Jérôme Segura

If you are interested in steganography and browser fingerprinting, I wrote a follow up blog on a scam campaign that I've tracked for several years.

Reproducing & capturing this attack chain is quite difficult because of the number of checks performed. No doubt it contributes to why this scheme is working so well.

https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex...

Malwarebytes
Aug 17, 2023 at 6:20pmWeb
Show threadRandyAug 17, 2023
@jeromesegura Great write-up. The steganography is fascinating! I'm very tempted to take a stab at a Python decoder. In the meanwhile love me the Fiddler rules.
Show threadJérôme SeguraAug 17, 2023
@rmceoin thank you! Love it how you dabble with those Fiddler rules :)
Regarding the Python decoder, someone wrote one already, I can ask them and maybe share in private.
Show threadRandyAug 17, 2023
@jeromesegura please do. I'm curious if this is another TA I could automatically track.