Security News Pseudo-Darkleech Actors Behind a Large Chunk of Ransomware Attacks in 2016

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
...some quotes from the article above....

A cyber-crime infrastructure known in infosec circles as pseudo-Darkleech has been the source of many ransomware infections during the past year, either by malicious spam attachments or via automated attacks carried out via exploit kits.
pseudo-Darkleech is the name of a collection of hacked websites that host malicious scripts, secretly inserted in the source code of these sites by malicious actors.
The infected websites vary in nature and range from Drupal to WordPress, and various other CMS platforms. The only thing in common is the mode of operation, and the scripts injected on these sites, which places them under the control of the pseudo-Darkleech group.
Click to expand...

pseudo-Darkleech appeared in late 2014 - early 2015, and consists of selecting random users that access the compromised websites, and loading hidden iframes in the background of their pages.
These iframes run source code from exploit kits that test the user's browser for weaknesses. If the victim is deemed vulnerable, then an exploit soon follows, which takes hold on the user's PC and then downloads a predetermined malware payload from the exploit kit's servers.
pseudo-Darkleech campaigns have been very active in 2016, something that has been noticed by multiple security firms, such as Microsoft, Heimdal Security, Palo Alto Networks, and security researcher Brad Duncan from Malware-Traffic-Analysis.
Click to expand...

According to multiple sources, pseudo-Darkleech has used multiple exploit kits to deliver various types of ransomware in the past year.
Click to expand...

Today, pseudo-Darkleech, together with similar campaigns such as the original Darkleech, Afraidgate, and EITest account for a large chunk of traffic redirected to exploit kits.

Some of these campaigns use public websites where crooks advertise their services and offer to redirect users from legitimate websites to any destination the buyer may want.

This is why we see pseudo-Darkleech being involved in so many cyber-crime activities today.

Because ransomware often provides the quickest financial turnaround for malware authors, this also explains why we see pseudo-Darkleech powering so many ransomware operations.
Click to expand...
 
  • Like
Reactions: Der.Reisende
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Malware News Surge in Magniber ransomware attacks impact home users worldwide
Replies
2
Views
2,496
Security News
Jonny Quest
Jonny Quest
Gandalf_The_Grey
    • Like
Security News Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Replies
0
Views
802
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Ratel RAT targets outdated Android phones in ransomware attacks
Replies
0
Views
2,117
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top