A campaign nicknamed "sczriptzzbn inject" can be identified by script using a variable named sczriptzzbn injected into files returned from a compromised website. This injected script causes a fake browser update page to appear in the victim's browser.
REFERENCE: https://isc.sans.edu/diary/rss/29170
TAGS: RAT, Malware, Fake Browser
MALWARE FAMILY: RAT
ATT&CK IDS: TA0003 - Persistence, T1055 - Process Injection, T1219 - Remote Access Software
Read More:
Comments