Tag Archives: Google.com

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

September 27, 2023
13 Comments

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Turkish Registrar Enabled Phishers to Spoof Google

January 3, 2013
31 Comments

Google and Microsoft today began warning users about active phishing attacks against Google’s online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by the Turkish government.

Facebook Takes Aim at Cross-Browser ‘LilyJade’ Worm

May 17, 2012
42 Comments

Facebook is attempting to dismantle a new social networking worm that spreads via an application built to run seamlessly as a plugin across multiple browsers and operating systems. In an odd twist, the author of the program is doing little to hide his identity, and claims that his “users” actually gain a security benefit from installing his software.

At issue is a program that the author calls “LilyJade,” a browser plugin that uses Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run seamlessly across multiple browsers and operating systems, including Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a user’s Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who accept the terms of service for LilyJade will have their accounts modified to periodically post links that help pimp the program.