https://urlquery.net/report.php?id=1496588896553
Very good way to trick user into downloading malicious JS that further drops binary that is found as cerber by some AVs.Tried running it in VM but didn’t get any ransomware though.
https://urlquery.net/report.php?id=1496588896553
Very good way to trick user into downloading malicious JS that further drops binary that is found as cerber by some AVs.Tried running it in VM but didn’t get any ransomware though.
Why would this be scary for the average users.
For the most part they would be completely unaware of the potential danger to be at all scared.
For those that are aware, they are probably using browser add-ons like NoScript, RequestPolicy (blocking 3rd party sites), etc. etc. so these experienced users wouldn’t be so scared either. They are also more likely to have disabled (or a simple sicker over) their computer camera.
I forgot to mention that these type of links are posted in chat sites and applications and users click on it curiously to see what has happened.S o adblock and noscript won’t come into play here unless it even spreads from redirection and ads.
Also It behaves very convincingly with a camera click audio in the back and any regular computer user would be convinced.
Hi TrueIndian,
Well one good thing is that Google Safe Browsing blocks it as we see here: https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=http://miragenotax.pw/
→ http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmiragenotax.pw%2F+
Think it wil eventually be taken down like this domain on same IP: https://twitter.com/malwrhunterteam/status/869792704494006272
and will appear here: http://www.justdropped.com/drops/083115com.html
Thanks for the heads-up on this smut scam…
polonus