all InfoSec news
Satacom delivers browser extension that steals cryptocurrency
Malware Analysis, News and Indicators - Latest topics malware.news
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some of these sites do not deliver Satacom themselves, but use legitimate advertising plugins that the attackers abuse to inject malicious ads into the webpages. The …
base64 browser browser extension cryptocurrency distributed dns extension family malware order party servers stage third third-party url