I can recall, one member of MT mentioned not using AV at all.
Malicious website escaping secure dns
- Thread starter Parkinsond
- Start date
Damn I need to tell my wife that for the first time ever I came late.
Last edited:
Proof of life
The update button leads to download a malware that's based on Node.js (the most popular JavaScript runtime environment).
ESET didn't block the malware download source site like Kaspersky, but the main malicious file was detected after extraction.
ESET didn't block the malware download source site like Kaspersky, but the main malicious file was detected after extraction.
It's better for men to be late than women. That will equate to years of sacrifice.hehe
Just to add a bit of context, Node.JS is very popular amongst malware writers, it is the Chromium V8 minus the file system restrictions.
It is somewhat similar to WebView, however WebView2 is still sandboxed, restricted, full Chromium fork (Edge).
It is somewhat similar to WebView, however WebView2 is still sandboxed, restricted, full Chromium fork (Edge).
Does disabling V8 in Chrome settings help with?
Not at all, because the node.js environment is portable, it can be downloaded or shipped with the executable. In this case as the decompressed size is 24 mb it has been shipped. It is not related to or affected by Chrome in any way.
But also V8 is the Chromium engine, you can’t disable it.
I always come when they ask me to... there's my hard life and sacrifice!
Awesome it's a legit site they've been around before the Y2k event
Current status at vt.
and even later after the fact: osprey blocked it and so does Eset online checker
www.eset.com
ESET Link Checker: Is This URL Safe?
Check any link with ESET Link Checker to see if it’s safe before you click. Protect yourself from phishing, malicious websites, and scams.
This list was all clean yesterday; also Norton safeweb was labeling it as safe yesterday.Current status at vt.
Was labeling it safe yesterday; checked it myself.and even later after the fact: osprey blocked it and so does Eset online checker
ESET Link Checker: Is This URL Safe?
Check any link with ESET Link Checker to see if it’s safe before you click. Protect yourself from phishing, malicious websites, and scams.
This could help with prevent some forms of attack/vulnerabilities. JavaScript is not a low-level language like C/C++/Rust/Zig, it's a high-level language, so speed is comparatively slower than those (still very fast). JIT (Just-in-Time Compiler) is a feature that makes JavaScript run extremely fast. Still not as fast as low-level languages but close. If you use Chrome's "Don't allow sites to use JavaScript optimizations" or enable "Enhance your security on the web" feature in Edge, it disables some JIT related features. So, security increases at the cost of performance mainly on JavaScript heavy sites. It also disables Web-Assembly but Web-Assembly is not used by most sites.
I prefer fast browsing over this added security because I myself getting affected by any such serious vulnerability is rare.
I also prefer fast browsing.
On my PC, if I disable JIT, performance is reduced by half.
In 2025, both Chrome and Firefox were affected by these vulnerabilities.
I posted it somewhere in the forum, but I can't remember where...
Yeah, the URL is blocked by GoogleSafeBrowsing, but when I enable it, it says the download is complete, but nothing actually downloads with Strict Settings.
Actually, nothing downloaded even for me on default settings on my system. In the VM I had to switch to Google DNS from browser settings to make it download. DNS wasn't blocking for me at that point so I'm not sure why the download didn't trigger.
But on Edge it's nice to have a balance vs strict setting.
Norton shows the fake Chrome updater as "Trusted" and "used by hundreds" !!!
Edit:
It seems the previous file is clean. The malicious file is the .dll file in the in app folder
Edit:
It seems the previous file is clean. The malicious file is the .dll file in the in app folder
Last edited:
The link is detected by Norton and its family, but the malicious fake Chrome Updater is not detected.
You may also like...
-
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches- Started by Parkinsond
- Replies: 5
-
eScan confirms update server breached to push malicious update- Started by andytan
- Replies: 43
-
-
Korean malware removal tool I have never heard about before
- Started by Parkinsond
- Replies: 19
-
