A Malicious Software Downloader called ICLoader through Popup Ads and over hundreds of websites are pushing various PUA such as Botnets, cryptocurrency Miners and also a emerging GandCrab ransomware.
Malware Files are sharing via Popup Ads and distributing over Hundreds file sharing websites and fake software sharing sites and advertisement maker websites which all are still alive.
Malicious ICLoader Targeting a specific set of software users and it pop-up malicious ads with those software names in a compromised website that contain a high visitors traffic.
Once the victims click the link, it redirects to traffic management server where a user will reach the ICLoader page and link will drop the ICL Downloader.
Also, ICLoader has a different hash value every time it is downloaded from the server and ICLoader server distribute a zip archive which contains the ICLoader software.
According to TrendMicro, The ICLoader file has the name of the software that the victims originally intended to download, which is part of the ruse to convince victims that the download is legitimate. Once victims execute the ICLoader file, they will see the typical software installation instructions and steps. All of the PUA software we tracked were also signed with a valid COMODO certificate, which adds to the appearance of validity.
Later ICLoader downloads and installs the legitimate software and later it communicates with C&C Server to receive an aditional malicious files.
This ICLoader previously installed either installed or additionally loaded seven different groups of botnets, four different cryptocurrency miners, and the GandCrab ransomware
Cryptocurrency miner download link contains a shortened URL shortened URLs show that the miner botnet has around 80 thousand victims that constantly load their miner and mine for them every day.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…