Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors.
According to the security firm itself, the attackers set up the domain “malwarebytes-free[.]com” with a domain registrar in Russia in late March. “We don’t expect to hear from either the registrar or hosting provider,” Malwarebytes researchers told Threatpost, noting that the website is still active.
“Examining the source code, we can confirm that someone stole the content from our original site but added something extra,” according to a posting from the security firm this week. “A JavaScript snippet checks which kind of browser you are running, and if it happens to be Internet Explorer, you are redirected to a malicious URL belonging to the Fallout exploit kit.”
Read more…
Source: ThreatPost