silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,165
Malware distributors are abusing a DLL hijacking vulnerability in Apple’s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software.
A common method of generating revenue on warez and crack sites, adult sites, video sharing sites, and file sharing sites is to open low quality web page when a visitor attempts to view or download content. These web pages redirect users through a series of sites that eventually push fake software updates, unwanted browser extension, fake giveaways, and malware.
A new malware campaign is using these redirects to distribute malware that uses DLL hijacking vulnerabilities to install a cryptocurrency miner on a victim's computer. [....]
CrystalBit / Apple Double DLL Hijack
As part of a rapid change in the work environment during COVID-19 pandemic, Morphisec Labs has tracked the evolution of the attack landscape, including a new double DLL hijack that includes AppleVersions.dll.
blog.morphisec.com