Hackers drop malware through fake security certificate alerts

A new and dangerous way of spreading malware is being used by the attackers.

Spreading malware already had various successful and trapping ways. Attackers have used updates, malicious web links, attachments, files, etc. for feeding their purpose. In recent research, an all-new way of distributing malware was found to be used by the attackers which is quite subtle and dangerous at the same time.

According to the reports attackers have attacked various web sites and have turned them to malicious ones. Once the user visits these web sites a message is popped up declaring that the security certificate of the website has expired and requires an immediate update. Security certificates are crucial and hence the user tries to update it as soon as possible, unaware of the fact that this update is actually Mokes or Buerak malware.

Mokes is a backdoor that infects macOS and Windows systems and has the capability to perform execution of codes, capturing screenshots, and stealing sensitive data. Buerak is a trojan that generally targets Windows-based systems and can manipulate processes, execute codes, steal data, increases persistence using registry keys, and identifies various different sandboxing and analytical mechanisms.

Research has also revealed that the malicious sites are commonly used and are quite large in number. The attackers have made sure on their part to target as large populations as possible. To counter such hacking efforts of attackers, NPAV recommends users never visit and update sites or related files that can harm the system or can provide access to the system. Downloading security plugins and certificates must be carried out only via trusted sources.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *