DuckDuckGo Privacy Browser for Android Battling URL Spoofing Attacks



The latest version 5.26.0 of the DuckDuckGo Privacy Browser for Android which has over 5 million downloads is allowing hackers to execute URL spoofing attacks by exploiting a spoofing flaw in the address bar.
The vulnerability which attacks the app users has been discovered by the security researcher, Dhiraj Mishra, who immediately reported the flaw to the concerned security department via the associated bug bounty program provided by the vulnerability coordination and bug bounty platform, 'HackerOne'.
In a conversation with BleepingComputer, Dhiraj told, "this vulnerability was submitted to the browser security team via HackerOne on October 31st, 2018 initially this bug was marked as high the discussion went till May 27th, 2019, and they concluded this 'doesn't seem to be a serious issue' and marked the bug as informative, however, I was awarded a swag from DuckDuckGo."
In the vulnerable DuckDuckGo Privacy Browser for Android, the attackers execute this URL spoofing attack after altering the URL which is displayed onto the address bar of the infected web browser which is configured to trick victims into believing that the website being browsed is monitored by an authenticated source. However, in reality, the website would be controlled by the attackers carrying out the spoofing attack.
There is a high probability of the oblivious users to be unknowingly redirected to web addresses disguised as authenticated web portals which in actuality would be assisting malicious actors in accumulating the data of their potential victims either by phishing or by injecting malware into their systems through malvertising campaigns.
Earlier, in May, Arif Khan, security researcher, on detecting a similar vulnerability in the UC browser said, "URL Address Bar spoofing is the worst kind of phishing attack possible. Because it's the only way to identify the site which the user is visiting,"



Attackers Launched a Rapidly Changing Malware which uses .DOC Extension




A new malware has been discovered by security experts, they observed that it is constantly altering its behavioral patterns in an attempt to bypass the email security protection.

As dissemination of malware through email campaigns is becoming common day by day, email security providers are devising new ways to battle and terminate such malicious activities.

However, cybercriminals are employing subtle and sophisticated methods to bypass all the layers of security, which has led to a massive upsurge in successful malware campaigns.

In the aforementioned case, the infected emails are sent to the potential victims, which on being accessed leads to the downloading of a word template with a .doc extension.

Notably, the attack is configured quite differently than most of the attacks which make use of a single pattern with little customizations. In this attack, a number of different email addresses, subject headings, display name spoofs, body content, and URLs are used.

The attackers send the malspam email which entails an infected link which takes the user to a corrupted website that has the malware all set to sneak into the system and infect it.

Referencing from the findings of researchers at the only cloud-native security platform, Greathorn, “Initially, this attack pattern identified  at 12:24pm on Wednesday, February 20th, the attack has (so far) consisted of three distinct waves, each wave corresponding with a different destination URL, one at 12:24pm ET, one 2:05pm ET, and a third at 2:55pm ET, suggesting an attack pattern that anticipated and planned for relatively quick shutdowns of the destination URLs. “