WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

2023-08-19 11:22

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams.

The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve next-stage JavaScript that redirects users to a browser locker.

A majority of the sites loading WoofLocker are adult websites, with the infrastructure using hosting providers in Bulgaria and Ukraine that give the threat actors stronger protection against takedowns.

"The threat actor behind the traffic redirection and browlock will get paid for each successful lead.".

"The websites hosting the malicious code have been compromised for years while the fingerprinting and browser locker infrastructure appears to be using solid registrar and hosting providers."

"By using better filtering before redirecting potential victims to malware, threat actors ensure that their malicious ads and infrastructure remain online longer," Segura said.

News URL

https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html

#scam #tech #techsupport