Browser-Based Threat Report: Dec. 25
ConcealBrowse Browser-Based Threat Report
Week of December 25th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 25th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
URL SHA-256: 8f14543dc1646ee7ebd2f5db2bc376c53dd4cba321a8ff0063557581514e9e3d
Exe. SHA-256: db7aeaa44d1b1e29e31fc0c1a148634b02f4914244bb1662eb47fc2b977405e5
This URL was first detected by ConcealBrowse on September 14th, 2023, and again on December 20th, 2023. The URL was first submitted for analysis by 3 security vendors on September 18th, 2023. Due to the increasing popularity of the URL, Conceal felt it necessary to include this in the weekly threat report. The URL has a 14% risk score due to suspicion which is based off 2 anomalies identified by our Sherpa AI engine.
The URL delivers a webpage that hosts a free privacy extension which claims to prevent ads and trackers found in everyday internet usage. The issue with this specific extension, is that it alters browser settings, assigning preferred search engines as default amongst other settings. Further, freeware like those that can be downloaded from the page above, populate their own revenue generating ad’s to make money, and more importantly collect and sell end user information to third parties. Due to this as well as the way this tool is delivered, via inconspicuous bundling, vendors have annotated the executable as a Potentially Unwanted Application (PuA).
_____________
SHA-256: a94da9bda65514cfe1df1bae85d7d386c84807327f3ac27d2f6cb4ba527c8f6d
This URL was detected by ConcealBrowse on December 26th, 2023. It was first identified by 2 security vendors on September 19th, 2023, and to date, by 6 vendors in total. The URL was isolated by ConcealBrowse with a 14% risk score due to 4 conclusive anomalies, including the use of a malicious TLD. Additionally, 4 links were identical yet labelled differently and there were 21 empty or void links detected. This is highly suspicious, indicating the site was rapidly created for a timing attack, which is supported by its registration date of September 9th, 2023.
Suspicion increased as analysis occurred, as the adversaries used effective titling such as “sale” and “2023” within the page and URL itself. This plays into the current holiday shopping theme and is an effective social engineering tactic used to convey legitimacy and relevancy to end users. When interacting with the site, certain links and text boxes were broken, which again highlights how rapidly the site was created. Sites like these are often recycled and registered to new domains, allowing them to bypass tools reliant on domain reputation. With real time analysis, ConcealBrowse intervenes, and conveys doubt to the end user about sites loaded in isolation. This site should be avoided as it may be phishing for credit card and personal information.
_____________
SHA-256: dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
The URL was detected by ConcealBrowse first on December 21st.It was first submitted to various CTI feeds on the same day. The domain was just recently registered on December 16th, with the first affiliated webpage already unavailable. The webpage has 132 siblings, that are also flagged by various security vendors, however, they are under construction and therefore their true intent remains unknown. This stresses the importance of real time analysis when the threat cyber intelligence lifecycle cannot act fast enough.
After some historical analysis, the URL was seen delivering a dating application. Although any ulterior motives of the application is unknown, security vendors have classified the URL and its subdomain as phishing and malicious. Additionally, it is important to note that the site uses a malicious top-level domain (which was identified by our Sherpa AI engine). The .live TLD is regarded as one of the top abused TLDs globally. Further, the IP address that delivering the domain in question, has been identified by 12 security vendors as malicious with over 200 flagged URL’s delivering pages from it. ConcealBrowse intervened, issuing a 27% risk score to the URL, leaning on intelligence previously mentioned, but mainly, on our Sherpa AI engine to keep the endpoint safe from the suspicious site. It is advised to avoid the subdomain and its siblings as their intent and motive is yet to be seen as they are currently under construction.
_____________
Valuable Outcomes of Browser-Based Threat
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.
