Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]
During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware. In recent days, I’ve noticed multiple waves of malspam every weekday. It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam.
Today’s malspam had links to fake Dropbox pages. If you viewed the pages in Chrome or Firefox, they showed a fake notification stating you don’t have the HoeflerText font. These fake notifications had an “update” button that returned a malicious JavaScript (.js) file. These .js files were disguised as a font library.
Of note, I was unable to get any malware when using Internet Explorer or Microsoft Edge.
For more, click here.
Recommended Posts
Lazarus supply‑chain attack in South Korea [welivesecurity]
22 Nov 2020 - CIRT In Media, News Clipping
BlockThreat – Week 26, 2020
08 Jul 2020 - News Clipping