enormous Malware (Opens in a new tab) A distribution campaign taking advantage of more than 200 malicious domains and impersonating more than twenty global brands has been discovered to distribute all types of malware to both Android (Opens in a new tab) and Windows operating systems.
Cybersecurity researchers from Cyble first discovered the campaign that seeks to distribute various malware among Android users.
In the campaign, the anonymous threat actors have created countless domains that appear almost identical to real domains belonging to major brands such as PayPal, SnapChat, TikTok, and others. Domains only contain one different, missing, or extra character.
Android and Windows users attacked
This type of fraud is usually called “typosquatting” and is used in all kinds of attacks, for example, on GitHub, where attackers create repositories with almost identical names to legitimate repositories, to try to distribute Malware.
Computer Then expand on that search to find many other areas that distribute malware among Windows users as well. The exact advertising method for these domains is unknown, but the post notes that victims themselves mistype the domains on their devices, or threatening actors who engage in phishing and other forms of social engineering. We must not forget about SEO poisoning.
It was also determined that threat actors used this large campaign of typo attack to deliver all kinds of malware. In some cases, they were distributing the Vidar Stealer, and in others – the dealer Tesla. Vidar is capable of stealing banking information, stored passwords, browser history, IP addresses, details about crypto wallets, and in some cases, MFA information as well. First discovered about eight years ago, the Tesla proxy is capable of stealing credentials from many popular applications including web browsers, VPN software, FTP clients, and email.
Researchers believe that threat actors are currently experimenting with different types of malware until they see which works best. Besides malware, researchers also found an ether mine[.]com that is trying to steal the seed phrases for people’s Ethereum wallets.
Across: Computer (Opens in a new tab)