Jérôme Segura

@[email protected]
1.1K Followers
169 Following
298 Posts
Security Researcher focusing on web threats
Jérôme SeguraOct 14

PSA: A malicious download for Comet browser by Perplexity is currently being advertised via Google Ads.

At DataDome we are seeing more and more traffic coming from AI agents and browsers. Criminals are taking notice and buying ads related to Agentic browsers (another malicious campaign for Arc browser is also running).

Malicious ad ➡️ cometswift[.]com ➡️ perplexity[.]page ➡️ GitHub

Payload: hxxps[://]github[.]com/richardsuperman/musical-engine/releases/download/beta/comet_latest[.]msi
Command and Control (C2) server: icantseeyou[.]icu
VirusTotal: https://www.virustotal.com/gui/file/64562a0f1eabfcfb754426020021da69fe31bb551a653d143d75649252c61050

#malvertising #cometbrowser

Jérôme SeguraOct 7, 2024

Large scale Google Ads campaign targets utility software

https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-software

Large scale Google Ads campaign targets utility software | Malwarebytes

Malicious sponsored ads disguised as software downloads actually lead to malware for Mac users.

Malwarebytes
Jérôme SeguraOct 1, 2024
Fake Disney+ activation page redirects to pornographic scam
https://www.malwarebytes.com/blog/scams/2024/10/fake-disney-activation-page-redirects-to-pornographic-scam
Fake Disney+ activation page redirects to pornographic scam | Malwarebytes

Next time you need to activate a subscription on your TV, watch out for these fake sites scammers are using to trick you and steal your money.

Malwarebytes
Jérôme SeguraSep 23, 2024
#malvertising Obsidian
Jérôme SeguraSep 18, 2024

Walmart customers scammed via fake shopping lists, threatened with arrest

https://www.malwarebytes.com/blog/scams/2024/09/walmart-customers-scammed-via-fake-shopping-lists-threatened-with-arrest

Walmart customers scammed via fake shopping lists, threatened with arrest | Malwarebytes

Scammers are creating fake Walmart virtual shopping lists that look like a contact page for customer service.

Malwarebytes
Jérôme SeguraSep 16, 2024

Credit card 'img' skimmer domain:

trendgurupro[.]com

Part of this campaign: https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign

Hundreds of online stores hacked in new campaign | Malwarebytes

Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital...

Malwarebytes
Jérôme SeguraSep 12, 2024
Scammers advertise fake AppleCare+ service via GitHub repos
https://www.malwarebytes.com/blog/scams/2024/09/scammers-advertise-fake-applecare-service-via-github-repos
Scammers advertise fake AppleCare+ service via GitHub repos | Malwarebytes

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

Malwarebytes
Jérôme SeguraSep 11, 2024

Malicious Google Ads for Apple suport

hxxps[://]applescustomerservice24x7care1102[.]vercel[.]app/

hxxps[://]apples24x7-customersupporthelp[.]github[.]io/saf/

Jérôme SeguraSep 10, 2024

Malicious Google Ad for WinSCP

winscp[.]corysound[.]com
winscpp[.]net
badlink58[.]com/wp-includes/fonts/WinSCP-6.3.4.zip

Jérôme SeguraSep 9, 2024

Malicious Google ad for Microsoft Support

hxxps[://]microsft-customer-helpline[.]vercel[.]app