Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Malware Delivery Through Fake Website Certificate Errors
- This topic has 0 replies, 1 voice, and was last updated 1 year ago by .
-
Topic
-
Attackers Deliver Malware via Fake Website Certificate Errors
If anyone has seen website certification errors, they know that it is generally a good idea to stay away from those websites. The malicious actors behind these attacks use this to their advantage by displaying an iframe from their domain over compromised websites and luring victims into downloading a “fix.” The downloaded file will infect the victim with either the Buerak Trojan or the Mokes backdoor when it is run.
What makes this attack so effective is that it looks similar to the Chrome certificate warning page except for text and button driving the victim to download a file. The URL bar also displays the correct URL for the visited website, so one can’t tell that the current iframe is malicious just by looking at the URL.
You must be logged in to reply to this topic.