Drive-by Download Attack

 Drive-by Download Attack 

In January 2020, visitors to the legendary zine and blog site Boing Boing saw a fake Google Play Protect overlay prompting them to download what was actually a malicious APK that installed a banking Trojan on Android devices. For Windows users, it appeared as a (fake) Adobe Flash installation page that distributed other malicious programs. Boing Boing’s content management system had been hacked. Even if the visitor didn’t take the bait, the drive-by downloads were automatically initiated by JavaScript embedded into the page. While Boing Boing was able to detect the attack and remove the script relatively quickly, given the site’s five million unique users — former President Barack Obama among them — the impact could have been disastrous.

What you need to know: A drive-by download refers to the unintentional download of malicious code onto a computer or mobile device that exposes users to different types of threats. Cybercriminals use drive-by downloads to steal and collect personal information, inject banking Trojans or introduce exploit kits or other malware to user devices. To be protected against drive-by downloads, regularly update or patch systems with the latest versions of apps, software, browsers, and operating systems. It’s also recommended to stay away from insecure or potentially malicious websites.

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection