HQ/EMEAFind out how we can help your business
A tech support scam operation called WoofLocker, started over half a decade ago, has stood the test of time and become more hostile. Researchers explained that the campaign adopts a complex traffic redirect method and targets compromised websites, especially those with illicit content, such as adult videos.
Based on reports, the scam operators disseminate WoofLocker through a limited set of malicious websites, which is the opposite of a typical scam that uses malvertising. These miscreants acquire access to non-adult and adult traffic by recognising them through unique redirection URLs with ‘ad’ and ‘and’ parameters.’
Next, the malicious code on infected websites will retrieve WoofLocker from a few domains. The attackers obfuscate the code by adopting steganography that could hide data within images. The scam will also fingerprint every visitor to remove virtual machines, browser extensions, and security tools.
However, the operation will consider some legitimate residential IPs and return them as hidden PNG images. Eventually, the scammers will redirect targeted users by utilising a unique session-based URL to a browser lockers screen with fake virus warnings stimulated from existing templates.
The WoofLocker scam is a tech support scam that targets a specific audience.
Experts stated that the threat actors that organised the WoofLocker scam created it as a fingerprinting and redirection kit dedicated to a specific group of people. However, fraud still has the potential to evolve and become a tool that could serve various threats for obfuscation purposes.
Furthermore, WoofLocker has become a stable enterprise, unliving other scams that compete for hosting providers.
Currently, the compromised sites that store the malicious code of the scam have retained their status for extended periods. At the same time, the infrastructure for browser lockers and fingerprinting shows reliability through a verified registrar and hosting services.
The WoofLocker tech support scam operation has persisted and evolved into a more significant threat by employing a sophisticated redirection strategy that exploits infected websites. It is highly urged that users refrain from visiting sketchy websites.
Organisations should adopt a powerful traffic analysis and anomaly detection mechanism that could spot unusual redirection patterns while monitoring the website’s integrity to prevent unauthorised code injections.
