Hackers are regularly using highly customisable online resources to add social engineering components to render their attacks more effective, according to new research from Malwarebytes.
One website identified by the team features an expansive toolkit that has drawn more than 100,000 visits in the past few weeks, offering design and framework support to attackers.
The resource, dubbed Domen, is built around a detailed client-side script serving as a framework for various update templates designed for both desktop and mobile users in almost 30 languages.
"Over time, we have seen a number of different social engineering schemes," said senior security researcher Jrme Segura.
"For the most part, they are served dynamically based on a user's geolocation and browser/operating system type. This is common, for example, with tech support scam pages where the server will return the appropriate template for each victim.
"What makes the Domen toolkit unique is that it offers the same fingerprinting, and choice of templates thanks to a client-side script which can be tweaked by each threat actor.
"Additionally, the breadth of possible customisations is quite impressive since it covers a range of browsers, desktop, and mobile in about 30 different languages."
The toolkit is loaded as an iframe from compromised websites, most of which run via WordPress, and is displayed over the top as an additional layer. The campaign works by encouraging victims to install updates, like a Flash Player update, but, instead, when clicked, downloads a malicious file.
The campaign also resembles another from 2018 known as SocGholish. Although they are different, both campaigns run on the same principles; in that, they can be found on the same compromised host, abuse a cloud hosting platform like Dropbox, then download a fake 'update' before delivering the NetSupport remote administration tool.
Variants of the social engineering toolkit include Flash Player updates, as well as prompting users to update Chrome, Firefox, or Microsoft's Edge browser.
Social engineering has become a more prominent component of malicious campaigns in recent years due to victims becoming more astute about clear giveaways when it comes to browser-embedded malware and phishing attempts.
An example arose earlier this year of a sophisticated attempt to target C-suite executives within organisations. This featured attackers sending a fake email to executives, centred on rescheduling a board meeting. By following a link, the targets were sent to a page that resembled a Doodle poll, but actually stole their Office 365 credentials.
More recently, the CEO of a UK-based energy firm was tricked into making a fraudulent payment over the phone by AI-powered voice manipulation software. He wired 200,000 to a "Hungarian supplier" at the behest of cyber criminals who were actually mimicking his parent company's chief executive using AI.
With cyber attacks becoming more personalised and sophisticated, it's crucial that organisations become more vigilant over potential threats received via email or while browsing online.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
-
Phishing campaign targets developers with fake CrowdStrike job offersNews Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
-
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a weekNews Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
-
Malware being pushed to businesses by search engines remains a pervasive threatNews High-profile malvertising campaigns in recent months have surged
-
CISA: Phishing campaign targeting US federal agencies went undetected for monthsNews Threat actors used legitimate remote access software to maliciously target federal employees
-
Google Ads malvertising campaign prompts questions around Search securityNews A leading security researcher has called into question why Google still allows malware links to top search results
