www.silentpush.com
Open in
urlscan Pro
2606:4700:20::681a:b95
Public Scan
URL:
https://www.silentpush.com/blog/google-malvertising/
Submission: On October 16 via manual from US — Scanned from DE
Submission: On October 16 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3
<form id="hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3"
class="hs-form-private hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3 hs-form-74caba7a-d0e8-455c-910c-bb3c0d8282c3 hs-form-74caba7a-d0e8-455c-910c-bb3c0d8282c3_8de39715-e068-412c-8707-f1b40c906533 hs-form stacked"
target="target_iframe_74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-instance-id="8de39715-e068-412c-8707-f1b40c906533" data-form-id="74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-portal-id="9153394"
data-test-id="hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-74caba7a-d0e8-455c-910c-bb3c0d8282c3" class="" placeholder="Enter your Sign Up For Research Alerts"
for="email-74caba7a-d0e8-455c-910c-bb3c0d8282c3"><span>Sign Up For Research Alerts</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-74caba7a-d0e8-455c-910c-bb3c0d8282c3" name="email" placeholder="Email Address" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_recaptcha hs-recaptcha field hs-form-field">
<div class="input">
<div class="grecaptcha-badge" data-style="inline" style="width: 256px; height: 60px; box-shadow: gray 0px 0px 5px;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA" width="256" height="60" role="presentation" name="a-267hcj3bwzqr" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2lsZW50cHVzaC5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&badge=inline&cb=mad2lqg0yt4q"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div>
</div><input type="hidden" name="g-recaptcha-response" id="hs-recaptcha-response" value="">
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Sign Up"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1729045162818","formDefinitionUpdatedAt":"1724841219434","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","renderRawHtml":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36","pageTitle":"\"Ad-versaries\": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more. - Silent Push","pageUrl":"https://www.silentpush.com/blog/google-malvertising/","isHubSpotCmsGeneratedPage":false,"contentType":"blog-post","hutk":"33c78e1429d5a5111f1b8112e514f5ec","__hsfp":90950173,"__hssc":"167896958.1.1729045163861","__hstc":"167896958.33c78e1429d5a5111f1b8112e514f5ec.1729045163861.1729045163861.1729045163861.1","formTarget":"#hbspt-form-8de39715-e068-412c-8707-f1b40c906533","rumScriptExecuteTime":1538.7999992370605,"rumTotalRequestTime":1758.7999992370605,"rumTotalRenderTime":1786.5,"rumServiceResponseTime":220,"rumFormRenderTime":27.700000762939453,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1729045163911,"originalEmbedContext":{"portalId":"9153394","formId":"74caba7a-d0e8-455c-910c-bb3c0d8282c3","region":"na1","target":"#hbspt-form-8de39715-e068-412c-8707-f1b40c906533","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"8de39715-e068-412c-8707-f1b40c906533","renderedFieldsIds":["email"],"captchaStatus":"LOADED","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1729045162902,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"\\\"Ad-versaries\\\": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more. - Silent Push\",\"pageUrl\":\"https://www.silentpush.com/blog/google-malvertising/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1729045162904,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1729045163863,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"33c78e1429d5a5111f1b8112e514f5ec\",\"contentType\":\"blog-post\"}"}]}"><iframe
name="target_iframe_74caba7a-d0e8-455c-910c-bb3c0d8282c3" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3
<form id="hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3"
class="hs-form-private hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3 hs-form-74caba7a-d0e8-455c-910c-bb3c0d8282c3 hs-form-74caba7a-d0e8-455c-910c-bb3c0d8282c3_98ecc128-883d-4632-a720-6fbaaebe37ba hs-form stacked"
target="target_iframe_74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-instance-id="98ecc128-883d-4632-a720-6fbaaebe37ba" data-form-id="74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-portal-id="9153394"
data-test-id="hsForm_74caba7a-d0e8-455c-910c-bb3c0d8282c3" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-74caba7a-d0e8-455c-910c-bb3c0d8282c3" class="" placeholder="Enter your Sign Up For Research Alerts"
for="email-74caba7a-d0e8-455c-910c-bb3c0d8282c3"><span>Sign Up For Research Alerts</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-74caba7a-d0e8-455c-910c-bb3c0d8282c3" name="email" placeholder="Email Address" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_recaptcha hs-recaptcha field hs-form-field">
<div class="input">
<div class="grecaptcha-badge" data-style="inline" style="width: 256px; height: 60px; box-shadow: gray 0px 0px 5px;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA" width="256" height="60" role="presentation" name="a-er2tsry4lgvt" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2lsZW50cHVzaC5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&badge=inline&cb=3ecfhaebw05"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response-1" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div><input type="hidden" name="g-recaptcha-response" id="hs-recaptcha-response" value="">
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Sign Up"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1729045162976","formDefinitionUpdatedAt":"1724841219434","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","renderRawHtml":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36","pageTitle":"\"Ad-versaries\": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more. - Silent Push","pageUrl":"https://www.silentpush.com/blog/google-malvertising/","isHubSpotCmsGeneratedPage":false,"contentType":"blog-post","hutk":"33c78e1429d5a5111f1b8112e514f5ec","__hsfp":90950173,"__hssc":"167896958.1.1729045163861","__hstc":"167896958.33c78e1429d5a5111f1b8112e514f5ec.1729045163861.1729045163861.1729045163861.1","formTarget":"#hbspt-form-98ecc128-883d-4632-a720-6fbaaebe37ba","rumScriptExecuteTime":1560.8999996185303,"rumTotalRequestTime":1901.8999996185303,"rumTotalRenderTime":1920.0999994277954,"rumServiceResponseTime":341,"rumFormRenderTime":18.300000190734863,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1729045164048,"originalEmbedContext":{"portalId":"9153394","formId":"74caba7a-d0e8-455c-910c-bb3c0d8282c3","region":"na1","target":"#hbspt-form-98ecc128-883d-4632-a720-6fbaaebe37ba","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"98ecc128-883d-4632-a720-6fbaaebe37ba","renderedFieldsIds":["email"],"captchaStatus":"LOADED","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1729045163046,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"\\\"Ad-versaries\\\": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more. - Silent Push\",\"pageUrl\":\"https://www.silentpush.com/blog/google-malvertising/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1729045163047,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1729045163866,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"33c78e1429d5a5111f1b8112e514f5ec\",\"contentType\":\"blog-post\"}"}]}"><iframe
name="target_iframe_74caba7a-d0e8-455c-910c-bb3c0d8282c3" style="display: none;"></iframe>
</form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again. Accept Decline * Platform * Platform * Threat Hunting * Brand Protection * Automated Intelligence * API * Integrations * Solutions * Solutions * Industries * Use Cases * Company * Company * Team * News * Partners * Careers * Resources * Resources * Blog * Tutorials * Webinars * Talks * Knowledge Base * API Docs * Blog * Request a Demo * Community Edition * Login * Community * Enterprise * Platform * Platform * Threat Hunting * Brand Protection * Automated Intelligence * API * Integrations * Solutions * Solutions * Industries * Use Cases * Company * Company * Team * News * Partners * Careers * Resources * Resources * Blog * Tutorials * Webinars * Talks * Knowledge Base * API Docs * Blog * Request a Demo * Community Edition * Login * Community * Enterprise "AD-VERSARIES": TRACKING NEW GOOGLE MALVERTISING AND BRAND SPOOFING CAMPAIGNS. NEW MAAS DARKGATE LOADER, DANABOT, ICEDID AND MORE. threat October 17, 2023 * Content scans show an increase in malvertising activity from Q3 2023 onwards. * New MaaS DarkGate variant adapted for malvertising purposes. * Brand impersonation TTPs used to inject infostealers, including DanaBot and IcedID. * Evidence of threat actors targeting various network tools, tech utilities and multimedia suites. BACKGROUND Let’s start with some context. From Q4 2022 through to Q1 2023, Silent Push Threat Analysts tracked a series of malvertisment campaigns that acted as a delivery method for several banking trojans and infostealers – including Ursnif and Vidar – targeting a broad range of organizations and sectors. Activity peaked between January-March 2023, before tailing off in the wake of a concerted collaborative effort by the security industry to hunt, track and counteract malvertisment infrastructure. So what’s changed since then? Despite the lull in activity, our Threat Analysts have remained on the trail of trojan/infostealer-based brand impersonation campaigns. Our content scans have recently pinpointed a resurgence in malvertisment activity, not limited to the attack vectors and brands discussed in our previous blogs. Our research shows conclusive evidence of Google ads being used to propagate malvertisment campaigns specifically constructed to deliver a range of malicious executables, including a new variant of the DarkGate commodity loader and two modular banking trojans – IcedID (a.k.a. BokBot) and Danabot. Let’s take a look at how we used Silent Push to traverse attacker infrastructure, how the malicious code behaves and what organizations need to do in order to counteract this latest spate of attacks. TRACKING NEW THREATS Our previous research focused on the use of spoofed AnyDesk domains and crypto-related browser extensions, among other attack vectors. This time around, threat actors have cast their nets far wider. Here’s an up top date breakdown of the latest brands affected, gathered from our most recent scan data repositories: 2023 malvertisment campaigns (Source – Silent Push scan data) Threat actors have regrouped to focus on remote desktop platforms, network tools and miscellaneous tech utilities, including multimedia suites and browsers. From our dataset, TradingView – the popular financial charting platform – emerges as the most heavily targeted brand throughout 2023. AnyDesk remains a popular attack vector, comprising nearly a quarter of all malicious domains. Silent Push is actively tracking these new domains, and all associated infrastructure, in a dedicated malvertisment feed. Here’s a snapshot of spoofing domains related to TradingView: Snapshot of scam domains related to TradingView (Source: Silent Push malvertisement feed) GOOGLE MALVERTISING: ADVANCED IP SCANNER Our brand impersonation scans are consistently outputting newly registered malicious domains that are appearing as sponsored ads at the top of a Google search. Let’s take a look at one such brand affected by Google malvertising – the LAN traffic analyzer Advanced IP Scanner. We discovered a scam domain – advanced-ip-scanner[.]top – attempting to capture traffic intended for the legitimate site advanced-ip-scanner[.]com. As you can see, only the TLD has been changed: Brand Impersonation scan on advanced-ip-scanner[.]com (Source: Silent Push) advanced-ip-scanner[.]top redirects to the malicious domain shouman-acc[.]com: advanced-ip-scanner[.]top redirecting user to shouman-acc[.]com A quick Google search for ‘scanner IP’ returns a sponsored advertisement for ‘Advanced Scanner IP’, utilising domain that redirects to shouman-acc[.]com: Active malvertisment on Google.com (as of 15 October 2023) Malvertisement domain using a 302 redirect to shouman-acc[.]com In this instance, shouman-acc[.]com acts as a delivery method for the IcedID banking trojan, with the hash 86bcd250b70e261d29a20538ffaf9ea3b27b510f02721cc6853bda227deeb118: IcedID hash value (Source: VirusTotal) The content consists of ‘Free Download’ button that instigates the delivery, with a grammatically incorrect CAPTCHA box included for crawler protection: shouman-acc[.]com delivering IcedID trojan DANABOT (A.K.A. BOKBOT) MALVERTISING In July, security researchers unearthed a new variant of the Malware-as-a-Service infostealer, DanaBot, featuring a modular subscription model and adversary support utilities, via the Russian language ‘Exploit’ forum. Our investigation shows evidence of threat actors adapting this new variant for malvertising purposes, again targeting Advanced IP Scanner. Let’s take a look at how it’s being used. In September, we observed sponsored Google ads for ‘scanner IP download’ pointing to domains spoofing Advanced IP Scanner: Malvertising results for ‘scanner ip download’ on Google A Fiddler traffic capture shows traffic redirected from google[.]com leading to the typosquatting domain advancde-ip-scanner[.]com: Fiddler traffic analysis of advancde-ip-scanner[.]com As is the case with the IcedID attack, the destination domain, advancde-ip-scanner[.]com, features a download link that injects a malicious file with a hash value of 123b285236757f7ac0c4f2107756a0ed661c9190aad81914c54debdd3bfa00f4. This new DanaBot version attempts to read credentials and cached browser data: DanaBot analysis (Source: any.run) The malware uses the following C2 IPs to exfiltrate data: * 172[.]86[.]121[.]218 * 45[.]61[.]160[.]115 * 172[.]86[.]97[.]119 * 91[.]212[.]166[.]96 In the above case, the Google ad remained active for more than a week. We also observed another DanaBot hash – 183276d2ea0740a8e92b3cff7abef725 – featuring the same ad, and the same domain, using the following C2 IPs: * 185[.]225[.]69[.]33 * 5[.]189[.]253[.]176 * 5[.]189[.]253[.]131 * 185[.]225[.]69[.]230 NEW DARKGATE VARIANT In July of this year, our content scans started to return large datasets that indicated a resurgence in malvertising activity. This renewed activity coincided with the emergence of a new variant of the DarkGate loader, also observed by other malware analysts and threat researchers throughout August. TREESIZE SPOOFING Among the brands targeted with DarkGate injections in our dataset is Jam Software’s popular disk management too TreeSize Free. Here’s a domain – jam-software[.]net – that was flagged in our malvertisement sweeps as being malicious: Scam TreeSize domain hosting DarkGate loader Sandbox analysis of an executable downloaded from the above domain identifies the hash as a DarkGate variant: Sandbox analysis of an executable from jam-software[.]net (Source: tria.ge) REMOTE DESKTOP SPOOFING Threat actors have always considered network tool impersonation to be low-hanging fruit, and this latest series of campaigns is no different. Recent content scans have flagged up numerous domains impersonating winscp[.]net the open source FTP, scripting and file manager utility, WinSCP One such domain is winscphub[.]com (currently offline). Here’s a Silent Push DNS scan for the aforementioned domain, including reputational data: DNS and reputation data for winscphub[.]com (Source: Silent Push) The website features a download link that delivers a DarkGate variant with evasion and credential harvesting capabilities, with the file hash 2b6830970820af8d43ab710507ee19ca: Spoofed WinSCP domain – winscphub[.]com MALWARE ANALYSIS Created in the host machine’s temporary files, the malware uses ICACLS.EXE (a Windows command-line utility that IT admins use to change access control lists on files and folders) to provide the malware with elevated privileges: C:\Windows\system32\ICACLS.EXE” “C:\Users\Admin\AppData\Local\Temp\MW-c7688c81-6868-4efd-899f-aa889e84eda9.” /SETINTEGRITYLEVEL (CI)(OI)HIGH Consistent with other DarkGate variants, the dropped file also contains an AutoIt executable and a corresponding .AU3 script in the same location: AutoIt script (Source: tria.ge sandbox report) To embed itself in the host machine and maintain optimal persistence levels, the malicious executable ‘regsvr32.exe’ loads it’s DLL with a COM entry in registries containing a CLSID (a serial number that represents a globally unique identifier for any application component in Windows): Persistence activity (Source: tria.ge sandbox report) The variant also creates a shortcut file under ‘C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\’. The malware also attempts to read the location of Putty passwords, by attempting to locate registry paths used by the application: * HKLM\SOFTWARE\WOW6432Node\Martin Prikryl\WinSCP 2\DisablePasswordStoring * HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Configuration\Interface\PuttyPassword * HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Configuration\Interface\AutoSaveWorkspacePasswords CONCLUSION Our scans show a noticeable and worrying uptick in the use of sponsored Google ads to deliver infostealing malware in the third quarter of this year, most notably IcedID and a new version of the DarkGate loader adapted for malvertising purposes. Threat actors are continuing to spoof legitimate domains through Google using a variety of TTPs, including typosquatting, the strategic placement of malicious links and hidden redirects. To combat such tactics, affected organizations need to adopt security protocols that track the underlying infrastructure involved in the attack – registrars, ASN data, nameservers etc. – rather than relying on isolated lists of IOCs that are easily replaced by any adversary that uses them. IOCS * winscphub[.]com * jam-software[.]net * advancede-ip-scanner[.]com * advanced-ip-scanner[.]top * shouman-acc[.]com * aptekoagraliy[.]com * 172[.]86[.]121[.]218 * 45[.]61[.]160[.]115 * 172[.]86[.]97[.]119 * 91[.]212[.]166[.]96 * 185[.]225[.]69[.]33 * 5[.]189[.]253[.]176 * 5[.]189[.]253[.]131 * 185[.]225[.]69[.]230 USING SILENT PUSH TO COMBAT MALVERTISING Silent Push Community Edition features many of the queries and enriched data types that we used to track malvertising activity. Sign-up free here. Silent Push Enterprise customers benefit from curated feeds that track malvertising infrastructure as it’s deployed, prior to weaponization (Tags: #seo-poisoning, #malvertising). Get in touch with the team Back to Blog Related Post Read More Blog "DON'T FEED THE TOLL TROLL": SILENT PUSH TRACKS NEW THREAT ACTOR (IMP-1G) ENGAGING IN SMS PHISHING ACTIVITIES, TARGETING US AND CANADIAN PUBLIC SERVICES. 100+ IOFA DOMAINS DISCOVERED, WITH ONLY 10% KNOWN TO AUTHORITIES. October 10, 2024 News Source Blog “VISERBANK” WEBSITE TEMPLATES FOR SALE ON ENVATO BEING USED TO SPOOF BIG-NAME BANKS. 2000+ PHISHING DOMAINS DISCOVERED TARGETING CAPITAL ONE, SANTANDER, BNP PARIBAS, WELLS FARGO, BANK OF AMERICA, AND JP MORGAN CHASE. October 3, 2024 News Source Blog FIN7 HOSTING HONEYPOT DOMAINS WITH MALICIOUS AI DEEPNUDE GENERATORS – NEW SILENT PUSH RESEARCH October 2, 2024 News Source * Platform * Automated Intelligence * Threat Hunting * Brand Protection * API * Company * Team * News * Partners * Careers * Solutions * Industries * Use Cases * Integrations * Resources * Blog * Tutorials * Webinars * Talks * Knowledge Base * API Docs Request A Demo Contact Us Community Edition Sign Up For Research Alerts * Login * Community Edition * Enterprise * Linkedin * Twitter * Youtube Vulnerability Disclosure Policy | Terms of Service | Privacy Policy * Platform * Automated Intelligence * Threat Hunting * Brand Protection * API * Company * Team * News * Partners * Careers * Solutions * Industries * Use Cases * Resources * Blog * Tutorials * Webinars * Talks * Knowledge Base * API Docs * Login * Community Edition * Enterprise * Integrations Request A Demo Community Edition Sign Up For Research Alerts * Linkedin * Twitter * Youtube Silent Push Inc. ©2023 Vulnerability Disclosure Policy | Terms of Service | Privacy Policy