Browser-Based Threat Report: Jan 1
Browser-Based Threat Report
Week of January 1st, 2024
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 1st, 2024, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: b068837842db3d9756703c8924bfc1dcb2c0aa23c0a86f31bb71b62839f4bf6a
ConcealBrowse first detected this URL on December 28th, 2023. The URL was first reported on March 23rd, 2021, showcasing the continuous compromise and further suspicion surrounding the download site. Conceal intervened as the page loaded, assigning a 14% risk due to suspicion as the page had several signals that the detection engine identified.
The URL delivered a webpage that appears to host various video games on gaming platforms, which are available to download. The site asks the user to turn off their ad blocking features of the browser, enabling ads on the page. Although you may be able to download games from the site without issues, the likelihood of clicking an ad or downloading a Trojan via one of the video games is still high. This is the same issue found with Peer-to-peer sharing sites and torrent sites, as there is little to no moderation. Additionally, this site lacks Content Security Policy headers, making it susceptible to cross-site scripting and code injection attacks.
_____________
SHA-256: 8be6bc58004cbcefb2ec47155e19d904a5cd30d233e3fe4a82a1043839f65bb6
ConcealBrowse detected this URL on December 29th, 2023. It was first identified by three security vendors on October 3rd, 2023, and to date, by five vendors in total. ConcealBrowse intervened due to the abundance of signals around the page’s structure. With that, the site was assigned a 14% risk score.
The innocuous news site appears safe at first glance, giving insight to those seeking information on the Affordable Care Act and employee rights. Sites like this often use various marketing tags to track analytics to gain insight into their site visitors. These tags often rely on popular management systems such as Google Tag Manager, and one can see the HTTP requests from the page to the tag manager system. However, one such HTTP request from the site reaches out to a mimicked tag manager, which then loads the script to the page. The script, if loaded, notifies the user to update their browser, which runs a PowerShell script that introduces the NetSupport Remote Access Trojan to the endpoint. This gives adversaries remote access to the endpoint for follow-up actions. This active site should be avoided until the site admins remedy their issue.
_____________
SHA-256:67e5733c2974647897760ce1fd6e184a1508cc3a9df5da7372d6c981d2932abb
The URL was detected by ConcealBrowse on January 2nd, 2024, the same day that various security vendors detected it. To date, only seven vendors have identified this URL, classifying it as malicious and phishing. This highlights Conceal’s leading-edge technology that identifies threats in real-time before most CTI feeds catch on.
At first glance, the website is delivering a web browser that’s currently in beta testing. This browser, which claims to be privacy-minded, simple, and fast, has already been identified by various antivirus vendors as risky. In fact, 31 vendors have classified the browser as such, labeling it everything from riskware to a Potentially Unwanted Program to malware. Once downloaded, it is difficult to remove. Further, the browsing experience is problematic, as it has various redirects, often taking users to preferred search engines when using the URL search bar. This active site and, more importantly, browser application should be avoided.
_____________
Valuable Outcomes of Stopping Browser-Based Threats
As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.