Malwarebytes’ recent analysis demonstrates that the campaign is still in force. The campaign's modus operandi remains largely unaltered, however, the supporting infrastructure now demonstrates increased resilience against potential dismantling attempts. Ascertaining and understanding the redirection mechanism has become more challenging owing to the implementation of additional fingerprinting checks. These are used for detecting the existence of virtual devices, specific browser extensions, and security tools.
Prominent among the websites employing WoofLocker are adult-content sites. The infrastructure is heavily dependent on hosting providers based in Bulgaria and Ukraine, offering the threat actors amplified protection from take-down attempts. The predominant objective of these browser lockers is to coax targeted victims into seeking assistance to troubleshoot (fabricated) computer issues. This paves the way for gaining remote control over victims’ computers, and subsequently generating an invoice advocating for a security solution.
Depending upon third-party fraudulent call centers, the threat actor behind the traffic redirection and browlock earns remuneration for each successful lead. Although the precise identification of the threat actor remains undiscovered, evidence indicates that preparations for this campaign have been in progress since 2017.
In contrast to other campaigns dependant on acquiring advertisements and addressing hosting providers and registrars in an arcade-style format, WoofLocker presents as a highly stable and low maintenance strategy. The malevolent code has been hosted on compromised websites for years while leveraging reliable registrar and hosting provider services.
It’s noteworthy that many scams aim at young users, seducing them into downloading apps, malware, or surrendering personal details in exchange for illusory rewards on gaming platforms like Fortnite and Roblox. Ensure to stay tuned for your cybersecurity news, insights, and tips.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.