Skip to main content

Hackers may be hiding in plain sight on your favorite website

Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

An offshoot of DNS hijacking, domain shadowing provides the ability to create malicious subdomains by infiltrating legitimate domains. As such, shadowed domains won’t have any impact on the parent domain, which naturally makes them difficult to detect.

Recommended Videos

Cybercriminals can subsequently use these subdomains to their advantage for various purposes, including phishing, malware distribution, and command and control (C2) operations.

Please enable Javascript to view this content

“We conclude from these results that domain shadowing is an active threat to the enterprise, and it is hard to detect without leveraging automated machine learning algorithms that can analyze large amounts of DNS logs,” Unit 42 stated.

Once access has been obtained by threat actors, they could opt to breach the main domain itself and its owners, as well as target users from that website. However, they’ve had success by luring in individuals via the subdomains instead, in addition to the fact that the attackers remain undetected for much longer by relying on this method.

Due to the subtle nature of domain shadowing, Unit 42 mentioned how detecting actual incidents and compromised domains is difficult.

In fact, the VirusTotal platform identified just 200 malicious domains out of the 12,197 domains mentioned in the report. The majority of these cases are connected to an individual phishing campaign that uses a network of 649 shadowed domains via 16 compromised websites.

A system hacked warning alert being displayed on a computer screen.
Getty Images

The phishing campaign revealed how the aforementioned subdomains displayed fake login pages or redirected users to phishing pages, which can essentially circumvent email security filters.

When the subdomain is visited by a user, credentials are requested for a Microsoft account. Even though the URL itself isn’t from an official source, internet security tools aren’t capable of differentiating between a legitimate and fake login page as no warnings are presented.

One of the cases documented by the report showed how an Australian-based training company confirmed it was hacked to its users, but the damage was already done through the subdomains. A progress bar for the rebuild process was showcased on its website.

Currently, Unit 42’s “high-precision machine learning model” has discovered hundreds of shadowed domains created on a daily basis. With this in mind, always double-check the URL of any website that requests data from you, even if the address is hosted on a trusted domain.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Bing Chat’s ads are sending users to dangerous malware sites
Bing Chat shown on a laptop.

Since it launched, Microsoft’s Bing Chat has been generating headlines left, right, and center -- and not all of them have been positive. Now, there’s a new headache for the artificial intelligence (AI) chatbot, as it’s been found it has a tendency to send you to malware websites that can infect your PC.

The discovery was made by antivirus firm Malwarebytes, which discussed the incident in a blog post. According to the company, Bing Chat is displaying malware advertisements that send users to malicious websites instead of filtering them out.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more