Vulnerable $10 Domain could have handed hackers access to 25,000 endpoints worldwide, including OT and government networks
A Sophisticated Threat Uncovered
Researchers at Huntress recently discovered a sophisticated threat hidden within what initially appeared to be adware. The malicious software, signed by Dragon Boss Solutions, was found to have evolved beyond its initial purpose as a potentially unwanted program (PUP) with browser hijacking capabilities.
Evolution of Malicious Software
The software’s update configuration revealed a primary domain used to deliver payload updates: chromsterabrowser[.]com. This domain, registered in August 2019, remained active until March 2025, when Huntress analysts began observing the deployment of the PowerShell-based payload.
- The infections spanned 124 countries, with the United States accounting for over 12,000 infected hosts.
- France, Canada, the United Kingdom, and Germany each had approximately 2,000 infected hosts.
High-Value Targets Affected
The scale of infection among high-value targets proved particularly concerning, with:
- 221 universities and colleges compromised.
- 41 operational technology (OT) networks compromised, including those belonging to electric utilities, transport providers, power cooperatives, and critical infrastructure.
- 35 government entities compromised.
- Three healthcare organizations compromised.
- Multiple Fortune 500 companies identified among the affected networks.
According to Huntress, “Organizations are urged to hunt for indicators of compromise (IoCs) to detect potential impact from this campaign. Organizations should review their network logs and system configurations for signs of the malicious activity described above. They should also consider implementing additional security measures, such as network segmentation and intrusion detection systems, to mitigate the risk of similar attacks in the future.”
About Author
English