![]() ![]() ![]() Kovter was first discovered in 2013, and its particular ransomware variant typically targets visitors to adult and illegal websites. Segura pointed out that it’s a simple way to mark the PC as already hit and possibly infected, so that no effort is wasted to try and infect it again.Īs for the payload, Segura said that it looks like the Kovter ransomware and ad fraud malware. The attack also involved placing a cookie on the user’s machine, which the code checks for at the beginning of the attack. “Rather than directly inserting a malicious iframe to the exploit kit landing, they chose to build it on the fly by retrieving the content from an external. ![]() “The author had some fun trying to make things a little more complicated,” Segura said. But it turns out, the site itself has been compromised and serves a well-hidden iframe. Given the large amounts of ads on the SubTorrents site, it would have been fair to suspect a malvertising issue. “On top of fake files that waste your time and bandwidth, users have to navigate through a sea of misleading ads and pop-ups.” “Downloading illegal torrents is dangerous business,” said Jerome Segura, senior security researcher at Malwarebytes Labs, in a blog. File-sharing site SubTorrents, which is very popular in Spain and Latin America, is silently infecting users with a Trojan, thanks to the help of the Fiesta Exploit Kit.Īs soon as someone visits the website, they’re subjected to a silent redirection to the malicious payload.īeside the illegal nature of downloading music and movies from Torrent sites in some countries, many sites that index torrents are filled with aggressive ads that trick the user into running programs and other junk that they don’t need, including malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |