fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Adult Site Users Targeted With ZLoader Malware Via Fake Java Update

Adult Site Users Targeted With ZLoader Malware Via Fake Java Update

A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers.

The operators use an old trick to distribute a variant of ZLoader, a banking trojan that made a comeback earlier this year after an absence of almost two years, now used as an info stealer.

Named Malsmoke by security researchers, the campaign focuses on high-traffic adult portals. Some websites, like xHamster, rake hundreds of millions of monthly visitors. Another site is Bravo Porn Tube, with over 8 million visitors every month.

Malwarebytes monitored the Malsmoke campaign all year long delivering Smoke Loader – a malware dropper – via Fallout exploit kit until its track went cold on October 18.

The operators had not given up, though. They had switched to a new technique that works on all web browsers: a new malicious campaign that uses “a decoy page filled with adult images purporting to be movies.”

Using a fake video on an adult website, they lured visitors into playing it. The deceptive file would open in a new browser window and instead of images, victims would get a pixelated view and a few seconds of audio to keep them enticed.

After a few seconds, victims would see an overlay message telling them that Java Plug-in needs to be installed for the video to play correctly.

This is an old trick that hails back from the time when it was common for media data streams to be encoded with various codecs (compression-decompression software). A such, media could not be played without the correct codec installed.

Back then, a plethora of fake codecs and media players existed, many of them malicious. Adware and malware would be distributed using this method.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

Malsmoke operators created the grainy videos specifically, to make it look like some piece of software is missing. However, Malwarebytes researcher note in their report that showing a Java update as a solution for video streaming issues is a strange choice since it’s typically used for other tasks.

“The threat actors could have designed this fake plugin update in any shape or form. The choice of Java is a bit odd, though, considering it is not typically associated with video streaming. However, those who click and download the so-called update may not be aware of that, and that’s really all that matters”

– Malwarebytes

The researchers linked the old Malsmoke campaigns with the new one after analyzing the network indicators and noticing that the same templates for the decoy websites were used in both cases.

Furthermore, the cybercriminals used an email address to register a new domain for the new campaign that was already associated with other domains used in previous operations.

source: Malwarebytes

When analyzing the payload, the researcher found that the fake Java update is a signed installer that contains mostly legitimate libraries and executable files.

One of them – HelperDll.dll – downloaded an encrypted variant of ZLoader (also known as Zbot, Zeus Sphinx, Terdot, and DELoader) and deployed it as the final payload.

source: Malwarebytes

The malware went silent in early 2018 but resurged in more than 100 email campaigns in six months since December 2019. It is likely a fork of the original threat that lacks some advanced features.

The current variant of ZLoader preserved the main functions and uses web injects to steal credentials, banking information, and sensitive details stored in browsers (cookies, passwords).

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

By switching to this tactic, Malsmoke operators have widened their reach to an audience of millions of potential victims. This change is a huge jump considering that successful compromise via exploit kits requires the all-but-buried Internet Explorer.

Malwarebytes provides a list of indicators of compromise for the adult sites used in this campaign as well as for the decoys and command and control centers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us