However, Microsoft has already warned that BulletProofLink’s operators trick their own customers by storing the stolen credentials from the attacks and then selling them on other underground forums. According to research, BulletProofLink, as this campaign is called, goes beyond traditional phishing kits, because after an initial registration on its portal for a fee of $800, it offers a comprehensive service with hosting, domain generation, email sending, credential collection and stolen logins, which can then evolve with modifications to phishing templates from among the more than 120 available. Microsoft security researchers have published details of a massive phishing-as-a-service (PHaaS) campaign that uses a hosting-like infrastructure and offers different services to threat actors, such as phishing kits and templates. More info: BulletProofLink: massive phishing campaign So far, the specific methods used to compromise IIS servers are not known exactly, although different exploit codes are available and were patched by Microsoft itself last May ( CVE-2021-31166). Once the victim executes the malware it will install itself alongside the TeamViewer remote control software, giving the threat actor direct communication with its command and control server and full control over the compromised computer. NET::ERR_CERT_OUT_OF_DATE.” which, in turn, suggests the user to download a malicious “update installer” that actually obfuscates the known TVRAT trojan. Updating a security certificate may allow this connection to succeed. The attack vector consists of displaying a fake expired certificate alert such as “Detected a potential security risk and has not extended the transition to. Malwarebytes researchers have observed a malware distribution campaign since the beginning of September that makes use of previously compromised pages running on Microsoft’s Internet Information Services (IIS) web server. Malware campaign using TeamViewer on websites under IIS
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |