Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]

During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware.  In recent days, I’ve noticed multiple waves of malspam every weekday.  It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam.

Today’s malspam had links to fake Dropbox pages.  If you viewed the pages in Chrome or Firefox, they showed a fake notification stating you don’t have the HoeflerText font.  These fake notifications had an “update” button that returned a malicious JavaScript (.js) file.  These .js files were disguised as a font library.

Of note, I was unable to get any malware when using Internet Explorer or Microsoft Edge.

For more, click here.

Recommended Posts

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping

সাইবার-নিরাপত্তা-সূচকে-এগিয়েছে-বাংলাদেশ

30 Jun 2021 - CIRT In Media, News Clipping

Lazarus supply‑chain attack in South Korea [welivesecurity]

22 Nov 2020 - CIRT In Media, News Clipping