Security professionals recommend implementing immediate security measures including blocking web traffic to lawliner[.]com and skhm[.]org, filtering email communications from skhm[.]org, and conducting retrospective threat hunting for any historical interactions with these malicious domains to identify potentially compromised systems within organizational networks. A security analyst identified that after submitting their email address, victims receive a message from lawyer@skhm[.]org containing a download link that purportedly leads to the requested document. The attack chain begins innocuously with users searching for terms like “non disclosure agreement template” and encountering sponsored ads from domains that appear to offer legitimate legal services. This sophisticated campaign specifically promotes “free” legal templates, primarily non-disclosure agreements, through sponsored search results that appear legitimate to unsuspecting users. The notorious Gootloader malware has reemerged with evolved tactics, now leveraging Google Search advertisements to target users seeking legal document templates. These advertisements are reportedly being delivered through “MED MEDIA GROUP LIMITED,” which security experts believe may have been compromised to facilitate this campaign. However, instead of receiving a legitimate .docx file, users unwittingly download a compressed JavaScript file disguised as the legal document they requested. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Upon clicking these advertisements, victims are directed to lawliner[.]com where they are prompted to enter their email address to receive the requested document. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 05:10:20 +0000