Phony Website Copying Symantec’s Blog Disseminates Malicious Program
Symantec the software company based in California in a new report warns about one phony website that is a copy of Symantec's blog. As a matter of fact, the phony online site shows exactly the matter which Symantec's blog contains. Moreover, the site tries to dupe visitors in a way that they would open infected pages.
The symantecblog[dot]com URL lists the phony website, which features an SSL certificate that is its own. But as security firm Malwarebytes states Comodo issued this certificate rather than Symantec. While exploiting fear of visitors accessing the site, the phony blog alerts about one fresh edition of the CoinThief malicious program that seemingly made its debut during 2014.
In a most recent trick, the fake blog has been utilized for contaminating MacOS computers via a malicious payload called Proton that creates one backdoor to filch cookies, keychain information along with more details.
The infected web-pages present certain web-link to the visitors leading onto 'Symantec Malware Detector' free security software but fake software which, says Symantec, claims towards identifying and eliminating contaminations that the CoinThief variant causes. The web-link starts downloading OSX.proton malicious software which grabs precious information such as passwords via certain backdoor on contaminated PCs while likely pulls down more malware as well. Financemagnates.com posted this on the Web dated November 22, 2017.
Once executed, OSX.proton looks genuine by even utilizing Symantec's logo. By telling end-users towards allowing for a check, Proton indicates their consent would transmit one random report about improvement of heuristic engine to Symantec Inc.
The phony Symantec security software had the signature of the developer named Sverre Huseby who engaged one certificate group featuring an E224M7K47W Identity. Considering that the administrative password of the victimized end-user is stolen, the attackers manage decrypting the keychain information. More details the attackers steal include GPG passwords, 1Password vaults, and browser auto-fill database.
Reed suggests end-users activate 2F-authentication that would make the damage minimum following a hack of the above kind. Symantec stated that its brand teams and brand legal were wary about the phony blog while they were working to find a solution.
» SPAMfighter News - 28-11-2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!