The hijacked domains are used to host massive numbers of URLs that ship customers to websites internet hosting scams and malware by the use of totally different site visitors distribution methods (TDSs), the report says.
The mixing of malicious push notifications to idiot finish customers within the assault chain acts as a power multiplier, it provides. These notifications attempt to persuade staff to click on on a hyperlink to replace their anti-virus, activate their firewall, or contact Microsoft assist. The hyperlinks, after all, obtain malware or result in websites demanding fee for assist.
“Maybe probably the most outstanding factor about Hazy Hawk is that these hard-to-discover, susceptible domains with ties to esteemed organizations should not getting used for espionage or ‘intellectual’ cybercrime,” the report says. “As a substitute, they feed into the seedy underworld of adtech, whisking victims to a variety of scams and faux functions, and utilizing browser notifications to set off processes that may have a lingering influence. Hazy Hawk is indicative of the lengths rip-off artists will go to get a portion of the multi-billion-dollar fraud market.”
