Several websites, including news sites, blogs, online stores, and adult sites, have been compromised with scripts enabling fraudulent Google Chrome automatic update prompts that facilitate malware distribution, BleepingComputer reports.
Malicious JavaScript code is being sent to commence the attack, which will be followed by subsequent downloads of additional scripts, whose origins have been obfuscated by the usage of the Pinata InterPlanetary File System service, a report from NTT showed.
Fake Google Chrome error screens indicating a required automatic update will then trigger the download of a 'release.zip' file that has a Monero miner, which leverages the bring your own vulnerable driver technique to facilitate WinRing0x64.sys vulnerability exploitation and acquisition of SYSTEM privileges.
Aside from including scheduled tasks and conducting Windows Defender exclusions, the Monero miner also halts Windows Update and disables antivirus systems before connecting to xmr.2miners[.]com, which is then followed by Monero mining.
Such an attack could be prevented by avoiding security update downloads from third-party sites.
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.
Pro-Russian hacktivist operations Killnet and Passion have leveraged Dstat.cc to promote their DDoS attack capabilities, with the latter touting its abilities to launch level 4 and level 7 intrusions, according to Germany's Federal Crime Police Office, or BKA.
Play, Qilin, Medusa, and LockBit — which was the dominant ransomware operation in 2022 and 2023 before being subjected to law enforcement crackdowns this year — completed the top five, according to an analysis from Check Point.