What Does WoofLocker Malware Do To Your Computer?
Cybersecurity experts have uncovered an upgraded version of WoofLocker, a sophisticated toolkit designed for tech support scams. This malicious software, also known as 404Browlock, operates by redirecting users to fake browser lockers via a complex traffic redirection scheme.
The attack starts with JavaScript hidden in compromised websites, conducting anti-bot and traffic checks. If successful, it serves JavaScript code concealed within a PNG image. If a user is deemed uninteresting or a bot, a benign PNG file is displayed.
What and Who does WoofLocker Target?
WoofLocker primarily targets adult websites, making use of hosting providers in Bulgaria and Ukraine for added protection. The goal of browser lockers like WoofLocker is to trick victims into seeking assistance for fake computer issues, gaining remote access for fraudulent purposes.
Despite efforts to trace its origins, the threat actor remains elusive. WoofLocker has maintained its malicious infrastructure for years, offering stability and minimal maintenance. This campaign's latest iteration uses sophisticated techniques to distinguish real browsers from virtual machines, making it challenging to combat.
In addition to WoofLocker, a new malvertising infection chain has emerged, luring users searching for remote access tools into installing malicious software via fraudulent ads on search engines.
These threats highlight the need for robust cybersecurity measures, as malicious actors continue to evolve their tactics to deceive and exploit unsuspecting victims.