⇄ Σ = Mᄃ² ⇆  

Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.

The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish.

insight-jp.nttsecurity.com/pos

1+
⇄ Σ = Mᄃ² ⇆
Follow

BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores.

bleepingcomputer.com/news/secu

According to VirusTotal, the malware uses the "BYOVD" (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

virustotal.com/gui/file/2afdcf

· 1· 1· 4
Hakomo 🇮🇱 🇺🇦 🇹🇼  

@ecksmc

"Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether."

Dead give away

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…