Weekly Threat Report: Jan. 8

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 8th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: e64f0fe9e6a80807640b81600c168af3e335a12d91b1dc2e2df20d2ae04fed8a

ConcealBrowse first detected this URL on January 8th,?2024. Only one other vendor annotated the URL on the 8th, and only 2 total vendors are reporting it as phishing at the time of this report. Conceal prevented this new threat, further assigning a 14% risk and highlighting the importance of real-time analysis.

Despite several vendors not identifying this page as malicious, it has been shown to download a phishing HTML to visitors, leverage hidden URLs and JavaScript, and the server where this site is hosted is also hosting cc, ru, and .ws domains. Adversaries commonly use these TLDs.

_____________

SHA-256: bb4cd8d523d0ce1ee335b18573829db74b8ccca8d386e0badcb7d75aa1c2dedc

ConcealBrowse detected this URL on January 8th, 2024. It was first identified by 7 security vendors on August 24th, 2023. ConcealBrowse intervened as the webpage loaded to the endpoint, assigning the page a 38% risk.

The webpage uses a redirect, which loads a blank page currently. However, it was historically loading the screenshot pictured below. The webpage prompts the users to allow notifications that, once enabled, execute numerous JavaScripts found embedded within the webpage’s HTML source code. The body hash (annotated above) has been flagged by over 10 security vendors. These vendors classified the page as a known adware distributor. The domain listed above and the redirected domain should be avoided, as most of their subdomains have also been annotated as such.

_____________

SHA-256: fd2f020c87981687a1a05917e1e0f2f672533b29bf0d58d5ab6f945f7bdab389

The URL was detected by ConcealBrowse on January 3rd, 2024. It was detected by various security vendors on January 2nd, 2024, and is currently flagged by 15 vendors. Classified as?malicious and phishing, this newly registered domain and subsequent webpage were further analyzed and deemed proximal by ConcealBrowse, meaning it is cohosted with other malicious domains.

Since the delivered webpage now has no content, it may appear safe. However, there is a lingering threat. ConcealBrowse flagged this webpage with our in-house indicator known as “proximity.” This means that the page is hosted on a server that hosts other sites known to deliver malware or phishing campaigns. After further analysis, the server has been seen to be hosting malicious sites. Some of these sites are delivering encoded files to their victims that enable them to bypass traditional antivirus products, exhibiting MITRE ATT&CK tactics such as defense evasion. Due to the affiliation with this enabling server, ConcealBrowse intervened.

_____________

Valuable Outcomes

As this recent threat report exemplifies, the ConcealBrowse detection and intervention on the identified URLs underscore the critical importance of real-time analysis in safeguarding users from evolving cyber threats. While only a limited number of vendors initially annotated the URLs as potentially malicious, ConcealBrowse's proactive approach proved instrumental in unveiling the hidden risks. The varied nature of these threats, ranging from phishing attempts to the hosting of domains associated with malicious activities, emphasizes the sophistication and adaptability of cyber adversaries. The concealment of malicious intent through tactics such as blank pages and prompt notifications further underscores the need for continuous vigilance. The timely intervention by ConcealBrowse, assigning risk percentages and employing indicators like "proximity," serves as a testament to the efficacy of advanced threat detection measures in mitigating potential harm. As evidenced by the cohosting of the identified URLs with other malicious domains, the interconnected landscape of cyber threats necessitates comprehensive and dynamic security solutions. The ConcealBrowse platform's ability to identify and neutralize such threats exemplifies its role as a crucial component in the ongoing battle against cyber adversaries.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.