The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
Malwarebytes: New malsmoke campaign targets adult site visitors with ZLoader . It exploits a fake Java update, social engineering, and a decoy page filled with adult images purporting to be movies
Adult site visitors have been targeted by Malsmoke cybercrime group with ZLoader via fake Java update and social engineering campaign. It has been discovered by Malwarebytes cybersecurity experts. It uses a decoy page filled with adult images purporting to be movies to get people to play adult videos that do not actually exist. The deceptive file would open in a new browser window and instead of images, victims would get a pixelated view and a few seconds of audio to keep them enticed. After a few seconds, users would see an overlay message telling them that Java Plug-in needs to be installed for the video to play correctly. Moreover, the fake Java update (JavaPlug-in.msi) is a digitally signed Microsoft installer that contains a number of libraries and executables, most of which are legitimate.