Tyler Burns on Nostr: Careful on the Wallstreet Journal website today. I've been investigating a malware ad ...
Careful on the Wallstreet Journal website today. I've been investigating a malware ad campaign that is delivered from their website. Not that anyone should be viewing their news site anyway since it is garbage, but just be extra careful.
It leads to a bogus WSJ website (wsj[.]pm) that says you need to download an extension to continue viewing their website. If you click install it will download malware that runs some malicious powershell scripts.
Hot off the presses showing up just today:
https://www.virustotal.com/gui/file/191a8766da98b1f992072045905cf82c771d8cb9f697d08873686778dc70c7f6/behaviorPublished at
2024-04-24 18:39:08Event JSON
{
"id": "f1af1494bcab0f8a473384f72cd556cb4d4801b2d444b843b14869795415ecb9",
"pubkey": "6c5fbbb2ed7c3a8df0f17376ad38167bef90ad337d0cc46d26f0ca68620b9a71",
"created_at": 1713983948,
"kind": 1,
"tags": [],
"content": "Careful on the Wallstreet Journal website today. I've been investigating a malware ad campaign that is delivered from their website. Not that anyone should be viewing their news site anyway since it is garbage, but just be extra careful.\n\nIt leads to a bogus WSJ website (wsj[.]pm) that says you need to download an extension to continue viewing their website. If you click install it will download malware that runs some malicious powershell scripts.\n\nHot off the presses showing up just today:\nhttps://www.virustotal.com/gui/file/191a8766da98b1f992072045905cf82c771d8cb9f697d08873686778dc70c7f6/behavior",
"sig": "b947f793d651eb92a6b5ac99e223a0e4485b12854aa248356d099fb35c79d554a5542b4f156af7b69392de74f0237946275470d5abc87d9f45e8cfa07a21ba85"
}