GoDaddy Employees exploited in attacks targeting Cryptocurrency Services

Late last week KrebsOnSecurity reported that GoDaddy, the world’s largest domain register, had been involved in a cyber-attack using social engineering tactics to first trick GoDaddy employees the target several cryptocurrency trading platforms. This incident, involving GoDaddy staff comes a few months after a similar incident where attackers assumed control of several domain names. While in May 2020, the company disclosed that 28,000 web hosting accounts had been compromised. Returning to the latest attack, it appears that on November 13, 2020, the cryptocurrency trading platform Liquid was locked out of its domain. In a statement by Mike Kayamori, CEO of Liquid, stated, “On the 13th of November 2020, a domain hosting provider "GoDaddy" that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS reco...

FileConverterSearches Browser Hijacker

FileConverterSearches is a piece of rogue software, categorized as a browser hijacker. It modifies browser settings in order to promote fileconvertersearches.com - an illegitimate search engine. This browser hijacker also has data tracking abilities, which are used to collect browsing-related information. Since most users download/install browser hijackers inadvertently, they are classified as PUAs (Potentially Unwanted Applications) as well. Browser hijackers assign the addresses of fake web searchers as browsers' homepage, default search engine and new tab/window URLs. FileConverterSearches also makes these modifications to browsers. Hence, with this browser hijacker installed: every new browser tab/window opened and web search done via the URL bar - redirect to fileconvertersearches.com. Fake search engines are usually unable to provide search results, so they redirect to (or cause redirection chains ...