Browser-Based Threat Report: Dec. 11
Browser-Based Threat Report
Week of December 11th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 11th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: 891574723688afb245340844f42b5036facf02c090d9a6bb1886762753595122
This URL was detected by ConcealBrowse on December 6th, 2023, and assigned a 14% risk score due to suspicion. The URL was first submitted and identified by 2 security vendors on December 5th, 2023. The 2 vendors classified the delivered page as malware and malicious.
The inactive site hosts a media download application, that allows users to download and convert videos from sites such as YouTube and TikTok. These kind of tools are popular as they are free, however, as with most free online services, are riddled with advertisements and suspicious links. Furthermore, converter sites have notoriously added additional scripts within their converted, downloadable files, which have historically introduced malware (predominantly trojans and ransomware) and potentially unwanted programs to the endpoint. The site in question asks the end user to allow notifications and when “allow” is clicked, additional tabs are opened, all of which display ads that can lead to additional script execution.
_____________
SHA-256: 2529f43fb390342be8a394c198533e0446a7553e9a17ebf8e569059a3db99afc
This URL was detected by ConcealBrowse on December 5th, 2023. The URL was first analyzed by 3 security vendors on December 6th, 2023, further classifying the page as malicious, suspicious, and as a deliverer of spam and malware. Using our SherpaAI, we identified the threat an entire day before reputable security vendors and CTI feeds.
This highlights the importance of real time analysis. The URL leads to a spam ridden sports page that is full of advertisements and popups. This, coupled with hidden URLs and JavaScript found within the page, increases the possibility of an end user triggering a drive-by download or downloading one of the 11 suspicious embedded JavaScript files. Due to the suspicious HTML code, the site has triggered various AV and security software detection criteria. Additionally, the domain hosting this page has a 3-month domain certificate, which is highly suspicious as it makes tracking the certificate and the associated threats challenging.
_____________
SHA-256: bf2e5eb4aaa5c4fbe33f58a7777afe7cccd97fc0b73b1848ef9a73b3ed8d1351
This URL was detected by ConcealBrowse on December 11th, 2023. It was first submitted to various CTI feeds December 12th, 2023 and has since only been identified by 6 security vendors to date. This domain was registered on December 8th, 2023, demonstrating how quickly the threat environment evolves, and how important it is to have real time analysis enabled by ConcealBrowse.
The delivered webpage seems benign at first glance as it loads a blank page. However, after further analysis, the website was seen downloading various suspicious HTML and JavaScript files.. One such HTML file was seen modifying the registry keys of Internet Explorer on the endpoint. Although the affected application is rarely used, this activity is suspicious, as this vector may be used to modify other applications on the endpoint. This webpage has since been added to block lists from notable security vendors.
_____________
Valuable Outcomes
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.
