More threat actors have been using a free browser automation framework in deploying attacks, according to The Hacker News. Various features within the framework could be leveraged for malicious activities, a report from Team Cymru researchers revealed.
"The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling," researchers wrote. The report also showed that Bablosoft, which developed the Browser Automation Studio, had its downloads subdomain connected to the command-and-control IP addresses of the RedLine Stealer, BlackGuard, and Bumblebee malware strains, prompting researchers to believe that the Bablosoft subdomain connections are being used by various malware operators for post-exploitation activities.
"Based on the number of actors already utilizing tools offered on the Bablosoft website, we can only expect to see BAS becoming a more common element of the threat actor's toolkit," added researchers.