The domains were spreading the malicious “flash player” virus are oyomakaomojiyaorg and cievubeatapornnet, and according to bleeping computers, both are registered with Cock.li email accounts. The file was probably going to install a Trojan or ransomware on victims devices. The payload could be a JSE (encrypted JavaScript), but because the domain on which the scam was being hosted was down, a copy of the final payload could not be retrieved. The so-called “flash player update” was an HTA file (HTML application file) and was designed to execute a PowerShell script to download a payload. On close inspection of the file, Bleeping Computers discovered that the content of the file was nothing more than a handful of malicious javascript code. Wow not bad, got this in today, even had the download popup! /wyQXavBINm A few days ago Skype users noticed that the instant messaging service served a malicious malware masquerading as fake Flash player update. Several users reported this incident on Twitter and Reddit and explained that they noticed an ad which was prompting them to download a malicious file disguised as “Flash player.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |