Threat actors behind the sophisticated fingerprinting and redirection toolkit WoofLocker, also known as 404Browlock, which uses site-embedded JavaScript to facilitate redirections to a browser locker in tech support scams have updated its infrastructure to better avert attempted takedowns, reports The Hacker News.
Attacks leveraging WoofLocker continue to be underway, with adult websites mostly used to load the toolkit and hosting providers in Ukraine and Bulgaria comprising its infrastructure, according to a Malwarebytes report.
"Unlike other campaigns that rely on purchasing ads and playing whack-a-mole with hosting providers and registrars, WoofLocker is a very stable and low maintenance business. The websites hosting the malicious code have been compromised for years while the fingerprinting and browser locker infrastructure appears to be using solid registrar and hosting providers," said Malwarebytes Director of Threat Intelligence Jerome Segura.
The findings follow another Malwarebytes report detailing the utilization of fraudulent ads in search results for remote access programs and scanners that trigger information-stealing malware infections.
