Tag Archive for ‘Dan Goodin’

With Help From Google, Impersonated Brave.com Website Pushes Malware ➝

Dan Goodin, writing for Ars Technica:

Scammers have been caught using a clever sleight of hand to impersonate the website for the Brave browser and using it in Google ads to push malware that takes control of browsers and steals sensitive data.

The attack worked by registering the domain xn--brav-yva[.]com, an encoded string that uses what’s known as punycode to represent bravė[.]com, a name that when displayed in browsers address bars is confusingly similar to brave.com, where people download the Brave browser. Bravė[.]com (note the accent over the letter E) was almost a perfect replica of brave.com, with one crucial exception: the “Download Brave” button grabbed a file that installed malware known both as ArechClient and SectopRat.

This type of domain impersonation seems almost a little too easy. But I’m not really sure what could be done about it.

➝ Source: arstechnica.com

Hackers Use Anti-Adblocking Service to Deliver Malware Attack ➝

Dan Goodin, reporting for ArsTechnica:

The compromise started in the last few minutes of Halloween with a spearphishing e-mail that ultimately gave the attackers access to PageFair’s content distribution network account. The attacker then reset the password and replaced the JavaScript code PageFair normally had execute on subscriber websites. For almost 90 minutes after that, people who visited 501 unnamed sites received popup windows telling them their version of Adobe Flash was out-of-date and prompting them to install malware disguised as an official update. […]

Fortunately, the malware was detected by F-Secure and likely competing antivirus packages as well. Additionally, a large percentage of connections to the attacker servers failed. On top of that, NanoCore runs only on Windows, so people visiting on machines running other operating systems were immune to the attack.

Two lessons to take from this:

  1. Don’t use Windows.
  2. Don’t use Adobe Flash.

You’ll thank me later.