1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous malvertising campaign mimicks popular software to

    From TechnologyDaily@1337:1/100 to All on Wed Jan 18 16:45:03 2023
    This dangerous malvertising campaign mimicks popular software to steal victim info

    Date:
    Wed, 18 Jan 2023 16:30:08 +0000

    Description:
    Audacity, GIMP, and many other popular software are being impersonated to deliver Vidar, IcedID, and other malware.

    FULL STORY ======================================================================

    Cybersecurity researchers from HP Wolf Security have warned of several active campaigns looking to deliver different types of malware to unsuspecting victims via typosquatted domains and malvertising.

    The team explained in a blog post how they found threat actors creating multiple typosquatted websites impersonating popular software such as Audacity, Blender, or GIMP.

    The scammers also paid different ad networks to run ads, promoting these fake websites. That way, when people search for these programs, search engines might end up serving malicious versions of the websites right next to legitimate ones. If a user isnt careful and does not double-check the URL of the website theyre visiting, they might end up in the wrong place. Fake installers

    If victims do end up in the wrong place, theyll hardly notice the difference. The websites are designed to look almost identical to the authentic ones,
    down to the tiniest detail. In Audacitys example, the site hosts a malicious .exe file masquerading as the programs installer. It is named audacity-win-x64.exe and is more than 300MB in size.

    By being this big, the attackers try to avoid raising suspicion (malware is usually measured in KB), but also try to avoid antivirus programs. According to the researchers, some antivirus programs automatic scanning features dont scan extremely large files. Read more

    Tackling malicious domains and typosquatting


    This huge typosquatting campaign is being used to run tech support scams


    These are the best identity theft protection solutions today

    The files are hosted on the 4sync.com cloud storage service, the researchers said, adding that all the fake installers in this campaign have been hosted there, hinting that a good defense mechanism might be to block access to this service entirely.

    In the campaign, different types of malware are distributed. The largest campaigns the researchers have seen used this delivery approach to deploy the IcedID trojan, but the Vidar infostealer, BatLoader, and Rhadamanthys
    Stealer, have all been observed. According to HP Wolf Security, theres been
    an uptick in these campaigns since November last year. These are the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-dangerous-malvertising-campaign-mimicks-po pular-software-to-steal-victim-info


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)