Tag: Miner
Roboto Condensed Delivers Downloader Which Downloads a CoinMiner.
My first post on the Roboto Condensed social engineering scheme can be seen HERE. BleepingComputer.com also wrote an article on this. The pages presented to both Chrome and Firefox users can be seen below: Here is an image of the page source: The binary file, fontpackupd60.exe, is being hosted on a compromised website in the /plugins/ ...
“Roboto Condensed” Social Engineering Attack Targets Both Chrome and Firefox Users.
A couple days ago I found a dozen or so domains using a social engineering attack like that of the RELST and HoeflerText campaigns. This attack, which I call “Roboto Condensed” for reasons that will become obvious, targets both Chrome and Firefox users. Users are likely to be redirected to these social engineering domains via malvertising, hacked ...
Rulan Campaign Redirects to RIG EK at 188.225.33.43 and Drops a Miner
Watcha know about Mining!? Today I was doing some digging (no pun intended) into numerous domains used during recent malvertising redirection chains. These domains appear to be related to a campaign dubbed “Rulan”. Let’s start off with showing the redirection chain: As you can see from the TCP streams there are a lot of 302 ...
Campaign Leads to RIG EK and Fake Flash Player Update Site. RIG Drops URLZone and Fake Flash Player Update Drops a Miner.
On 08/02/17 I used the domain www2[.]davidhelpling[.]org to redirect my host to a RIG EK landing page located at 188.225.79.139. RIG ended up dropping URLZone, which is a banking Trojan first discovered in 2009. More recently URLZone has been seen targeting Japan via malspam campaigns. You can read more about URLZone at the link below, as ...
Malware breakdown 