Conceal’s Weekly Threat Reports are highlights of recently detected sites that were deemed suspicious using our AI-powered browser extension, ConcealBrowse.

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

Browser-Based Threat Report: Feb 5

/in /by

Browser-Based Threat Report

Week of February 5th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 5th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256:575e16e99fc8d3ac02f853c6bed65238f23bd6013a7e2321b4c260a171ad5047

browser hijacking

screenshot of homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking

This URL was detected by ConcealBrowse on February 2nd, 2024. It was flagged by four security vendors on December 4th and is still currently flagged by four vendors. ConcealBrowse intervened, assigning the page a 23% risk score due to potential malware.

This is the homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking. Browser hijacking occurs when software changes how your web browser interacts with websites. For example, it may change your home screen to a different search engine or redirect you to malicious websites. While in most cases it is more of a nuisance than nefarious, these types of extensions could easily redirect you to sites that could do more damage or steal your credentials.

Conceal recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and by your other security tools. 

_____________

SHA-256: c81549a6aa1a44d1858feaab9d01060950658b929e39c257b9d2854dd76b1387

This URL was detected by ConcealBrowse on February 1st, 2024. It was originally detected by 4 security vendors the same day, and that number has not changed. ConcealBrowse intervened, assigning the page a 14% risk score due to suspicion.

Although the page has since been removed by Microsoft, this site hosted a tech support scam. Tech support scams will claim that the user’s computer contains malicious software or viruses and prompt them to call a number to remove them. These numbers will pretend to be Microsoft support, but their goal is to steal personal information and money from victims. Sometimes, these scams will go as far as to tell the user to download malware onto their machine so that they can be exploited again in the future.

Conceal recommendation: Although links may originate from legitimate organizations like Microsoft, they can redirect you to unofficial or malicious sites. Unless users verify that the final domain is the one that they intended to visit, they may be unaware of the attack. Solutions, such as ConcealBrowse, that analyze the final destination web page, are crucial in detecting and defending against threats that hide through redirects. 

screenshot of tech support scam URL detected by ConcealBrowse

screenshot of tech support scam URL detected by ConcealBrowse

_____________

SHA-256: 5b9542b700f786e8c7913aae5cef1696bf888ccc555de8ff1be809f4ed4b5363

screenshot of gift card scam page URL detected by ConcealBrowse

Screenshot of a similar page hosted by the same server

This URL was detected by ConcealBrowse on January 30th, 2024. It was first detected by one security vendor on December 29th and is currently detected by 14. ConcealBrowse successfully intervened, assigning the page a 39% risk score.

While the current page no longer exists, it is hosted by a server that contains multiple phishing URLs. The proximity to the malicious IP address allowed ConcealBrowse to detect the page regardless of content. In the past, these sites were used to host gift card scams. Gift card scams trick the user into believing they’ve won a monetary prize, only to redirect them to a malicious website that will steal their personal information and credit card.

Conceal recommendation: Sites like these change their content frequently but often use the same high-risk IP addresses. Blocking all access to this IP with ConcealBrowse , along with your firewall or other perimeter security solution, makes it less likely for users to encounter them. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


This week's threat report highlights a surge in credential theft phishing, a discreet threat with a 54% incident rate. Examples include Yahoo! login deception, IP address cycling in phishing campaigns, and a Microsoft look-alike site exploiting muscle memory for password entry.

Browser-Based Threat Report: Jan 29

/in /by

Browser-Based Threat Report

Week of January 29th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 29th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 76282d556daf6fbf2899edf57f6589bbacde0d7ce31d3c0c595b76f5d4d49661

page pretends to be Yahoo's login page and is used to steal email credentials

This URL was detected by ConcealBrowse on January 22nd, 2024. Six security vendors began reporting on this site later the same day. As of this report,the site is detected by 15 vendors. ConcealBrowse isolated the page with a 28% risk due to suspicion of phishing.

This page pretends to be Yahoo’s login page and is used to steal email credentials. Email credentials carry significant risk, because they can be used to steal accounts connected to the email address. Without 2 factor authentication, all an attacker needs is access to the email associated with the account to change the password and take it over. An attacker might also launch attacks against all contacts in the address book of the account because users are more likely to click on links from someone they know.

Conceal recommendation: Educating users how to spot potential phishing sites is an important aspect of a layered security approach. However, it is important to address those who may not identify phishing sites with a solution, like ConcealBrowse, that prevents users from entering credentials into sites that they fail to recognize as phishing by preventing username and password input in suspicious sites.

_____________

SHA-256: 79d6e8d4005bd33c71797a26b18e76b4b136a51d4ba0743c5a2a6ef9ead435a0

This URL was detected by ConcealBrowse on January 25th, 2024. It was detected by 13 security vendors two days before and is still currently detected by 13 vendors. Despite this, the threat still evaded security controls and ConcealBrowse isolated the page with a 14% risk assessment.

This page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information. Recently, the site hosted a survey scam. Survey scams will ask users to complete a survey in exchange for a prize. When accepted, the page will collect personal information such as an email address and other PII, which will then be the target for multiple scams and phishing attempts. Although the site is currently down, it is likely that it will be reactivated with a different phishing campaign.

Conceal recommendation: This IP address is known to be used in phishing and other attacks. This IP address should be added to any block lists in ConcealBrowse and any other perimeter security controls.

page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information.

_____________

SHA-256:34cae9fa33d05561d84cf80c1259cbee25c3f26ae653f7e14e29b0a24b539e45

credential phishing page; this time impersonating a Microsoft login

This URL was detected by ConcealBrowse on January 24th, 2024. It was first detected by one security vendor on January 18th, and since then it has been flagged by nine others. ConcealBrowse isolated the page with a 27% risk assessment for malware and phishing.

This is another credential phishing page; this time impersonating a Microsoft login. This site uses the color scheme and the logos of the organization that was targeted, and it fills in the email address of the user. These methods are all intended to make the victim more likely to enter their password without checking into the site further. The domain name is made to be believable as well, as it pretends to be a document signing platform. However, more investigation into the URL reveals that it is fraudulent, and no such company exists.

Conceal recommendation: Adversaries have become more sophisticated in how they are able to bypass security controls to deliver credential theft attacks. Security solutions that detect phishing threats and prevent users from entering credentials into counterfeit logins are essential in protecting against these types of threats.

_____________

Valuable Outcomes from the Browser-Based Threat

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


Browser-Based Threat Report: Jan 22

/in /by

Browser-Based Threat Report

Week of January 22nd, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and other browser-based threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly browser-based threat report for the week of January 22nd, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 4ea2f82641a8b923d53a61edc51e8768561d25556946946c1a467aba9183f29a

Browser-Based Threat

Browser-Based Threat

ConcealBrowse detected this URL on January 16th, 2024. It was first identified by 2 security vendors six months ago and is currently reported by 11 others. ConcealBrowse isolated the page with a 37% risk due to possible malware and phishing.

Initially, this web page appears to be a generic banking website requesting information for a new account. However, further investigation into the website reveals an address in Los Angeles that does not exist, and there is no phone number listed. The company name has a history of being used for banking scam operations, and this page is an example of personal information harvesting. These kinds of attacks can be used for identity theft and are particularly dangerous because they are often brushed off as legitimate due to the nature of the web page.

_____________

SHA-256: 0b9e8fdb4a6570b8168bedccf11b14e33d91648f896c5b24b66e92c7ee5fb4e5

ConcealBrowse detected this URL on January 18th, 2024. Later that day, other security vendors started reporting it as well. It has now been identified by 9 vendors, labeling it as malware and malicious. ConcealBrowse assigned this threat a 14% risk.

Software that has not been shared from recognized publishers, such as the one on this site, should be avoided whenever possible. They may contain hidden malware that deploys on the machine when installed. When analyzed, the program hosted on this website contained possible credential scraping tools. These tools scan browsers for any saved passwords to steal and compromise accounts. Although the website itself is not malicious, ConcealBrowse’s isolation allows users to recognize that the downloadable programs on this site could be dangerous.

Browser-Based Threat

Browser-Based Threat

_____________

SHA-256: 3a03d73e9bb846554236a08c4fe09af885930c0583060de6ec3a62b9a2eca6e2

Browser-Based Threat: Netflix

Browser-Based Threat: Netflix

This URL was detected by ConcealBrowse on January 19th, 2024. It was detected by several security vendors in February of 2023 and is currently being flagged by 12 of them. It is classified as a phishing attempt, being isolated by ConcealBrowse with a 14% risk assessment.

This webpage is a clone of the Netflix home page and includes a box for the user to enter their email address, as well as various images and hyperlinks. Even though a password is not harvested, collecting email addresses can lead to more specialized attacks, such as spear phishing. Creating a Netflix clone is a common practice exercise for new web developers, but they usually have multiple pages and elements such as thumbnails and embedded video trailers. This page lacks these features, and that, combined with other suspicious elements found by ConcealBrowse, indicates that this is likely a malicious page.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Jan 15

/in /by

Browser-Based Threat Report

Week of January 15th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 15th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 97296b4ff7ddfff97b2e7c34976ed0cdf7e8504ef9dd23618de7c4e092f581c0

Browser-Based Threat Report

Browser-Based Threat Report

ConcealBrowse first detected this URL on January 10th, 2024, the same day other security vendors started reporting. To date, only 5 vendors have identified this URL, labeling it as malware and malicious. Conceal prevented this new threat, further assigning a 27% risk and highlighting the importance of real-time analysis.

Non-affiliated webpages that push custom video game components such as cursors should be viewed cautiously. Sites like this are often not moderated and push custom-scripted game components. This specific site is loaded from an IP address that security vendors have flagged as malicious. This IP also delivers similar domains that have been flagged and use the same naming convention, such as videogame-cursors[.]online. In fact, a handful of these domains were also isolated by ConcealBrowse. This site and many of these domains are still active and should be avoided.

_____________

SHA-256: c3122370c2de5692438103f45f8ef14be899cc40e4c3946719f4a813cd7ca735

This URL was detected by ConcealBrowse on January 10th, 2024. It was first identified by 2 security vendors on the same day, with 3 reporting to date. ConcealBrowse intervened assigning the page a 14% risk due to suspicion.

Upon first look, the webpage itself is using a malicious Top-Level Domain (TLD) that is notoriously used globally for malware distribution and phishing campaigns. The domain itself is also leveraging deception, as there is a legitimate Robin AI used by many. Due to this, vendors have annotated this site as phishing. Further, the page is seen downloading an HTML file that has also been annotated as suspicious by two reputable anti-virus vendors. More grandeur, the hosting IP address was flagged and is delivering other copycat websites to users. With that, users should always confirm login page addresses before divulging credentials and other personal information.

Browser-Based Threat Report

Browser-Based Threat Report

_____________

SHA-256: ccd95eea7f0337b08e5888f68c92098294ee889cb540a9de8a52e003f41ec680

Browser-Based Threat Report

Browser-Based Threat Report

The URL was detected by ConcealBrowse on January 16th, 2024. It was detected by various security vendors on January 16th, 2024, and currently is flagged by 2 vendors. This delivered page is classified as malware and malicious by those 2 vendors. ConcealBrowse interdicted this page and prescribed a 22% risk score.

The webpage was seen redirecting to a Yahoo webpage that loads various scripts from third party hosting sites in the process. The page was seen delivering suspicious downloads that have matched various crowdsourced YARA rules for encoded content. This is often used to bypass security mechanisms by encoding script so that it cannot be detected. Although it loads a legitimate Yahoo page, upon delivery there are callouts to third-party hosting sites to execute the various scripts to initiate downloads. Due to this, the page should be avoided.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Jan 8

/in /by

Browser-Based Threat Report

Week of January 8th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and other Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 8th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: e64f0fe9e6a80807640b81600c168af3e335a12d91b1dc2e2df20d2ae04fed8a

Browser-Based Threat Report

Browser-Based Threat Report

ConcealBrowse first detected this URL on January 8th, 2024. Only one other vendor annotated the URL on the 8th, and only 2 total vendors are reporting it as phishing at the time of this report. Conceal prevented this new threat, further assigning a 14% risk and highlighting the importance of real-time analysis.

Despite several vendors not identifying this page as malicious, it has been shown to download a phishing HTML to visitors, leverage hidden URLs and JavaScript, and the server where this site is hosted is also hosting cc, ru, and .ws domains. Adversaries commonly use these TLDs.

_____________

SHA-256: bb4cd8d523d0ce1ee335b18573829db74b8ccca8d386e0badcb7d75aa1c2dedc

ConcealBrowse detected this URL on January 8th, 2024. It was first identified by 7 security vendors on August 24th, 2023. ConcealBrowse intervened as the webpage loaded to the endpoint, assigning the page a 38% risk.

The webpage uses a redirect, which loads a blank page currently. However, it was historically loading the screenshot pictured below. The webpage prompts the users to allow notifications that, once enabled, execute numerous JavaScripts found embedded within the webpage’s HTML source code. The body hash (annotated above) has been flagged by over 10 security vendors. These vendors classified the page as a known adware distributor. The domain listed above and the redirected domain should be avoided, as most of their subdomains have also been annotated as such.

Browser-Based Threat Report

Browser-Based Threat Report

_____________

SHA-256: fd2f020c87981687a1a05917e1e0f2f672533b29bf0d58d5ab6f945f7bdab389

Browser-Based Threat Report

Browser-Based Threat Report

The URL was detected by ConcealBrowse on January 3rd, 2024. It was detected by various security vendors on January 2nd, 2024, and is currently flagged by 15 vendors. Classified as malicious and phishing, this newly registered domain and subsequent webpage were further analyzed and deemed proximal by ConcealBrowse, meaning it is cohosted with other malicious domains.

Since the delivered webpage now has no content, it may appear safe. However, there is a lingering threat. ConcealBrowse flagged this webpage with our in-house indicator known as “proximity.” This means that the page is hosted on a server that hosts other sites known to deliver malware or phishing campaigns. After further analysis, the server has been seen to be hosting malicious sites. Some of these sites are delivering encoded files to their victims that enable them to bypass traditional antivirus products, exhibiting MITRE ATT&CK tactics such as defense evasion. Due to the affiliation with this enabling server, ConcealBrowse intervened.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Jan 1

/in /by

Browser-Based Threat Report

Week of January 1st, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 1st, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: b068837842db3d9756703c8924bfc1dcb2c0aa23c0a86f31bb71b62839f4bf6a

Browser-Based Threat

ConcealBrowse first detected this URL on December 28th, 2023. The URL was first reported on March 23rd, 2021, showcasing the continuous compromise and further suspicion surrounding the download site. Conceal intervened as the page loaded, assigning a 14% risk due to suspicion as the page had several signals that the detection engine identified.

The URL delivered a webpage that appears to host various video games on gaming platforms, which are available to download. The site asks the user to turn off their ad blocking features of the browser, enabling ads on the page. Although you may be able to download games from the site without issues, the likelihood of clicking an ad or downloading a Trojan via one of the video games is still high. This is the same issue found with Peer-to-peer sharing sites and torrent sites, as there is little to no moderation. Additionally, this site lacks Content Security Policy headers, making it susceptible to cross-site scripting and code injection attacks.

_____________

SHA-256: 8be6bc58004cbcefb2ec47155e19d904a5cd30d233e3fe4a82a1043839f65bb6

ConcealBrowse detected this URL on December 29th, 2023. It was first identified by three security vendors on October 3rd, 2023, and to date, by five vendors in total. ConcealBrowse intervened due to the abundance of signals around the page’s structure. With that, the site was assigned a 14% risk score.

The innocuous news site appears safe at first glance, giving insight to those seeking information on the Affordable Care Act and employee rights. Sites like this often use various marketing tags to track analytics to gain insight into their site visitors. These tags often rely on popular management systems such as Google Tag Manager, and one can see the HTTP requests from the page to the tag manager system. However, one such HTTP request from the site reaches out to a mimicked tag manager, which then loads the script to the page. The script, if loaded, notifies the user to update their browser, which runs a PowerShell script that introduces the NetSupport Remote Access Trojan to the endpoint. This gives adversaries remote access to the endpoint for follow-up actions. This active site should be avoided until the site admins remedy their issue.

Browser-Based Threat

_____________

SHA-256:67e5733c2974647897760ce1fd6e184a1508cc3a9df5da7372d6c981d2932abb

The URL was detected by ConcealBrowse on January 2nd, 2024, the same day that various security vendors detected it. To date, only seven vendors have identified this URL, classifying it as malicious and phishing. This highlights Conceal’s leading-edge technology that identifies threats in real-time before most CTI feeds catch on.

At first glance, the website is delivering a web browser that’s currently in beta testing. This browser, which claims to be privacy-minded, simple, and fast, has already been identified by various antivirus vendors as risky. In fact, 31 vendors have classified the browser as such, labeling it everything from riskware to a Potentially Unwanted Program to malware. Once downloaded, it is difficult to remove. Further, the browsing experience is problematic, as it has various redirects, often taking users to preferred search engines when using the URL search bar. This active site and, more importantly, browser application should be avoided.

Browser-Based Threat

_____________

Valuable Outcomes of Stopping Browser-Based Threats

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Dec. 25

/in /by

ConcealBrowse Browser-Based Threat Report

Week of December 25th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 25th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

URL SHA-256: 8f14543dc1646ee7ebd2f5db2bc376c53dd4cba321a8ff0063557581514e9e3d
Exe. SHA-256: db7aeaa44d1b1e29e31fc0c1a148634b02f4914244bb1662eb47fc2b977405e5

Browser-Based Threat Report

This URL was first detected by ConcealBrowse on September 14th, 2023, and again on December 20th, 2023. The URL was first submitted for analysis by 3 security vendors on September 18th, 2023. Due to the increasing popularity of the URL, Conceal felt it necessary to include this in the weekly threat report. The URL has a 14% risk score due to suspicion which is based off 2 anomalies identified by our Sherpa AI engine.

The URL delivers a webpage that hosts a free privacy extension which claims to prevent ads and trackers found in everyday internet usage. The issue with this specific extension, is that it alters browser settings, assigning preferred search engines as default amongst other settings. Further, freeware like those that can be downloaded from the page above, populate their own revenue generating ad’s to make money, and more importantly collect and sell end user information to third parties. Due to this as well as the way this tool is delivered, via inconspicuous bundling, vendors have annotated the executable as a Potentially Unwanted Application (PuA).

_____________

SHA-256: a94da9bda65514cfe1df1bae85d7d386c84807327f3ac27d2f6cb4ba527c8f6d

This URL was detected by ConcealBrowse on December 26th, 2023. It was first identified by 2 security vendors on September 19th, 2023, and to date, by 6 vendors in total. The URL was isolated by ConcealBrowse with a 14% risk score due to 4 conclusive anomalies, including the use of a malicious TLD. Additionally, 4 links were identical yet labelled differently and there were 21 empty or void links detected. This is highly suspicious, indicating the site was rapidly created for a timing attack, which is supported by its registration date of September 9th, 2023.

Suspicion increased as analysis occurred, as the adversaries used effective titling such as “sale” and “2023” within the page and URL itself. This plays into the current holiday shopping theme and is an effective social engineering tactic used to convey legitimacy and relevancy to end users. When interacting with the site, certain links and text boxes were broken, which again highlights how rapidly the site was created. Sites like these are often recycled and registered to new domains, allowing them to bypass tools reliant on domain reputation. With real time analysis, ConcealBrowse intervenes, and conveys doubt to the end user about sites loaded in isolation. This site should be avoided as it may be phishing for credit card and personal information.

Browser-Based Threat Report

_____________

SHA-256: dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

The URL was detected by ConcealBrowse first on December 21st.It was first submitted to various CTI feeds on the same day. The domain was just recently registered on December 16th, with the first affiliated webpage already unavailable. The webpage has 132 siblings, that are also flagged by various security vendors, however, they are under construction and therefore their true intent remains unknown. This stresses the importance of real time analysis when the threat cyber intelligence lifecycle cannot act fast enough.

After some historical analysis, the URL was seen delivering a dating application. Although any ulterior motives of the application is unknown, security vendors have classified the URL and its subdomain as phishing and malicious. Additionally, it is important to note that the site uses a malicious top-level domain (which was identified by our Sherpa AI engine). The .live TLD is regarded as one of the top abused TLDs globally. Further, the IP address that delivering the domain in question, has been identified by 12 security vendors as malicious with over 200 flagged URL’s delivering pages from it. ConcealBrowse intervened, issuing a 27% risk score to the URL, leaning on intelligence previously mentioned, but mainly, on our Sherpa AI engine to keep the endpoint safe from the suspicious site. It is advised to avoid the subdomain and its siblings as their intent and motive is yet to be seen as they are currently under construction.

Browser-Based Threat Report

_____________

Valuable Outcomes of Browser-Based Threat

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Threat Report Website Feature - 12.18.23

Browser-Based Threat Report: Dec. 18

/in /by

Browser-Based Threat Report

Week of December 18th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 18th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: c3c3f907fd925366cc657147828696deaf0494bff7d5d9b39d62bb6b5e4e5cf2

weekly threat report 12.18.23 Screenshot of the suspicious webpage

This URL was detected by ConcealBrowse on December 15th, 2023, and assigned a 14% risk score due to suspicion. The URL was first classified by 2 security vendors in September of 2019 as malicious and phishing. This URL has a long history of delivering a compromised and suspicious page and to date has been annotated by 5 vendors as such.

Upon further investigation, there are multiple reasons why this site is continuously flagged. First, the site itself is a WordPress site, which without proper configuration, has numerous vulnerabilities by default, from compromised themes to insecure plugin integrations. That aside, the page is also delivered from an IP address that has historically delivered Trojans (most recently on December 12th) as well as Potentially unwanted Programs (PuPs) and Potentially unwanted Applications (PuAs). This exemplifies the dangers of shared hosting which could lead to the demise of the webpage in question, and further, the endpoints connecting to it.

_____________

SHA-256: 29ee53339a87040fd5b852e2d8542e9498812fb3fd689c25a4b3b4cf492220ce

This URL was detected by ConcealBrowse on December 14th, 2023. The URL in question was first identified December 13th, 2023 as delivering malware and a phishing webpage by 4 security vendors. 6 additional security vendors have since deemed the page as dangerous, totaling 10 vendors to date.

Spoofed websites, like the one delivered by the URL in question, are popular during this time of the year as the adversaries know there will be increased visitors. This site replicates the USPS homepage and even subpages. After a few minutes on the page, it is obviously spoofed with broken links. Conceal’s Sherpa AI engine detected multiple anomalies, identifying this site as malicious. The spoofed site was isolated with ConcealBrowse due to its intention of collecting credit card information from the unassuming, allowing users to add items such as stamps to their cart and proceed to a checkout screen.

weekly threat report 12.18.23 screenshot of spoofed USPS page

_____________

SHA-256: 60d387d2967c2e63a962333387768228a9d2b379829ebc3670ae6d4788f052e0

SHA-256: f248e02fe1c54a766640b8f2257b18d2f496a8642bac1b03ec52e26e2fbc6e93

The URL was detected by ConcealBrowse first on November 4th, and subsequently on December 14th, 2023. It was first submitted to various CTI feeds January 15th, 2022, with its final URL just recently submitted December 19th, 2023. The original URL and final URL have been classified as malicious and phishing by 5 total security vendors. This highlights the domain’s ability to continuously circumvent traditional security mechanisms.

The URL above has multiple final URL’s that have been used in malvertisement campaigns historically. As seen below, once a user clicks on the malicious advertisement, their browser displays warning messages, stating they have outdated drivers. This tactic is used to scare end users into downloading malicious drivers to their endpoint. Although the URL today leads to a parked domain, meaning the adversaries are no longer using their website, they could easily commence this attack even though the domain is on a few DNS blocklists. They would be successful against those without informed DNS providers, however, would not be successful against those with ConcealBrowse.

weekly threat report 12.18.23 Historical screenshot pictured left, with current status (parked domain) pictured right

 

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Dec. 11

/in /by

Browser-Based Threat Report

Week of December 11th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 11th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 891574723688afb245340844f42b5036facf02c090d9a6bb1886762753595122

This URL was detected by ConcealBrowse on December 6th, 2023, and assigned a 14% risk score due to suspicion. The URL was first submitted and identified by 2 security vendors on December 5th, 2023. The 2 vendors classified the delivered page as malware and malicious.

The inactive site hosts a media download application, that allows users to download and convert videos from sites such as YouTube and TikTok. These kind of tools are popular as they are free, however, as with most free online services, are riddled with advertisements and suspicious links. Furthermore, converter sites have notoriously added additional scripts within their converted, downloadable files, which have historically introduced malware (predominantly trojans and ransomware) and potentially unwanted programs to the endpoint. The site in question asks the end user to allow notifications and when “allow” is clicked, additional tabs are opened, all of which display ads that can lead to additional script execution.

_____________

SHA-256: 2529f43fb390342be8a394c198533e0446a7553e9a17ebf8e569059a3db99afc

This URL was detected by ConcealBrowse on December 5th, 2023. The URL was first analyzed by 3 security vendors on December 6th, 2023, further classifying the page as malicious, suspicious, and as a deliverer of spam and malware. Using our SherpaAI, we identified the threat an entire day before reputable security vendors and CTI feeds.

This highlights the importance of real time analysis. The URL leads to a spam ridden sports page that is full of advertisements and popups. This, coupled with hidden URLs and JavaScript found within the page, increases the possibility of an end user triggering a drive-by download or downloading one of the 11 suspicious embedded JavaScript files. Due to the suspicious HTML code, the site has triggered various AV and security software detection criteria. Additionally, the domain hosting this page has a 3-month domain certificate, which is highly suspicious as it makes tracking the certificate and the associated threats challenging.

_____________

SHA-256: bf2e5eb4aaa5c4fbe33f58a7777afe7cccd97fc0b73b1848ef9a73b3ed8d1351

This URL was detected by ConcealBrowse on December 11th, 2023. It was first submitted to various CTI feeds December 12th, 2023 and has since only been identified by 6 security vendors to date. This domain was registered on December 8th, 2023, demonstrating how quickly the threat environment evolves, and how important it is to have real time analysis enabled by ConcealBrowse.

The delivered webpage seems benign at first glance as it loads a blank page. However, after further analysis, the website was seen downloading various suspicious HTML and JavaScript files.. One such HTML file was seen modifying the registry keys of Internet Explorer on the endpoint. Although the affected application is rarely used, this activity is suspicious, as this vector may be used to modify other applications on the endpoint. This webpage has since been added to block lists from notable security vendors.

 

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Dec. 4

/in /by

Browser-Based Threat Report

Week of December 4th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 4th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: : d7ac58e21dd05f2309e09e96c4deac274fa3bfe753d45af29d205f49262f80e2

Browser-Based Threat

This URL was detected by ConcealBrowse on December 4th, 2023 and 4 additional security vendors the same day. This highlights Conceal’s ability to remain on the leading edge of threat prevention through real-time analysis.

The URL redirects to a medical news outlet that once engaged by clicking on the “Watch Now” button, opens additional tabs that load various medical ads and hoaxes. More importantly, the source HTML has embedded JavaScript that delivers a temp file to the endpoint. This file specifically matched numerous YARA and Sigma rules after dynamic analysis since it is obfuscated, lays dormant (long-sleeps), and executes wscript/cscript. ConcealBrowse prevents the page from loading, assigning it a 14% risk score due to suspicion, and numerous identical links with different labels.

_____________

SHA-256: f3c75ad42c932bff7e498e90745f7a4b0d85da444f7fbfa3960e8ffbe41c6561

This URL was detected by ConcealBrowse on December 1st, 2023. The URL was first detected on August 26th, 2023, by 7 reputable security vendors. To date, 17 vendors have flagged the URL, further categorizing it as phishing, malicious, and malware. Using this information and real time analysis conducted by our Sherpa AI Engine, ConcealBrowse assigned a 29% risk score and isolated the URL 3 times in a row, combatting and protecting against end-user persistence.

Without ConcealBrowse, the end user would have introduced an HTML file to their endpoint, that subsequently reaches out to a “.cc” domain. This Australian domain, due to its cost effectiveness, is used by spammers and nefarious actors worldwide. It is hard to extrapolate the intent of the file, however, the action of introducing suspicious files to the endpoint raises concern. Additionally, the page is harvesting crypto wallet addresses to locate wallets, and potentially use the downloaded HTML file for follow on data exfiltration.

Browser-Based Threat

_____________

SHA-256: 195aad5302702e9159617c0ed2023a05116bd663324998e333d4cb9a60bb93f2

This URL was detected by ConcealBrowse on December 4th, 2023. It was first submitted to various CTI feeds August 8th, 2023 and has since only been identified by 3 security vendors as malicious demonstrating the unreliability and lengthy time necessary to populate feeds.

With real-time analysis, ConcealBrowse was able to identify and isolate this URL with a 14% risk due to various reasons such as the lack of basic metadata. Although the URL delivers a blank webpage, the page does drop files on the endpoint that have exhibited various MITRE ATT&CK techniques used by malicious actors. Dynamic analysis shows that the dropped files do create registry run keys to survive reboot, which can also lead to privilege escalation depending on who logs into the system. Further, the URL in question has a high-risk reputation score, short duration domain certificate, and is even sinkholed by 2 DNS providers.

Browser-Based Threat

 

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.