Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 14,547
Threads: 9,568
Thanks Received: 9,059 in 7,209 posts
Thanks Given: 9,841
Joined: 12 September 18
#1
Exclamation  05 September 19, 09:28
Quote:
[Image: heimdal-logo.svg]

How the new toolkit pushes malware. What to watch out for and how to stay safe.

A new toolkit has emerged in the past few days, infecting users via compromised websites.

Most of the compromised websites which are unknowingly hosting the toolkit are based on a WordPress script, which leaves them vulnerable to be exploited this way.

The toolkit has been dubbed Domen and abuses the trust of users in a classic social engineering move. Relying on the fact that most users are aware of the necessity of updates, the toolkit creators are piggyback riding on the trustworthiness of the programs they claim to represent.

When one sees a notification for a required update from a software brand they already have and trust, chances are they will approve without thinking twice. That’s how the Domen toolkit spreads and infects hosts, allowing hackers to access the infected devices remotely, to take screenshots, steal data and more.

The Domen toolkit was first discovered by security researcher Jérôme Segura, and further reported on by security researcher mol69.

How Does the Domen Toolkit Work?

The Domen Toolkit targets both PC and mobile users. So far, security researchers have discovered Domen messages being delivered in as many as 30 different languages. Besides the linguistic variety, the Domen toolkit is also remarkable in its high level of customization and sophistication.

Because of its complexity, the toolkit is able to adapt to various browsers, operating systems, clients and so on. This is what makes Domen more dangerous than the usual run-of-the-mill exploit kits abusing Flash vulnerabilities.

After an internet user visits a website infected with the Domen toolkit, they will start seeing pop-ups prompting them to install a ‘required’ software update. Those software update messages are delivered with regards to multiple software names and in 30 languages so far.

For example, here is a screenshot of a fake Chrome update prompt.
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AMD EPYC 9006 “Venice” to feature up to ...
12 core Zen6 CCD c...harlan4096 — 08:26
Microsoft Edge 136.0.3240.64
Version 136.0.3240...harlan4096 — 08:18
Scam Protection: Google integrates local...
Google, just like ...harlan4096 — 08:15
Windows Search to let users install Micr...
Microsoft is set t...harlan4096 — 08:14
]"Pope Leo XIV" the new leader of the Ca...
"Pope Leo XIV&q...jAcos — 19:18

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (27)akiratoriyama
avatar (47)Jerrycix
avatar (39)awedoli
avatar (81)WinRARHowTo
avatar (37)owysykan
avatar (48)beautgok
avatar (38)axuben
avatar (39)ihijudu
avatar (44)tiojusop
avatar (41)Damiennug
avatar (39)acoraxe
avatar (48)contjrat
avatar (40)axylisyb
avatar (43)tukrublape
avatar (43)knigiJow
avatar (45)1stOnecal
avatar (49)Mirzojap
avatar (35)idilysaju
avatar (39)GregoryRog
avatar (44)mediumog
avatar (39)odukoromu
avatar (45)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>