Thursday, January 27, 2022

Chrome ups its defenses against Blackhole

With the new updates to Blackhole, users are introduced with some kind of loading, waiting, or connecting to server message before they get redirected to the compromised website.

After the redirect, a script that is contained on the web server checks the user agent string and identifies the browser. If the web browser is detected as Internet Explorer or Firefox, then Blackhole carries out its normal payload, trying to exploit any number of Reader, Java, or Internet Explorer vulnerabilities.

However, whenever a user is running Chrome, a second redirect occurs, directing that user to fake Chrome update installer that they must agree to download.

Shukor, a security researcher, claims this method of infecting users put in place by the Blackhole exploit coders is because of Chrome’s method of rendering PDF files in its non-Adobe PDF reader and a feature that requires user permission before running any kind of Java applets.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …