Windows admins targeted with clever malvertising scam

Don't google your favorite system tools. Or, at the very least, be careful when clicking on the results.

  Science/Technology   May 20, 2024   0   47  Add to Reading List
Windows admins targeted with clever malvertising scam


Click the link to join the registration on WhatsApp: https://chat.whatsapp.com/KThkuZlWaTcCu3iJHGBmLM


Click the link to join the registration on WhatsApp: https://chat.whatsapp.com/KThkuZlWaTcCu3iJHGBmLM


Click the link to join the registration on WhatsApp: https://chat.whatsapp.com/KThkuZlWaTcCu3iJHGBmLM

Hackers are targeting Windows system administrators with malvertising, hoping to get them infected with ransomware

In a recent campaign, observed by cybersecurity researchers Rapid7, hackers are impersonating two popular Windows utilities - WinSCP, and Putty.

The former is an SFTP/FTP client, while the latter is an SSH client. 

BlackCat deployed

In essence, the campaign is not particularly creative, and relies on system admins being in a hurry, being reckless, or simply trusting their search engines a bit too much. First, the attackers would create fake websites for the above-mentioned tools. The researchers found puutty[.]org, puutty[.]org, wnscp[.]net, and vvinscp[.]net, among others.

They would then find a way to advertise these websites on popular search engines so that when an admin “googles” the tool (instead of typing in the address in the bar, or clicking on a bookmark) the top search result will be a fake website that looks almost identical to the legitimate one.

If they don’t spot the ruse, they will download and install malicious malware loaders which, in turn, deploy ransomware. 

In this campaign, the researchers said, it is possible that the hackers are delivering BlackCat ransomware (also known as ALPHV). This tool was shut down after the successful breach of Change Healthcare, when the company was apparently extorted out of $22 million. After that attack, the group took the money and shut the whole operation down. 

"In a recent incident, Rapid7 observed the threat actor attempt to exfiltrate data using the backup utility Restic, and then deploy ransomware, an attempt which was ultimately blocked during execution," explains Rapid7's Tyler McGraw. "The related techniques, tactics, and procedures (TTP) observed by Rapid7 are reminiscent of past BlackCat/ALPHV campaigns as reported by Trend Micro last year."

Security researchers have, for a while now, warned that users shouldn’t trust search engines too much, as they are often tricked into displaying malicious websites in top spots. 

More from TechRadar Pro

Read Original   

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Keep advertising to get more people

You could reach thousands of more people for every ₦1,000 you spend. https://doacweb.com/advertising

Adverts on doacWeb can be informative, educative or persuasive in nature.

doacWeb Ads is always directed at a broad audience (reaching thousands of people day by day), not few individuals — it deliver your advert to the target audience at the same time. Putting your offer in front of the right people — who have the money and interest in what you sell.

doacWeb Advertising gives you advantage as adverts passes through https://doacweb.com to the internet, reaching millions of people over the internet, and to grow your audience.

Grow your business, Be known, Boost your visibility, Drive engagements, Get new customers and Increase sales.

doacWeb acts as a global advertising media, to let people — individuals — and businesses, to promote and reach more interested people.

Get Started.

WhatsApp: 09031633831

Email: info@doacweb.com
Keep advertising to get more people

You could reach thousands of more people for every ₦1,000 you spend. https://doacweb.com/advertising

Adverts on doacWeb can be informative, educative or persuasive in nature.

doacWeb Ads is always directed at a broad audience (reaching thousands of people day by day), not few individuals — it deliver your advert to the target audience at the same time. Putting your offer in front of the right people — who have the money and interest in what you sell.

doacWeb Advertising gives you advantage as adverts passes through https://doacweb.com to the internet, reaching millions of people over the internet, and to grow your audience.

Grow your business, Be known, Boost your visibility, Drive engagements, Get new customers and Increase sales.

doacWeb acts as a global advertising media, to let people — individuals — and businesses, to promote and reach more interested people.

Get Started.

WhatsApp: 09031633831

Email: info@doacweb.com
Keep advertising to get more people

You could reach thousands of more people for every ₦1,000 you spend. https://doacweb.com/advertising

Adverts on doacWeb can be informative, educative or persuasive in nature.

doacWeb Ads is always directed at a broad audience (reaching thousands of people day by day), not few individuals — it deliver your advert to the target audience at the same time. Putting your offer in front of the right people — who have the money and interest in what you sell.

doacWeb Advertising gives you advantage as adverts passes through https://doacweb.com to the internet, reaching millions of people over the internet, and to grow your audience.

Grow your business, Be known, Boost your visibility, Drive engagements, Get new customers and Increase sales.

doacWeb acts as a global advertising media, to let people — individuals — and businesses, to promote and reach more interested people.

Get Started.

WhatsApp: 09031633831

Email: info@doacweb.com