Wednesday, May 28, 2025
HomeHacksAsk.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Ask.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Published on

SIEM as a Service

Follow Us on Google News

Ask Partner Network (APN) has been compromised twice within 2 month since 2016 November. Researcher’s Discovered deliver malware to computers running the Ask.com Toolbar.

First Attack took place at the November Reported by Red Canary security and discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints.

Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud.

- Advertisement - Google News

Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.

Second Attack initiate RAT in victim’s PC

Carbon Black Detected and Reported that attackers used this RAT to open a reverse command shell on the victim’s computer. All of this happened in 60 seconds after the delivery of the malicious update.

“Carbon Black Threat Research team confirmed this to be a continuation of the earlier activity, and indicative of a sophisticated adversary based on the control of a widely used update mechanism to deliver targeted attacks using signed updates containing malicious content.”

Second Attack Detected that originated from the APN Updater using malware signed with the certificate issued .

Less Than 60 Seconds to Gain Access

Carbon Black Reported that ,We have warned about the dangers of Potentially Unwanted Programs and Applications (PUP/PUA) several times but this breach provides direct evidence that a threat actor is making use of PUPs and their infrastructure for more targeted and highly malicious activities.

“Within one minute of gaining access to the target endpoint the attacker had launched a remote command shell and within 45 minutes “ of initial access they had captured credentials and were moving laterally in the network.

The RAT utilized as a part of this second assault was marked by the APN testament issued after the primary Attack, which in all likelihood implies the assailants kept up an a dependable balance on APN’s system after designers cleaned servers after the principal Attack.

Also Read :

Latest articles

Hackers Circulate Over 93 Billion Stolen User Cookies on the Dark Web

Web cookies, those ubiquitous pop-ups we routinely dismiss with a click, are small text...

Robinhood Ransomware Operator Arrested for Attacks on Government and Private Networks

On May 27, 2025, Iranian national Sina Gholinejad, 37, pleaded guilty in a North...

CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection

In today’s rapidly evolving threat landscape, Security Information and Event Management (SIEM) and Security...

MATLAB, Serving Over 5 Million Users, Hit by Ransomware Attack

MathWorks, the renowned developer of MATLAB and Simulink, has been grappling with the aftermath...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95%...

Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors

Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of...

Iranian Cybergroup Toufan Targets Organizations to Steal Login Credentials

A pro-Palestinian cybergroup called Cyber Toufan, which means "cyber storm," has become a serious...