The hijacked domain is used to host a large number of URLs that send users through different traffic distribution systems (TDSS) to websites hosting scams and malware.
It added that malicious push notifications are integrated to trick end users in the attack chain into acting as force multiplier. These notifications attempt to convince employees to click on the link to update their antivirus, open a firewall, or contact Microsoft Support. Of course, links to download malware or websites that result in requesting payment support.
“Perhaps the most significant thing about Misty Eagles is that these hard-to-discover, fragile areas that have links to respected organizations are not used for espionage or ‘Highbrow’ cybercrime,” the report said. “Instead, they entered Adtech’s dirty underworld, stirring victims into widespread scams and fake apps, and using browser notifications to trigger processes that would have lingering effects. Misty Eagle-type scams suggest that part of the scam will be gained to get a portion of the $500 million fraud market.”
