HP Wolf Security cybersecurity researchers warned of multiple active campaigns that seek to introduce different types of malware malware(Opens in new tab)Typographical domains and false advertising can be used to deceive unsuspecting customers.
The team explained the process in blog post(Opens in new tab)How they found threat actors who created multiple typographical websites imitating popular programs like Blender, Audacity or GIMP.
These scammers also paid various ad network companies to run ads and promote their fake websites. Search engines can present malicious versions of legitimate websites to people searching for these programs. If the user doesn’t double-check URLs, they might end up in the wrong location.
Installers for dummies
Even if victims are in the wrong place at the wrong time, they won’t notice the difference. Websites are created to look identical to the original websites down to the finest detail. The Audacity example hosts a malicious.exe file that masquerades as the program’s install. It’s called “audacity-win-x64.exe” and it’s over 300MB in size.
This is because attackers want to avoid suspicion (malware is often measured in kilobytes). But they also want to avoid antivirus software. Researchers discovered that antivirus software doesn’t scan large files.
Researchers discovered that the files are stored on 4sync.com. They also stated that all the fake installers used in this campaign were hosted there. This suggests that blocking access might be a good defense strategy.
The campaign distributes various types of malware. Researchers found that the largest campaigns used this delivery method to spread IcedID Trojan. However, Vidar infostealer and BatLoader were also noted. According to HP Wolf Security, there’s been an increase in these campaigns from November last year.
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]