Browser Update Warnings May Actually Be Malicious Hackers

October 10, 2019

Written by wukovits

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we’ll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one’s about as dangerous as they come.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.