Hackers exploiting popular social engineering 'toolkits' to refine cyber attacks

Victims are being asked to download malware through visually compelling fake update prompts

Hackers are regularly using highly customisable online resources to add social engineering components to render their attacks more effective, according to new research from Malwarebytes.

One website identified by the team features an expansive toolkit that has drawn more than 100,000 visits in the past few weeks, offering design and framework support to attackers.

The resource, dubbed Domen, is built around a detailed client-side script serving as a framework for various update templates designed for both desktop and mobile users in almost 30 languages.

"Over time, we have seen a number of different social engineering schemes," said senior security researcher Jrme Segura.

"For the most part, they are served dynamically based on a user's geolocation and browser/operating system type. This is common, for example, with tech support scam pages where the server will return the appropriate template for each victim.

Advertisement - Article continues below
Advertisement - Article continues below

"What makes the Domen toolkit unique is that it offers the same fingerprinting, and choice of templates thanks to a client-side script which can be tweaked by each threat actor.

"Additionally, the breadth of possible customisations is quite impressive since it covers a range of browsers, desktop, and mobile in about 30 different languages."

The toolkit is loaded as an iframe from compromised websites, most of which run via WordPress, and is displayed over the top as an additional layer. The campaign works by encouraging victims to install updates, like a Flash Player update, but, instead, when clicked, downloads a malicious file.

The campaign also resembles another from 2018 known as SocGholish. Although they are different, both campaigns run on the same principles; in that, they can be found on the same compromised host, abuse a cloud hosting platform like Dropbox, then download a fake 'update' before delivering the NetSupport remote administration tool.

Variants of the social engineering toolkit include Flash Player updates, as well as prompting users to update Chrome, Firefox, or Microsoft's Edge browser.

Advertisement - Article continues below

Social engineering has become a more prominent component of malicious campaigns in recent years due to victims becoming more astute about clear giveaways when it comes to browser-embedded malware and phishing attempts.

An example arose earlier this year of a sophisticated attempt to target C-suite executives within organisations. This featured attackers sending a fake email to executives, centred on rescheduling a board meeting. By following a link, the targets were sent to a page that resembled a Doodle poll, but actually stole their Office 365 credentials.

More recently, the CEO of a UK-based energy firm was tricked into making a fraudulent payment over the phone by AI-powered voice manipulation software. He wired 200,000 to a "Hungarian supplier" at the behest of cyber criminals who were actually mimicking his parent company's chief executive using AI.

With cyber attacks becoming more personalised and sophisticated, it's crucial that organisations become more vigilant over potential threats received via email or while browsing online.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular


Patch issued for critical Windows bug

11 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019

Buy IT to grow, not slow, your business

25 Nov 2019