb. That zip file will be containing malicious codes which will be working as a ransomware in victims computer. Further examination done by a specialist Peter Gramantik, reveals that the contain. js document with 100 space character that trick to cover the file extension.
"In this case, the destructive code uses the home windows Script Host functionality to download external files, implement them, and then erase. "
According to Sucuri, the script attempts to download browser.jpg document from compromised third-party sites. You should not be fooled by the harmless. jpg extension and the further analysis in virustotal reveal that the DIGITAL file is a ransomware.
Lately uncovered fake browser update file also contains a banking malware which can be used for the same infection methods.
Also, Sucuri Stats that, To track their phishing campaign, hackers include Histats into all versions of their malware. At this point, each uses the following two Histats ids that infected practically truck websites.
In order to be safe from such kind of campaigns, we the Dark Street Hackers, advise you not to click on any suspicious links or download any file from any website which is not legitimate or genuine one.
Stay safe, Stay tuned!!!
0 Comments