Hacked legitimate websites have been exploited by threat actors to facilitate novel BadSpace backdoor distribution on Windows machines, The Hacker News reports.
Attackers have embedded code in the breached websites that would enable the collection and transmission of device information from first-time site visitors, prompting the overlaying of a fraudulent Google Chrome update pop-up window that would deliver BadSpace or its loader, according to a report from G DATA.
Aside from having system data gathering and screenshot capturing capabilities, BadSpace also allows anti-sandbox checks, command execution, persistence via scheduled tasks, file reading and writing, and scheduled task removal, said researchers, who also discovered an association between the campaign's domains and the SocGholish downloader malware, also known as FakeUpdates.
Such a development follows reports by Sucuri and eSentire detailing separate attack campaigns using breached websites to host fraudulent browser updates that spread remote access trojans and information-stealing malware.
