October 22, 2024 at 01:01PM Threat actors have intensified their campaign using fake browser updates to spread malware, targeting over 6,000 WordPress sites via compromised plugins. GoDaddy reports that the ClickFix variant employs social engineering tactics to deceive users, leading to malware installation. Automated processes facilitate the creation of these malicious plugins, enhancing detection challenges. … Read more
June 17, 2024 at 03:00AM Legitimate-but-compromised websites are being used to distribute a Windows backdoor called BadSpace via fake browser updates. The attack involves infected websites, a command-and-control server, fake browser updates, and a JScript downloader. This backdoor, capable of anti-sandbox checks and system information harvesting, is being distributed through compromised sites. Key Takeaways from … Read more
June 3, 2024 at 12:00AM Fake web browser updates are distributing remote access trojans (RATs) and info stealer malware like BitRAT and Lumma Stealer. Cybersecurity firm eSentire reported that attackers use bogus browser update lures to deliver malware. Attack chain involves booby-trapped sites, Discord-hosted ZIP archives, and PowerShell scripts. Threat actors also employ webhards and … Read more