CySecurity News – Latest Information Security and Hacking Incidents
Fillip Mouliatis, a Malwarebytes researcher has uncovered a malvertising campaign that is nearly identical to the one distributed by the FakeUpdates (SocGholish) attackers.
However, the execution and distribution patterns are different. Unlike FakeUpdates which is driven by exploited websites to display malicious, fake browser update windows, this campaign employs malvertising.
The malvertising campaign target users via a fake Firefox update that includes a couple of scripts and an encrypted payload. The initial executable consists of a loader that retrieves a piece of Adware identified as BrowserAssistant. This malicious payload was spotted before in an identical malvertising campaign involving the RIG exploit kit in late 2019.
Interestingly, the attackers reused the same servers in Russia and dubbed their malvertising gates after different ad networks.
Malvertising Campaign Target Firefox Users via Fake Updates