When they are part of a redirection chain, exploit kits fingerprint the browser and its plugins then deliver a working exploit. Technique Description: Exploit Kits are malicious web servers automatically chaining browser exploit in order to compromise victim hosts with a malware. Malvertisers creates a vector for malware delivery via ads or legitimate program downloads that in turns download malware without the user consent. Technique Description: A drive-by download attack refers to the unintentional download of malicious code in the form of malware, or PUP/PUAs with or without user interaction. Procedure example: Malvertising campaigns serving Coinhive tag, or the tag of a Coinhive copycat. Some malicious landing pages might attempt to do this client-side, which can hurt the performance and longevity of a device and sometimes even lead to Denial Of Service. Technique Description: Crypto Mining is a CPU intensive process for mining cryptocurrency. Procedure example: eGobbler and Nephos7 delivering carrier-branded "CC-Submit" scams. Technique Description: Carrier Branded Scams are landing pages where the victim is presented with a fake message from their local ISP (or mobile phone carrier) inviting them to enter their credit card information to confirm their prize. Procedure example: Malvertising Attack Hijacks 300 Million Sessions Over 48 Hours redirecting victim to gift card scams. The victim's data is then packaged and sold or used for CPA / affiliate scams. In reality, there is never a gift card provided, but the victim gets lured into a near un-ending chain of filling out these forms. In order to claim the gift card the victim has to fill out a form with their email address or other contact information. Technique Description: Gift Card Scams are landing pages that tell the victim they have won an e-commerce gift card, usually to a major retailer.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |