03 September 19, 17:35
Quote:A new social engineering toolkit called Domen has been discovered that uses fake browser and program update alerts on compromised sites to infect users with malware and remote access software.
Attackers using fake browser and flash player update alerts to spread malware is nothing new [1, 2, 3], but this new toolkit discovered by Malwarebytes researcher Jérôme Segura has a high level of sophistication and customization that allows it to adapt to different clients, browsers, and visitors.
When loaded on a compromised site, the Domen toolkit will display a variety of alerts that overlay the site's legitimate content. These fake alerts are designed to trick users into downloading the "update", executing it, and infecting themselves with a payload of the attacker's choice.
"Loaded as an iframe from compromised websites (most of them running WordPress) and displayed over top as an additional layer, it entices victims to install so-called updates that instead download the NetSupport remote administration tool," Segura stated in his report. "In this blog we describe its tactics, techniques and procedures (TTPs) that remind us of some past and current social engineering campaigns."
Read more here: https://www.bleepingcomputer.com/news/se...languages/