Network Security, Malware

Novel BadSpace Windows backdoor spread via hacked websites

Privacy concept: pixelated words Malware on digital background, 3d render

Hacked legitimate websites have been exploited by threat actors to facilitate novel BadSpace backdoor distribution on Windows machines, The Hacker News reports.

Attackers have embedded code in the breached websites that would enable the collection and transmission of device information from first-time site visitors, prompting the overlaying of a fraudulent Google Chrome update pop-up window that would deliver BadSpace or its loader, according to a report from G DATA.

Aside from having system data gathering and screenshot capturing capabilities, BadSpace also allows anti-sandbox checks, command execution, persistence via scheduled tasks, file reading and writing, and scheduled task removal, said researchers, who also discovered an association between the campaign's domains and the SocGholish downloader malware, also known as FakeUpdates.

Such a development follows reports by Sucuri and eSentire detailing separate attack campaigns using breached websites to host fraudulent browser updates that spread remote access trojans and information-stealing malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.