Consequences of the binary options virus campaigns


The threat actors behind the Binary Options campaigns use a web template developed by a legitimate company and have deployed them on malicious sites that appear as legitimate companies. The scammers have attempted to create clone sites that impersonate actual sites. This is done by creating exact copies of their design and similar addresses. An interesting characteristic of the Binary Options attack campaign is that they are meant to be seen if the targets are not infected by the viruses.

The infections are done when the hacker-controlled site forwards the victims to a second site without showing them any content. This second gateway is located on various domains which are rotated according to their availability. It is possible that they registered on a scripted basis. The infection route is the following:. SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly.

When the users interact with the malicious site they come in contact with hacker-controlled ad networks. They redirect them to the second gateways. If the check passes then the victims are redirected to another site. The final payload is a banking Trojan or a ransomware selected based on the geolocation of the victims. The analyzed samples distribute the well-known banking Trojans — Dreambot , Gozi and Usrnif. They are able to inject code into the installed web browsers.

The malware are able to carry out complex surveillanec of the victims by creating screenshots at will, record their computer use and redirect all network traffic. The retrieved samples showcase that the various Trojans are compiled in a modular setup. Initial infection is done by a loader component which downloads the rest of the virus in an encrypted network stream from the remote server.

During the firsts stages of deployment the virus engine checks if there are any running virtual machine instances. This is done to prevent debugging or analysis. Such advanced forms of stealth protection can also protect the virus from detection or removal without the use of a quality anti-spyware solution.

The modules are injected into the explorer. Such virus attacks can deploy a wide variety of viruses. Some of the dangers associated with it include the following:. The hackers have used a clever decoy by stealing the design of a legitimate company and attempting to use the same strategy for drawing in users.

An interesting characteristic of the Binary Options attack campaign is that they are meant to be seen if the targets are not infected by the viruses. The infections are done when the hacker-controlled site forwards the victims to a second site without showing them any content. This second gateway is located on various domains which are rotated according to their availability. It is possible that they registered on a scripted basis. The infection route is the following:.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. When the users interact with the malicious site they come in contact with hacker-controlled ad networks.

They redirect them to the second gateways. If the check passes then the victims are redirected to another site. The final payload is a banking Trojan or a ransomware selected based on the geolocation of the victims. The analyzed samples distribute the well-known banking Trojans — Dreambot , Gozi and Usrnif. They are able to inject code into the installed web browsers.

The malware are able to carry out complex surveillanec of the victims by creating screenshots at will, record their computer use and redirect all network traffic. The retrieved samples showcase that the various Trojans are compiled in a modular setup.

Initial infection is done by a loader component which downloads the rest of the virus in an encrypted network stream from the remote server. During the firsts stages of deployment the virus engine checks if there are any running virtual machine instances. This is done to prevent debugging or analysis. Such advanced forms of stealth protection can also protect the virus from detection or removal without the use of a quality anti-spyware solution. The modules are injected into the explorer.

Such virus attacks can deploy a wide variety of viruses. Some of the dangers associated with it include the following:. The hackers have used a clever decoy by stealing the design of a legitimate company and attempting to use the same strategy for drawing in users. The analyzed campaign used the RIG exploit kit which is a highly modular framework. An experienced hacker can easily modify the kit and integrate additional modules and payloads.

The attackers use a wide range of secondary domains and hacker-controlled ad networks which make it hard to trace down the primary sources of infection.