Security experts from Kaspersky Lab discovered spotted a new attack technique used by crooks to distribute malware by tricking victims into installing a malicious “security certificate update” when they visit compromised websites.
We have already observed threat actors distributing malware masqueraded by legitimate software updates. The new technique differs from previous ones because visitors to infected
“We detected the infection on variously themed websites — from a zoo to a store selling auto parts. The earliest infections found date back to January 16, 2020.”
The compromised websites display a message claiming the website’s security certificate is expired and urge visitors to install a “security certificate update” to correctly view the content of the website.
The message is contained within
While the script is loaded, the URL bar still displays the legitimate address.
Once the victim clicked on the update button, a file is downloaded (Certificate_Update_v02.2020.exe).
The executable unpacks and installs one of two malware variants to the victim, tracked as
The Mokes backdoor allows hackers to execute arbitrary commands on the victim’s computer, it works on Linux, Windows and also OS X.
Buerak is a Windows-based Trojan that implements backdoor capabilities and anti-analysis techniques.
Kaspersky experts included in their analysis the Indicators of Compromise (IoCs).
(SecurityAffairs – hacking, undersea cables)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.