Quiz sites trick users into enabling unwanted browser notifications

Users are being tricked into enabling unwanted browser notifications through quiz websites. These sites challenge visitors with quizzes on various topics, but their main goal is to get users to click 'Start the quiz' button. This action triggers a misleading prompt that tricks users into allowing notifications. Once enabled, these notifications can display advertisements, scams, or unwanted downloads even when the user is not on the original website. The article provides instructions on how to remove and block web push notifications across different browsers, including Chrome, Firefox, Opera, Edge, and Safari. It also lists several domains associated with this deceptive campaign.

Pulse ID: 69b014fc00119187bccbf395
Pulse Link: https://otx.alienvault.com/pulse/69b014fc00119187bccbf395
Pulse Author: AlienVault
Created: 2026-03-10 12:56:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chrome #CyberSecurity #Edge #FireFox #ICS #InfoSec #OTX #OpenThreatExchange #Opera #Safari #bot #AlienVault

Unmasking an Attack Chain of MuddyWater

An intrusion attributed to MuddyWater, an Iranian-linked APT, was identified in a customer environment. The attack involved initial access through RDP, establishing an SSH tunnel, and deploying malware via DLL side-loading. The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious FMAPP.dll for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.

Pulse ID: 69abf37dfd9bfab829c9913e
Pulse Link: https://otx.alienvault.com/pulse/69abf37dfd9bfab829c9913e
Pulse Author: AlienVault
Created: 2026-03-07 09:44:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Iran #Israel #Malware #MuddyWater #OTX #OpenThreatExchange #RDP #SSH #bot #AlienVault

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

A new backdoor, dubbed A0Backdoor, has been discovered in connection with a campaign using email bombing and IT-support impersonation over Microsoft Teams to gain Quick Assist access. The malware's loader exhibits anti-sandbox evasion techniques, and the campaign's command-and-control has shifted to a covert DNS mail exchange-based channel. This activity is attributed to the threat group Blitz Brigantine, also known as Storm-1811 or STAC5777, and shows similarities to Black Basta-linked social-engineering tactics. The attackers use digitally signed MSI packages, often hosted on Microsoft cloud storage, to deliver their proprietary tooling. The A0Backdoor employs sophisticated techniques such as time-based execution windows, runtime decryption, and DNS tunneling for covert communication. The campaign has been active since August 2025, targeting primarily the finance and health sectors.

Pulse ID: 69abf37e75ba997149f9e95c
Pulse Link: https://otx.alienvault.com/pulse/69abf37e75ba997149f9e95c
Pulse Author: AlienVault
Created: 2026-03-07 09:44:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #BlackBasta #Cloud #CyberSecurity #DNS #Email #ICS #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #SocialEngineering #Windows #bot #AlienVault