The prime target of this malware campaign is unsuspecting users on Windows 10.
Rapid7 Managed Detection and Response team has shared details of their newly identified malware campaign, urging unsuspecting Windows users to remain cautious. This campaign is designed to steal sensitive data and cryptocurrency from infected PCs.
In the latest campaign, the attackers install the payload as a Windows application after it is delivered to the device through a compromised website on Google Chrome ad service and bypasses the UAC (User Account Control), the exclusive cybersecurity protection in Windows OS.
It is worth noting that Windows 10 is the primary target of malware operators.
“Attackers are using a compromised website specially crafted to exploit a version of the Chrome browser (running on Windows 10) to deliver the malicious payload, researchers found. Investigations into infected users’ Chrome browser history file showed redirects to several suspicious domains and other unusual redirect chains before initial infection,” Rapid7 blog post read.
The first domain studied for this investigation was birchlerarroyo[.]com.
The attack chain is initiated when a user of the Chrome browser visits an infected