Malware Distribution Campaign Has Been Raging for More Than Four Months

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/malware-distribution-campaign-has-been-raging-for-more-than-four-months/
An organized and highly dynamic malware distribution campaign has been leveraging thousands of hacked websites to redirect users to web pages peddling fake software updates in an attempt to infect them with malware.

According to Jerome Segura, the Malwarebytes researcher who analyzed multiple infection chains to piece together the grander scheme, this campaign started four months ago, in December 2017.

Segura named the campaign "FakeUpdates" because all malicious sites would redirect users to web pages hosting update packages for various types of software, usually Google Chrome, Mozilla Firefox, Internet Explorer, or Adobe Flash Player.

Crooks stealing traffic from hacked sites
The crooks behind this campaign rely on hacked websites to hijack legitimate traffic for the fake update pages.

Segura says he observed most of the traffic coming from hacked WordPress, Joomla, and Squarespace sites [1, 2], but the Malwarebytes researcher also says he spotted crooks leveraging other CMS platforms, as well, usually the ones running outdated versions that were vulnerable to attacks.
.......
.......
.......
Click to expand...
FakeUpdates is an evolution on past campaigns
Overall, the FakeUpdates malware delivery campaign is somewhat similar to what Bleeping Computer and other security researchers have been reporting in the past.

With the downfall of major exploit kits, crooks have turned to creating giant botnets of hacked sites and using traffic distribution systems to funnel legitimate traffic from these sites to malicious pages.

Over the past year, most of this hijacked traffic has gone to so-called "social engineering" web pages, a class of attacks that include classic tech support scams and browser (ransomware-like) lockers, but also sites leveraging the "fake update" trick.

The fake update gimmick is an old trick that came to rebecame popular once again last year, as exploit kits began to lose their popularity. But before the FakeUpdates campaign came to be, we first had websites trying to trick users into downloading missing font packs [1, 2, 3], a variation of the "fake update" trick.
.........
.........
Click to expand...
 
  • Like
Reactions: Mariihh, silversurfer and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers
Replies
1
Views
1,176
Security News
Victor M
Victor M
Gandalf_The_Grey
    • Like
Security News Fake Google Meet conference errors push infostealing malware
Replies
2
Views
1,328
Security News
Andy Ful
Andy Ful
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Fake Google Chrome errors trick you into running malicious PowerShell scripts
Replies
1
Views
1,899
Security News
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top