Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
harlan4096 Online
MalWare Zoo Team
*******
Posts: 12,771
Threads: 8,829
Thanks Received: 8,729 in 6,890 posts
Thanks Given: 9,628
Joined: 12 September 18
#1
Exclamation  05 September 19, 09:28
Quote:
[Image: heimdal-logo.svg]

How the new toolkit pushes malware. What to watch out for and how to stay safe.

A new toolkit has emerged in the past few days, infecting users via compromised websites.

Most of the compromised websites which are unknowingly hosting the toolkit are based on a WordPress script, which leaves them vulnerable to be exploited this way.

The toolkit has been dubbed Domen and abuses the trust of users in a classic social engineering move. Relying on the fact that most users are aware of the necessity of updates, the toolkit creators are piggyback riding on the trustworthiness of the programs they claim to represent.

When one sees a notification for a required update from a software brand they already have and trust, chances are they will approve without thinking twice. That’s how the Domen toolkit spreads and infects hosts, allowing hackers to access the infected devices remotely, to take screenshots, steal data and more.

The Domen toolkit was first discovered by security researcher Jérôme Segura, and further reported on by security researcher mol69.

How Does the Domen Toolkit Work?

The Domen Toolkit targets both PC and mobile users. So far, security researchers have discovered Domen messages being delivered in as many as 30 different languages. Besides the linguistic variety, the Domen toolkit is also remarkable in its high level of customization and sophistication.

Because of its complexity, the toolkit is able to adapt to various browsers, operating systems, clients and so on. This is what makes Domen more dangerous than the usual run-of-the-mill exploit kits abusing Flash vulnerabilities.

After an internet user visits a website infected with the Domen toolkit, they will start seeing pop-ups prompting them to install a ‘required’ software update. Those software update messages are delivered with regards to multiple software names and in 30 languages so far.

For example, here is a screenshot of a fake Chrome update prompt.
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AV-Comparatives - Real-World Protection ...
Introduction Th...harlan4096 — 09:14
AV-Comparatives - Malware Protection Tes...
AV-Comparatives - M...harlan4096 — 09:10
GFYI [Official] Ashampoo Snap 16 Giveaw...
GIVEAWAY / CONTEST I...jasonX — 06:19
GFYI [Official] VTubeGo Downloader 2004...
GIVEAWAY / CONTEST I...jasonX — 06:19
GFYI [Official] Wise Video Converter Pr...
We are pleased to an...jasonX — 06:17

[-]
Birthdays
Today's Birthdays
avatar (48)fuspeukChark
avatar (42)werriewWaiNg
avatar (36)Freemanleo
Upcoming Birthdays
avatar (43)wapedDow
avatar (47)oapedDow
avatar (40)Sanchowogy
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo
avatar (36)RobertUtelt

[-]
Online Staff
There are no staff members currently online.

>