惡意程式FakeBat藉由偷渡式下載植入受害電腦
支付動態 · 2024-07-05
資安業者Sekoia針對惡意程式載入工具FakeBat的攻擊態勢提出警告,他們發現相關威脅升溫,是今年第一季駭客偏好用來散布其他惡意軟體的工具之一
另一種攻擊手法是在合法WordPress網站植入惡意HTML及JavaScript指令碼,在用戶瀏覽頁面時,跳出目前系統偵測到Chrome存在漏洞、用戶必須更新的警示訊息,一旦使用者按下網頁上的「更新」按鈕,電腦就會被重新導向,下載FakeBat。Sekoia透過程式碼搜尋引擎PublicWWW與網際網路IT設備資訊搜尋引擎FOFA,找尋被植入上述程式碼的網站,結果分別找到超過250、120個,但研究人員認為這個結果可能低估了真實情形,推測應有數千個WordPress網站受害。
最後一種是藉由社交工程的手法進行,駭客假借提供Web3即時通訊軟體getmess[.]io,企圖散布FakeBat,為了讓使用者不疑有他,對方不僅設置專屬網站,還建立社群網站資料,上傳宣傳用的影片。研究人員指出,這些駭客其實是模仿名為Beoble的合法解決方案。
但特別的是,使用者必須透過其他用戶邀請才能取得「應用程式」,這麼做的目的是為了增加可信度。而這些提供邀請碼的來源,研究人員發現對方利用X或Telegram遭竊的帳號來進行,也有部分Discord帳號可能受害。
Popular articles
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Kazakhstan plans to penalise online casino promotions
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
British gambling levy rates confirmed for each vertical
Regulation
