Hacked Websites Used to Distribute BadSpace Backdoor
Recently, legitimate websites that have fallen victim to hacking have been utilized by threat actors to distribute the novel BadSpace backdoor on Windows machines, as reported by The Hacker News.
According to a report from G DATA, attackers have inserted malicious code into compromised websites to gather and transmit device information from unsuspecting visitors. This code triggers a fake Google Chrome update pop-up window, which ultimately delivers the BadSpace backdoor or its loader.
Researchers have identified various capabilities of BadSpace, including system data collection, screenshot capturing, anti-sandbox checks, command execution, persistence through scheduled tasks, file manipulation, and scheduled task removal. Additionally, they have found a connection between the campaign’s domains and the SocGholish downloader malware, also known as FakeUpdates.
This latest incident comes on the heels of reports from Sucuri and eSentire, which detailed separate attack campaigns using compromised websites to host fake browser updates that disseminate remote access trojans and information-stealing malware.
