Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Web Extensions
AD BLOCKER or Ad Blocker extension
Message
<blockquote data-quote="Prorootect" data-source="post: 701214" data-attributes="member: 905"><p>On each of my browsers, I've an must-have extension/addon <span style="font-size: 18px"><u>overlay remover</u></span> - look above, on the post #55.</p><p></p><p>It's indispensable I think, to defend from malwares that use overlay popup - look on this MT topic: <a href="https://malwaretips.com/threads/autoit-scripting-used-by-overlay-malware-to-bypass-av-detection.77071/" target="_blank">Malware Alert - AUTOIT SCRIPTING USED BY OVERLAY MALWARE TO BYPASS AV DETECTION</a></p><p></p><p>On threatpost.com we read:</p><p>“The malware’s operator remotely initiates a fraudulent transaction from the victim’s endpoint and may prompt the user to provide additional details by using the fake overlay screen,” researchers said.</p><p>X-Force researchers said Brazil has become a hotbed for financial malware and that recent uses of overlay malware highlights a trend of more sophisticated malicious code used in the region.</p><p>“In the past year, we have observed the rise of malware, such as Client Maximus and similar codes, that uses remote access with overlay screens for bank fraud operations in Brazil. Recently, we detected a remote access Trojan (RAT) malware that uses the same overall technique, but with an added twist to its antivirus evasion method,” according to X-Force.</p><p>The RAT does not have a name and its code is written in Delphi, a programming language common among hackers targeting Brazil. “These Delphi-based codes attacking in Brazil see so much code re-use there, that the malware is not defined into ‘families’ like the ones we know from the module Trojan world (Zeus, Ursnif, Dridex, etc),” said Kessem in an interview with Threatpost.</p><p>AutoIt has been leveraged several times in the past by attackers as a way to circumvent AV. <a href="https://threatpost.com/autoit-used-in-targeted-attacks-to-move-rats/114406/" target="_blank">Cisco Talos noted in 2015</a> a group of hackers had used the tool in conjunction with phishing attacks to install a RAT designed to maintain persistence on the target’s system by mimicking normal sys admin activity.</p><p>In 2013, <a href="https://threatpost.com/autoit-increasingly-employed-by-malware-developers/100242/" target="_blank">researchers noted</a> an uptick in malware utilizing AutoIt as a scripting language and instances of keyloggers and RATs builders developed with AutoIt being uploaded to the text storage and sharing sites such as Pastebin.</p><p></p><p>In Brazil, X-Force researchers said, overlay malware remains the preferred way to carry out attacks against banks. “As long as those types of attacks continue to serve them, threat actors are unlikely to see a need for change,” researchers wrote."</p><p></p><p>_____________________________________________</p><p></p><p></p><p><u><strong>Behind The Overlay (Moon Edition)</strong></u> : <a href="https://addons.palemoon.org/addon/behind-the-overlay-me/" target="_blank">Pale Moon - Add-ons - Behind The Overlay (Moon Edition)</a></p><p></p><p>JustOff wrote on github page: <a href="https://github.com/JustOff/behind-the-overlay-me" target="_blank">GitHub - JustOff/behind-the-overlay-me: Behind The Overlay (Moon Edition)</a></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><strong>What's it all about?</strong></span></p><p>Some websites will use an overlay to mask its content with a transparent background to force you to read a message before you can see the actual content.</p><p></p><p>This is very annoying as every site will have a different way to close that overlay popup.</p><p></p><p>This extension solves this problem by offering <strong>one button to close any overlay</strong> on any website you may ever encounter.</p><p></p><p><span style="font-size: 18px"><strong>Does it work everywhere ?</strong></span></p><p>The extension should work on most sites that have overlays. Here is a list of some of the websites that the extension is know to work: <a href="https://github.com/JustOff/behind-the-overlay-me/blob/master/WORKS_ON.md" target="_blank">WORKS_ON.md</a>.</p><p></p><p><span style="font-size: 18px"><strong>Features</strong></span></p><ul> <li data-xf-list-type="ul">Requires no special permissions.</li> <li data-xf-list-type="ul">Extremely lightweight, relies on little known document.elementFromPoint browser's function to find elements that are in front with the highest z-index.</li> <li data-xf-list-type="ul">Non-intrusive. The extension activates only when you click its button, thereby it has no impact on navigation performance when you don't use the extension. Doesn't inject tons of CSS rules as AdBlock extension is doing for example.</li> <li data-xf-list-type="ul">Supports hiding of multiple DOM overlay elements.</li> <li data-xf-list-type="ul">Enables overflow auto of the body when overlay script hides it to disable the scroll of the page.</li> </ul><p>_____________________________________________</p><p></p><p>Firefox link to <span style="font-size: 22px"><strong><u><span style="font-size: 15px">Behind The Overlay Revival</span></u> </strong><span style="font-size: 15px">by Iván Ruvalcaba:</span> </span><span style="font-size: 22px"><span style="font-size: 15px"><a href="https://addons.mozilla.org/en-US/firefox/addon/behind-the-overlay-revival/" target="_blank">Behind The Overlay Revival – Add-ons for Firefox</a></span></span></p><p></p><p><span style="font-size: 22px"><span style="font-size: 15px">_____________________________________________</span></span></p><p></p><p><strong><u><span style="font-size: 22px"><span style="font-size: 15px">Test page with overlay popup:</span></span></u></strong></p><p></p><p><span style="font-size: 22px"><span style="font-size: 15px">pbs.org: <a href="https://www.pbs.org/wgbh/frontline/" target="_blank">FRONTLINE | PBS | Official Site | Documentary Series</a></span></span></p><p><span style="font-size: 22px"><span style="font-size: 15px">kakaku.com: <a href="http://kakaku.com/" target="_blank">価格.com</a></span></span></p></blockquote><p></p>
[QUOTE="Prorootect, post: 701214, member: 905"] On each of my browsers, I've an must-have extension/addon [SIZE=5][U]overlay remover[/U][/SIZE] - look above, on the post #55. It's indispensable I think, to defend from malwares that use overlay popup - look on this MT topic: [URL='https://malwaretips.com/threads/autoit-scripting-used-by-overlay-malware-to-bypass-av-detection.77071/']Malware Alert - AUTOIT SCRIPTING USED BY OVERLAY MALWARE TO BYPASS AV DETECTION[/URL] On threatpost.com we read: “The malware’s operator remotely initiates a fraudulent transaction from the victim’s endpoint and may prompt the user to provide additional details by using the fake overlay screen,” researchers said. X-Force researchers said Brazil has become a hotbed for financial malware and that recent uses of overlay malware highlights a trend of more sophisticated malicious code used in the region. “In the past year, we have observed the rise of malware, such as Client Maximus and similar codes, that uses remote access with overlay screens for bank fraud operations in Brazil. Recently, we detected a remote access Trojan (RAT) malware that uses the same overall technique, but with an added twist to its antivirus evasion method,” according to X-Force. The RAT does not have a name and its code is written in Delphi, a programming language common among hackers targeting Brazil. “These Delphi-based codes attacking in Brazil see so much code re-use there, that the malware is not defined into ‘families’ like the ones we know from the module Trojan world (Zeus, Ursnif, Dridex, etc),” said Kessem in an interview with Threatpost. AutoIt has been leveraged several times in the past by attackers as a way to circumvent AV. [URL='https://threatpost.com/autoit-used-in-targeted-attacks-to-move-rats/114406/']Cisco Talos noted in 2015[/URL] a group of hackers had used the tool in conjunction with phishing attacks to install a RAT designed to maintain persistence on the target’s system by mimicking normal sys admin activity. In 2013, [URL='https://threatpost.com/autoit-increasingly-employed-by-malware-developers/100242/']researchers noted[/URL] an uptick in malware utilizing AutoIt as a scripting language and instances of keyloggers and RATs builders developed with AutoIt being uploaded to the text storage and sharing sites such as Pastebin. In Brazil, X-Force researchers said, overlay malware remains the preferred way to carry out attacks against banks. “As long as those types of attacks continue to serve them, threat actors are unlikely to see a need for change,” researchers wrote." _____________________________________________ [U][B]Behind The Overlay (Moon Edition)[/B][/U] : [URL='https://addons.palemoon.org/addon/behind-the-overlay-me/']Pale Moon - Add-ons - Behind The Overlay (Moon Edition)[/URL] JustOff wrote on github page: [URL='https://github.com/JustOff/behind-the-overlay-me']GitHub - JustOff/behind-the-overlay-me: Behind The Overlay (Moon Edition)[/URL] [SIZE=5] [B]What's it all about?[/B][/SIZE] Some websites will use an overlay to mask its content with a transparent background to force you to read a message before you can see the actual content. This is very annoying as every site will have a different way to close that overlay popup. This extension solves this problem by offering [B]one button to close any overlay[/B] on any website you may ever encounter. [SIZE=5][B]Does it work everywhere ?[/B][/SIZE] The extension should work on most sites that have overlays. Here is a list of some of the websites that the extension is know to work: [URL='https://github.com/JustOff/behind-the-overlay-me/blob/master/WORKS_ON.md']WORKS_ON.md[/URL]. [SIZE=5][B]Features[/B][/SIZE] [LIST] [*]Requires no special permissions. [*]Extremely lightweight, relies on little known document.elementFromPoint browser's function to find elements that are in front with the highest z-index. [*]Non-intrusive. The extension activates only when you click its button, thereby it has no impact on navigation performance when you don't use the extension. Doesn't inject tons of CSS rules as AdBlock extension is doing for example. [*]Supports hiding of multiple DOM overlay elements. [*]Enables overflow auto of the body when overlay script hides it to disable the scroll of the page. [/LIST] _____________________________________________ Firefox link to [SIZE=6][B][U][SIZE=4]Behind The Overlay Revival[/SIZE][/U] [/B][SIZE=4]by Iván Ruvalcaba:[/SIZE] [/SIZE][SIZE=6][SIZE=4][URL='https://addons.mozilla.org/en-US/firefox/addon/behind-the-overlay-revival/']Behind The Overlay Revival – Add-ons for Firefox[/URL][/SIZE][/SIZE] [SIZE=6][SIZE=4]_____________________________________________[/SIZE][/SIZE] [B][U][SIZE=6][SIZE=4]Test page with overlay popup:[/SIZE][/SIZE][/U][/B] [SIZE=6][SIZE=4]pbs.org: [URL='https://www.pbs.org/wgbh/frontline/']FRONTLINE | PBS | Official Site | Documentary Series[/URL][/SIZE][/SIZE] [SIZE=6][SIZE=4]kakaku.com: [URL="http://kakaku.com/"]価格.com[/URL][/SIZE][/SIZE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
