Satacom delivers browser extension that steals cryptocurrency
SecureList
JUNE 5, 2023
It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. To do so, it performs a DNS request to don-dns[.]com com (a decrypted HEX string) through Google DNS (8.8.8.8,
Let's personalize your content