Microsoft recently issued a warning to the public to be on the lookout for a massive click fraud recently launched by hacker group DEV-0796. Microsoft said that attackers can profit from clicks generated by browser nodes webkit or malicious browser extensions installed on the device without the user’s knowledge.
In a tweet, Microsoft explained that the malicious campaign would click on malicious ads or YouTube comments without the user’s knowledge. The campaign masquerades as a cracked ISO image of a popular game, and when the file is opened, it installs the browser node-webkit (NW.js) or a browser extension that threatens the participant’s needs. Microsoft added that they observed participants using a DMG file (an Apple Disk Image file), which means the campaign could involve multiple platforms.
To protect against this threat, Microsoft strongly recommends that users enable PUA protection to block malicious and harmful applications and use Defender SmartScreen to block access to malicious download sites and hacker-held servers,” Microsoft said in a tweet. Microsoft 365 Defender customers can also refer to our published threat analysis article on this threat. The report contains technical details, IOCs, mitigation guidelines and search queries that enable organizations to locate and respond to the relevant activity.”