Browser-Based Threat Report: Nov. 6
Browser-Based Threat Report
Week of November 6th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 6th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: e487be0271aa1047e6dd76c59aa6b04094c99113188f9fa139c39497097228c7
This URL was detected by ConcealBrowse on November 3rd, 2023, with it first being submitted to a various CTI feeds November 4th, showcasing how Conceal Browse protects users from the unknown.
When visiting the page, users encounter various pop-ups that state the workstation is infected with malware. This common tech support scam then prompts the end user to call the number listed in the pop-up to remedy the infection. Often, the scammers attempt to elicit payment from users, or entice them to download some sort of remote access software from the page, thus granting access to the endpoint. The Remote Access Trojan, if downloaded, grants persistent access with registry keys, gains elevated privileges and even bypasses file scanning and monitoring tools using various masquerading tactics.
_____________
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
This web page was detected by ConcealBrowse on November 3rd, 2023 with it first being identified by CTI feeds the same day. To date, only 4 security vendors have identified this
threat. This highlights the ability of Conceal Browse to identify current adversary techniques and delivery methods.
The original URL in question has various redirects that lead the end user to a spoofed McAfee home page. The final page, seen below, is very interactive, meaning the spoofed page has been well crafted to increase its legitimacy. The spoofed page, which is hosted across numerous Russian based web servers, was dynamically creating help and feedback buttons, hoping users would engage. It was discovered that the domain was seen delivering backdoors via this technique in previous campaigns.
_____________
SHA-256: cba292db6c58d7028353ca98ee27dc334640987670b15cb83f2b419686596996
This currently active URL was detected by ConcealBrowse on November 2nd, 2023, with variations of the malicious pathname (intentionally removed above) identified throughout the first week of November 2023. The URL prevented by Conceal Browse has since been identified by 10 security vendors, who have classified the delivered webpage as malicious, suspicious, phishing, and even malware. The domain has been identified as a known infection source from reputable CTI feeds, indicating that nefarious content is continuously delivered.
The webpage is a blog that has various referrer headers that request resources from legitimate domains such as Google and Youtube. The page, however, does request resources from a known malicious domain that has was seen downloading suspicious HTML files just a week ago. Since the page is requesting resources from a known malicious domain, the page should be avoided.
_____________
Valuable Outcomes
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.