WoofLocker Malware

A recently updated version of an advanced fingerprinting and redirection toolkit, known as WoofLocker, has been uncovered by cybersecurity researchers. This toolkit has been purposefully designed to facilitate technical support frauds.

Initially highlighted by information security experts in January 2020, this toolkit employs a sophisticated traffic redirection scheme. This involves the utilization of JavaScript within compromised websites to execute anti-bot and Web traffic filtering checks. Subsequently, it serves next-stage JavaScript that directs users toward a browser locker, commonly referred to as a 'browlock.'

This redirection technique further employs steganographic methods to obscure the JavaScript code within a PNG image. This image is exclusively delivered if the validation phase proves successful. Conversely, if a user is identified as a bot or uninteresting traffic, a dummy PNG file that lacks malicious code is employed.

WoofLocker also has been given the moniker '404Browlock.' This is due to the behavior that if a user attempts to directly access the browlock URL without the appropriate redirection or a specific one-time session token, they are greeted with a 404 error page.

It has been confirmed by cybersecurity researchers that the attack campaign associated with this toolkit is still ongoing.

The Cybercriminals Behind WoofLocker Direct Victims Toward Technical Support Frauds

While the tactics and techniques have remained quite similar, there has been a notable enhancement in the infrastructure's resilience. This strengthening aims to thwart any potential attempts to take down the operation.

A significant portion of websites that load WoofLocker are oriented toward adult content. The underlying infrastructure relies on hosting providers located in Bulgaria and Ukraine, strategically chosen to provide the threat actors with heightened safeguards against takedown efforts.

The fundamental objective of browser lockers revolves around enticing targeted victims to seek assistance in resolving fabricated computer issues. The ultimate aim is to establish remote control over the victim's computer, enabling the creation of an invoice that advises the affected individuals to pay for a security solution to address these non-existent problems.

These activities are outsourced to third-party entities operating fraudulent call centers. The individuals responsible for orchestrating the traffic redirection and browlock aspects will receive compensation for each successfully generated lead. The exact identity of the threat actors has so far remained unconfirmed, but evidence suggests that preparations for the campaign were already underway back in 2017.

The Consequences of Falling for Technical Support Fraud Could Be Severe

The ramifications of falling victim to a technical support tactic can be severe and encompass a range of adverse outcomes that can significantly impact individuals, both financially and emotionally. These consequences highlight the importance of staying vigilant and informed to avoid such scams:

• Financial Loss: Technical support frauds often involve convincing victims to pay for unnecessary software, services or fixes. The fraudsters may ask for payment via credit card, wire transfer or gift card. Victims can lose substantial amounts of money and recovering these funds can be difficult.
•  Identity Theft: Some con artists may request sensitive private information, such as login credentials, social security numbers or bank account details. This information can be used for identity theft, leading to further financial losses and long-term consequences.
•  Unauthorized Access: If these fraudsters gain remote access to a victim's computer, they can potentially collect personal files, sensitive data and login credentials. This breach of privacy can have serious implications, including the exposure of personal information or sensitive business data.
•  Malware Infection: The fraudsters may trick victims into downloading unsafe software under the guise of legitimate tools. This malware can lead to data breaches, system instability, and the compromise of personal and financial information.
•  Loss of Trust: Scams erode trust in legitimate technical support services and online interactions. Victims may become wary of seeking help or purchasing products/services online, affecting their ability to navigate the digital world safely.
•  Family and Friends Impact: The con artists may exploit victims' contacts by gaining access to their address books and sending scam messages to family and friends. This can harm relationships and put others at risk.

It's crucial to be cautious and educated about technical support frauds to avoid these severe consequences. Being skeptical of unsolicited communications, verifying the legitimacy of service providers, and practicing safe online behavior are fundamental steps to protect oneself from falling prey to such schemes.