1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This typosquatting campaign is using over 200 domains to compromi

    From TechnologyDaily@1337:1/100 to All on Mon Oct 24 21:45:03 2022
    This typosquatting campaign is using over 200 domains to compromise Windows and Android users

    Date:
    Mon, 24 Oct 2022 20:25:14 +0000

    Description:
    More than 20 brands impersonated as crooks seek to distribute different infostealers.

    FULL STORY ======================================================================

    An enormous malware distribution campaign has been detected leveraging more than 200 malicious domains and impersonating more than two dozen global
    brands to distribute all kinds of malware for both Android and Windows operating systems.

    Cybersecurity researchers from Cyble first spotted the campaign seeking to distribute various malware among Android users.

    In the campaign, the unknown threat actors set up countless domains that seem almost identical to real domains belonging to major brands such as PayPal, SnapChat, TikTok, and others. The domains only have a single character thats different, thats missing, or thats extra. Android and Windows users attacked

    This type of fraud is usually called typosquatting and its used in all kinds of attacks, for example, on GitHub, where attackers create repositories with names almost identical to legitimate repositories, to try and distribute malware .

    BleepingComputer then expanded on this research to find numerous other domains distributing malware among Windows users, as well. The exact advertisement method for these domains is unknown, but the publication suggests its either the victims themselves mistyping the domains on their devices, or threat actors engaging in phishing and other forms of social engineering. We shouldnt forget SEO poisoning, though. Read more

    What is phishing and how dangerous is it?


    Tackling malicious domains and typosquatting


    These are the best antivirus programs right now

    It was also determined that the threat actors used this big typosquatting campaign to deliver all kinds of malware. In some cases, they were distributing the Vidar Stealer, and in other - Agent Tesla. Vidar is capable of stealing banking information, stored passwords, browser history, IP addresses, details about cryptocurrency wallets and, in some cases, MFA information, as well. Agent Tesla, first discovered some eight years ago, is capable of stealing credentials from many popular apps including web
    browsers, VPN software and FTP and email clients.

    The researchers believe the threat actors are currently experimenting with different malware variants until they see what works best. Besides malware, the researchers also found the ethersmine[.]com website which tries to steal seed phrases for peoples Ethereum wallets. These are the best ransomware protection services at the moment

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-typosquatting-campaign-is-using-over-200-d omains-to-compromise-windows-and-android-users/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)