Malvertising Scheme targets baleful ads on Yandex.Direct


Yandex.Direct Compromised with Malvertising Attack  
Cyber Crooks have recently been reported to exploit Yandex.Direct, a Russian Online Marketing Service via a malign advertising campaign. This Malvertising scheme is supplying malevolent ads & targeting a large number of Russian accountants with the sole motive of transmitting Ransomware & Banking Trojans to them.
This colossal Malvertising Attack is propagating a plethora of malware that has specifically been designed to encipher user’s data & whip Cryptocurrency.

Cyber Security analysts from ESET, an IT Security Company headquartered in Slovakia, have found around 6 malware agendas associated with this ongoing Malvertising scheme. From the past few months the hacking group is targeting Russian organizations & using two renowned backdoors namely- Buhtrap & RTM along with Cryptocurrency Stealers & Ransomware.
The Malvertising scheme primarily targeted commercial accounting branches by fastening malevolent adverts through Yandex.Direct. The attackers compromised the systems of users searching for contract examples & contract forms by redirecting them to websites offering spiteful downloads masqueraded as doc templates.



Insight into the Distribution Mechanism Implemented by Attackers
Researchers of Slovakian IT Firm- ESET disclosed that the potential targets searching for keywords like download invoice template, example of legal contracts were enticed to the Malvertising scheme ridden pages. It is evident that the corporate entities were at the target of this malvertising campaign that rendered the accountant’s compromised.
The attackers smartly knot different payloads together & swarmed all the malicious files on 2 diverse GitHub repositories. However, the files were left on the repository for a restricted time-frame only, that too when the Ad Drive was active. It was found that most of the times GitHub Payload was left with an empty ZIP File or a clean .EXE.
This Malvertising Campaign is reported to have launched in October 2018 & has continued invading the accountant’s systems since then. Six different malware families are being horded on the GitHub Repository.
Researchers found that cyber crooks were able to ensnare the victims to download the malevolent files through a website. The website’s blueprint & spiteful file names given by the fraudsters were quite beguiling- contained information about form samples, templates, contract samples etc.  
The fake software mentioned on the website reads as – “Collection of templates 2018: forms, templates, contracts & samples.”

Read More

Comments

Post a Comment

Popular posts from this blog

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online
Read more

The novel DNS protocol helps Mozart Malware evade detection

Image
The nasty Mozart Malware has made a major comeback in the cyber-world. Yes, the devious malware known for infecting the Home Depot Inc, United States & breaching data is now using a novel DNS protocol to communicate with the remote hackers. This new DNS Protocol is also being used by Mozart Malware to remain under the radar of security solutions & other intrusion detection systems. Read on to know more about this backdoor malware. The First Attack of Mozart Malware Mozart malware made its first appearance in September 2014 after it hacked the Home Depot Inc., United States. According to the sources, this earlier unknown & unseen malware was specifically crafted to attack the Home Depot, the largest home development vendor in the United States. The word “Mozart” was observed in the software’s malicious code& it is suspected to have connections with the hacker’s system, the sources state. Read Full Article
Read more

How to remove ZUpdater.exe Trojan from your system?

Image
Guide to Remove ZUpdater.exe Trojan - ZUpdater.exe Trojan is a nasty threat to the Windows OS based devices. It uses the infected system’s resources to generate illicit crypto currency without the user’s permission or knowledge. Software Bundling & Free Programs are the prime methods used by ZUpdater.exe Trojan to proliferate its infection. Some of the free downloads offered on the internet do not reveal if other software is being installed in the background. Thus, they easily make their way into the system without user’s consent. Once ZUpdater.exe virus is installed, it consumes over 90% of the CPU’s power & graphics card power of the targeted system. This way, it makes the system extremely sluggish & deteriorates the performance of the PC. According to cyber-security analysts, while the system is running slow, hackers use computer’s resources to generate illicit revenue for themselves. Victims from around the world are looking for ways to remove
Read more