Malwarebytes prevents threats in real-time, crushes ransomware, defends against harmful sites, and cleans and removes malware. Traditional antivirus alone is no longer sufficient against today’s sophisticated malware threats.
#MALWAREBYTES GOOGLE DRIVE SOFTWARE#
The only real difference here is that the links include the Google name and could be less suspicious to a careless eye. Malwarebytes security software has multiple layers of malware-crushing tech, including virus protection. I suppose this makes it harder to block them on a domain level or some such, but the exact same thing could be done with any pastebin, or any service that lets you upload arbitrary files and link to them. If I understand correctly, there’s nothing special about their use of Drive here. So bad guys are using Google Drive to host their injected Javascript blobs? They could do that from literally any other webhost that would take them (before it’s removed, anyway), including a server in their garage. The headline seems a bit misleading, as it could imply that this is due to some flaw in Google Drive, or that Google can do anything about it other than blocking these accounts as they’re created or trying to detect malicious Javascript, either of which are whack-a-mole games that will inevitably bleed over to affect normal users. This time, the call to the Google Drive URL is heavily obfuscated:
#MALWAREBYTES GOOGLE DRIVE UPDATE#
We discovered an update to the initial code injection pictured in Figure 2. Read more about it from Kafeine in this stellar blog post he wrote). (We call this exploit kit Popads but it should really be called Magnitude now. From there, the code snippet loads the “.tk” TDS which in turn redirects the user to an exploit page. The compromised site (calls the external JavaScript on Google’s servers. Some of you may recognize this URL as the “Simple TDS”, an old, but yet still active traffic distribution system that is redirecting traffic to an exploit kit landing page:įigure 4: Infection process as shown in Fiddler capture tk is the TLD for Tokelau which over than its sandy beach image is often associated with malware and phishing attacks.) Now we know the motive: to redirect users to a ‘.tk’ URL (. Figure 3: Analyzing Google Drive uploaded script with Revelo
0 kommentar(er)
