Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
SECURITY ALERT: New Domen Toolkit Pushes Malware through Fake Software Updates
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,118
Threads: 10,248
Thanks Received: 9,332 in 7,478 posts
Thanks Given: 10,290
Joined: 12 September 18
#1
Exclamation  05 September 19, 09:28
Quote:
[Image: heimdal-logo.svg]

How the new toolkit pushes malware. What to watch out for and how to stay safe.

A new toolkit has emerged in the past few days, infecting users via compromised websites.

Most of the compromised websites which are unknowingly hosting the toolkit are based on a WordPress script, which leaves them vulnerable to be exploited this way.

The toolkit has been dubbed Domen and abuses the trust of users in a classic social engineering move. Relying on the fact that most users are aware of the necessity of updates, the toolkit creators are piggyback riding on the trustworthiness of the programs they claim to represent.

When one sees a notification for a required update from a software brand they already have and trust, chances are they will approve without thinking twice. That’s how the Domen toolkit spreads and infects hosts, allowing hackers to access the infected devices remotely, to take screenshots, steal data and more.

The Domen toolkit was first discovered by security researcher Jérôme Segura, and further reported on by security researcher mol69.

How Does the Domen Toolkit Work?

The Domen Toolkit targets both PC and mobile users. So far, security researchers have discovered Domen messages being delivered in as many as 30 different languages. Besides the linguistic variety, the Domen toolkit is also remarkable in its high level of customization and sophistication.

Because of its complexity, the toolkit is able to adapt to various browsers, operating systems, clients and so on. This is what makes Domen more dangerous than the usual run-of-the-mill exploit kits abusing Flash vulnerabilities.

After an internet user visits a website infected with the Domen toolkit, they will start seeing pop-ups prompting them to install a ‘required’ software update. Those software update messages are delivered with regards to multiple software names and in 30 languages so far.

For example, here is a screenshot of a fake Chrome update prompt.
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Privazer 4.0.120.2
Privazer 4.0.120.2...harlan4096 — 07:30
Brave 1.88.138 (Chromium 146.0.7680.178)
Release v1.88.138 ...harlan4096 — 07:28
Opera 129.0.5823.44
Hello! New Oper...harlan4096 — 07:27
Microsoft Edge 146.0.3856.97
Version 146.0.3856...harlan4096 — 07:26
AnyDesk 8.0.2 for Linux
Version 8.0.2 for ...harlan4096 — 07:25

[-]
Birthdays
Today's Birthdays
avatar (48)cticigges
avatar (50)ecoFit
avatar (44)soccejeS
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (43)Sanfordbup
avatar (38)Der.Reisende
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>