Browser-Based Threat Report: Nov. 20

Browser-Based Threat Report

Week of November 20th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 20th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: fb9182a611e6c357d3d7876f898ce7246ad777e69367d983042a04bb93d8bd29

This URL was detected by ConcealBrowse on November 14th, 2023. It was first identified by various CTI feeds on November 15th, 2023. This showcases the importance of real-time analysis which is enabled by ConcealBrowse. To date, only 3 other security vendors have identified this URL.

The page was highlighted by vendors due to its poor creation. The site is missing many common elements of safe sites, such as author and copyright meta tags, favicons, and includes a high number of embedded images. In addition to third party vendor suspicion, ConcealBrowse intervened due to the abundance of null and void links found on the page. Poorly crafted and maintained websites are often targeted and used to propagate spam and malware.

_____________

SHA-256: 2c3f85699de22827b33ef601739924844e913db62198ef8acfd64c66c5c434a3

This URL was detected by ConcealBrowse on November 15th, 2023. The URL was first identified by 3 security vendors on October 13th, 2023. Today, 5 vendors have categorized it as suspicious, phishing, and even malware.

The delivered page asks users to enable notifications. Once enabled, multiple notifications appear on the screen (see below) that inform users that their computer is infected. Mimicking a trusted security vendor, the adversary convinces users to engage with the popups, which then initiates an HTML file download. This file conducts the following MITRE ATT&CK techniques; Persistence and Privilege Escalation through registry run key creation, Defense Evasion via masquerading, Discovery via Simple Service Discovery Protocol broadcast queries, and Command and Control through encrypted HTTPS channel.

_____________

SHA-256: 31cf2c5502691f5f875cb1f65f3e19458009ecacfaabd007e07d5475348ad042

This web page was detected by ConcealBrowse on November 16th, 2023 and was first identified as malicious October 10, 2022. As of November 16th, the URL has been annotated as

malicious, malware, and suspicious by 4 security vendors in total. This shows the dynamic reputation of webpages, thus emphasizing the importance of real time URL analysis; which is enabled with Conceal Browse.

Further analysis of this web site shows that there are several files that are flagged as malicious including two JavaScript files and a .ico file. These JavaScript files are shown to match a YARA rule that detect the presence of a Base64_Encoded_URL which is a common theme among recent examples where ConcealBrowse has intervened to protect the endpoint.

It is important to note that the site appears to have been taken down.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.