ISOTonic Part 1: Malvertising at its Best (Worst!)


Sep 22

·10 min read

ISOtonic – Quick Facts:Daily Downloaded Malware Files: ~400,000Infected devices per day: ~20,000–40,000Total Infected Devices (as of 09/22) : ~3,000,000 (!)Malicious Payload: Chrome/NW.js based malware loaderPayload Container: ISO FilesFirst sighting: January 2022Geographical Distribution: Mostly USATop Target Segmentation: Gaming, Streaming, Software Cracks, AdultPropagation Methods: MalvertisingEarly Sighting

As early as January 2022 we first observed a very heavily downloaded ISO file with the same Modus Operandi. ISO Files — archive files used to duplicate data from disk drives — are heavily abused lately by bad actors as containers for malevolent program bundles. In this campaign, the filename was changing and so did the final size and hash signature of the ISO archive, yet it was quickly unveiled using our data and behavioral analysis that these suspicious files originated from the same bad actor. Not only downloaded from a common list of freshly registered domains but also propagating using very similar malvertising campaigns leveraging the originating sites’ metadata about visitors to manipulate and deceit.

Read more

Explore the site

More from the blog

Latest News