Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo:
https://adguard-dns.io/kb/general/dns-providers/#openbldnet-dns
I am very happy about this event, thank you very much everyone for your support and help! 🤜🤛
Advertising platforms like Google Ads enable businesses to display advertisements to target audiences to boost traffic and increase sales. Malware distributors abuse the same functionality in a technique known as malvertising, where chosen keywords are hijacked to display malicious ads that lure unsuspecting search engine users into downloading certain types of malware.
The following chart represents how the infection starts:
The infection starts once the user searches for “WinSCP Download” on the Bing search engine. A malicious ad for the WinSCP application is displayed above the organic search results. The ad leads to a suspicious website containing a tutorial on how to use WinSCP for automating file transfer:
See more details on Trendmicro blog
FortiGuard Labs recently came across files that look suspicious, even during a cursory review. Our subsequent investigation confirmed that the files are malicious and revealed there is more to them than meets the eye: they are a previously unseen infostealer we have named “ThirdEye”. While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks.
The ThirdEye infostealer has relatively simple functionality. It harvests various system information from compromised machines, such as BIOS and hardware data. It also enumerates files and folders, running processes, and network information. Once the malware is executed, it gathers all this data and sends it to its command-and-control (C2) server hosted at (hxxp://shlalala[.]ru/general/ch3ckState). And unlike most other malware, it does nothing else.
One interesting string unique to the ThirdEye infostealer family (from which we derived its name) is "3rd_eye", which it decrypts and uses with another hash value to identify itself to the C2.
See more details on FortiGuard Labs
Trojanized Super Mario Game Installer Spreads SupremeBot Malware
According to Cyble blog post, the malware is distributed through java.exe is an XMR (Monero) miner which operates stealthily in the background without the user’s knowledge or consent, leading to unauthorized and potentially harmful utilization of computing resources for mining the cryptocurrency Monero (XMR).
When “java.exe” is executed, the malware establishes a connection with a mining server gulf[.]moneroocean[.]stream to carry out cryptocurrency mining activities.
Concurrently, the malware gathers valuable data from the victim’s system, including computer name, username, GPU, CPU, and other relevant details. This sensitive information is then transferred to a Command and Control (C&C) server via the following URL API:
hxxp://shadowlegion[.]duckdns[.]org/nam/api/endpoint[.]php
Be careful and watch what your children play and what applications they install 🧩 on their devices 📲
Today Digital Ocean supported OpenBLD.net DNS
.. step forward in a joyful mood 🥳
In the realm of OpenBLD.net DNS, we're excited to introduce OpenBLD+ mode, a feature designed to take our and your experience to the next level.
Powered by Your Support: Our project thrives thanks to the support of users like you. Today you have the opportunity to subscribe for just $3+ and, in return, gain access to a host of exclusive benefits:
Unlock a World of Benefits with OpenBLD+ and elevate our and your online experience.
Join us today!