Black Hat SEO Leveraged to Distribute Malware
IntroductionZscaler ThreatLabz researchers recently encountered a significant number of websites associated with fraudulent activities being hosted on popular web hosting and blogging platforms. Threat actors intentionally create these sites to spread malware by using the proliferation of web hosting platforms to manipulate search engine results – something called SEO poisoning, ... Read More
Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla
Introduction First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions ... Read More
Browser-in-the Browser sextortion scam makes victims pay by imitating Indian Gov
Phishing has been a prominent cyber threat for decades, stealing the spotlight as the most prevalent attack vector for years, but the latest breed of attacks is more sophisticated and complicated to protect against than ever before. Attackers are always looking for new techniques to bypass security measures and remain ... Read More
New Phishing Trends and Evasion Techniques
Zscaler ThreatLabZ researchers recently came across multiple phishing campaigns using novel obfuscation and evasion techniques. In this blog, we will present an analysis of four phishing campaigns and the various obfuscation methods used in each, also describing some of the tools the attackers used to obfuscate their JavaScript code. JavaScript ... Read More
