The hijacked domains are used to host massive numbers of URLs that ship customers to websites internet hosting scams and malware by means of completely different visitors distribution programs (TDSs), the report says.
The mixing of malicious push notifications to idiot finish customers within the assault chain acts as a power multiplier, it provides. These notifications attempt to persuade staff to click on on a hyperlink to replace their anti-virus, activate their firewall, or contact Microsoft help. The hyperlinks, after all, obtain malware or result in websites demanding cost for help.
“Maybe probably the most exceptional factor about Hazy Hawk is that these hard-to-discover, susceptible domains with ties to esteemed organizations will not be getting used for espionage or ‘intellectual’ cybercrime,” the report says. “As a substitute, they feed into the seedy underworld of adtech, whisking victims to a variety of scams and faux purposes, and utilizing browser notifications to set off processes that may have a lingering influence. Hazy Hawk is indicative of the lengths rip-off artists will go to get a portion of the multi-billion-dollar fraud market.”
