fake browser updates Archives

Winsage

June 19, 2024

Novel BadSpace Windows backdoor spread via hacked websites

Legitimate websites hacked to distribute BadSpace backdoor on Windows machines. Malicious code inserted into compromised websites triggers fake Google Chrome update pop-up window delivering BadSpace backdoor or its loader. BadSpace capabilities include system data collection, screenshot capturing, anti-sandbox checks, command execution, persistence through scheduled tasks, file manipulation, and scheduled task removal. Connection found between campaign's domains and SocGholish downloader malware. Other attack campaigns using compromised websites to host fake browser updates to disseminate remote access trojans and information-stealing malware also reported.

Winsage

June 17, 2024

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate websites compromised to distribute Windows backdoor known as BadSpace through fake browser updates. Threat actors using multi-stage attack chain involving infected websites, command-and-control servers, fake browser updates, and JScript downloader. Malware details shared by researchers kevross33 and Gi7w0rm. BadSpace includes anti-sandbox measures and establishes persistence using scheduled tasks. Other campaigns using fake browser updates on compromised sites to distribute information stealers and remote access trojans.