Malsmoke
Malsmoke is a threat actor that specializes in delivering banking Trojans through browser tactics and vulnerabilities. This group's attacks may use passive software weaknesses, such as outdated Internet Explorer or Flash, and other techniques, such as fake media player updates. Users should remove Malsmoke threats through proper anti-malware services and immediately change all affected credentials, such as passwords.
Look Who's Smoking Up a Cloud of Banking Problems
Two spyware campaigns with slightly different tactics but decidedly shared interests in plundering are at the heart of the new Malsmoke group decidedly. The threat actor is targeting victims relatively indiscriminately and opportunistically. Malsmoke's name is from their preferred use of SmokeLoader – a Trojan downloader also associated with threats like Buer, Trojan.TrickBot, and the RIG Exploit Kit. The final stages of their attacks proceed to collecting passwords and compromising some of the most valuable Web-browsing content available: bank accounts.
As described above, Malsmoke shows some flexibility in their methods of infecting victims. Only observable as of 2020, the hacking gang first used Exploit Kits or EKs: bundles of software vulnerability-exploiting packages that abuse outdated versions of IE, Flash, JavaScript, Java, etc. The drive-by-download installed Smoke Loader, which is a Trojan downloader with optional data-collecting modules.
However, malware experts recommend that Web surfers pay more attention to the 'upgrade' of Malsmoke's campaign. The second iteration involves a prolific compromise of advertising channels for adult websites like xhamster. Instead of depending on old software, this drive-by-download displays a pop-up with supposedly-malfunctioning video playback. It then requests a Java 8.0 update and provides a download that is, of course, another Trojan that drops the ZLoader banking Trojan.
Clearing Out Fumes While Browsing Websites
Malsmoke's pair of campaigns are far from the first deployments of the Smoke Loader, Zloader, or other multi-functional Trojans with threat-downloading and password-snatching features. Hopefully, Windows users already have adequate protection from exploit kits by installing security patches and disabling unsafe browser features like JavaScript. Savvy Web media audiences also might notice that it's unlikely that Java would ever be part of a website's video-streaming content, even though similar tactics could just as well use Flash or JavaScript themes.
Users never should install software updates without guaranteeing the authenticity of their sources. They can procure updates for any media players and video playback packages from official websites and should always refuse update prompts occurring through failed movie links, pop-ups, or advertisements. Since all known Malsmoke payloads breach bank accounts and collect varied personal information, users also should monitor account histories for unauthorized activities and change their passwords as soon as possible after any attacks.
Due to not encompassing a single threat, malware experts can't promise consistent identification for this group's attacks. However, most Windows security products should easily remove Malsmoke payloads involving ZLoader or SmokeLoader.
Frustration over getting error messages instead of titillation might lead some erotica fans into compromising their finances all-too-easily. Like most 'hackers' of the day, Malsmoke enlists their victims in the infection proceedings, meaning that the responsibility for safety falls on individual Web surfers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.