Browser-Based Threat Report
Week of October 2nd, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
In today’s digital landscape, threats to online security are ever-evolving, and staying one step ahead of malicious actors is essential. ConcealBrowse is your trusted partner in the battle against cyber threats. Our advanced threat detection and prevention system uncovered a severe security risk on September 20th, 2023, and we have been at the forefront of safeguarding online experience ever since.
The following report highlights recently detected sites that were deemed suspicious:
This web page was detected by ConcealBrowse on September 20th, 2023, with it first being submitted to various CTI feeds on March 20th, 2023. The page was recently submitted for analysis on September 21st, 2023, indicating that the page is continuously compromised to serve malicious content.
Using various MITRE ATT&CK techniques to Evade Detection via process injection and conduct Command and Control via ingress tool transfer, the adversary can deliver the suspected credential harvesting HTML file and export the user supplied credentials.
This web page was detected by ConcealBrowse on September 29th, 2023 with it first being submitted to CTI feeds on December 29th, 2015. The page was most recently submitted September 23rd, 2023 due it’s continued nefarious activities. The page contains a redirect to hxxp:// survey-smiles[.]com that is delivering an HTML file with the sha256 of 10dbbd006c5099d6e4f1302ffb0bd95885c0b4caf4107de725b73c08bdb8a39d.
Upon further analysis of the original URL, it was identified to be a referred URL inside the strings of the njRAT-master trojan
Finally, the hosting IP address has been reportedly communicating with various Win32 EXE files that are redirecting victims to a spoofed PayPal page, reinstalling adware, and delivering trojans amongst other malicious activities. Other URLs hosted on the same IP address are currently delivering malicious payloads and are actively phishing.
This currently active page was detected by ConcealBrowse on September 28th, 2023 with it first being submitted to various CTI feeds later that same day. When the page is loaded, it leads victims to a spoofed Microsoft login page that entices users to divulge their credentials. Fortunately, ConcealBrowse detected the page and not only sent it to isolation, but also prevented the user from entering in their password, as seen below.
ConcealBrowse offers comprehensive protection against a myriad of sophisticated cyber threats, as exemplified in recent threat reports. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.
Join us today, and together, let’s make the internet a safer place.