![]() Once Brave notified Google of what was happening, the search engine eliminated the display of ads. An Reviews conducted by Martijn Grooten, head of security firm Silent Push, showed that there were other similar domains registered by the service that referenced the Flight Simulator game, the Tor browser and the Screencast, among others. ![]() ![]() Attack with old profileĪ DNS Reviews conducted by DNSBD Scout shows that the IP domain used to host the fake site also hosted addresses that led to pages like lędgėr.com, sī and teleģram.com - all registered from NameCheap. Other capabilities include stealing Chrome and Firefox histories, connecting to C2 servers, and profiling the affected system. In addition to sending desktop images of the invaded machine, it can create a second invisible desktop, perform encrypted communications and give the attacker the ability to execute code remotes. The malware used by attackers is known as ArechClient and SectorRat, having first appeared in 2019. The links used also appeared disguised as legitimate domains, avoiding calling the victims’ attention to the scam. In addition to creating the fake page, the criminals also paid for advertisements on Google’s search engine that highlighted it when someone searched for internet browsers. When accessing the site, the only element that differentiated it from the official page was the accent on the name, which can easily go unnoticed - when clicking to download the program, the transfer of a 303 MB ISO file, which housed a single executable inside. To deceive victims, criminals used punycode domains (programming protocol in which a string of Unicode characters can be translated to the most limited character encoding allowed for domain names), transforming the address “domain xn-brav-yvawith” in “Bravėcom”.
0 Comments
Leave a Reply. |