In the recent days, cybercriminals are found to distribute malware by using a new technique of inviting victims to install a malicious “security certificate update,” when they pay a visit to any compromised websites. Yes, the attackers distribute security certificate update requests, making an attempt to damage the victim with backdoors and Trojans by making use of a malicious installer.
The cybercriminals attract their targets with an error message – ‘NET::ERR_CERT_OUT_OF_DATE’ displayed within an iframe above the website’s actual contents, asking the victim to install the security certificate, for the connection to be successful.
The Security certificates also termed as the digital certificates are released by the Certification Authorities, mainly to encode the communication between the website’s server and the user’s browser. When this security certificate expires, and is not renewed on time, the web browsers usually get an announcement letting the web users about the lack of security levels at the website.
The Malware Attack has been active for the past two months now!
The researchers at the Kaspersky lab have identified the initial signs of this malware attack from January 16, 2020. The security of many websites was compromised and delivered with malware. The alarm notification comprised of an iframe – with contents stacked from third party sources, overlapped on the top of the webpage. The crucial point identified was the URL bar displayed the legitimate address.
The cybercriminals injected the code as jquery.js script, which overlapped the malicious iframe and had the same size of the compromised webpage. The researchers at Kaspersky add that the iframe content is extracted from the address https[:]//ldfidfa[.]pw//chrome.html. Ultimately, the user finds an authentic banter, which prompts to install the security certificate immediately.
The victims, who fall for the tricks of these cyber attackers, will end up downloading a Certificate_Update_v02.2020.exe. This malware will in turn infect their website causing a certificate error. It has also been identified that these attacks result in the Buerak Trojan downloader, which download and install more malware into the infected computers. Ultimately the malware steals the victim’s user credentials, takes control of keystrokes, records the audio every 5 minutes, takes screenshots and captures any information entered on the web browser. So think twice before clicking on any links online, as it might end up damaging your personal computer and website!
Tags: Fake Website Certificate, Malware