Seamless Malvertising Campaign Uses Punycode to Distribute Ramnit Trojan
In March 2017, researchers identified a malvertising campaign, dubbed Seamless, targeting Canada and the UK, that would redirect victims to the RIG exploit kit (EK) and infect their systems with the Ramnit trojan. Recently, the same campaign was observed using Punycode, a technique used to represent Unicode within ASCII characters and often exploited by phishing schemes to spoof legitimate domain names and evade detection by security appliances. Seamless uses Punycode to bypass web filters and direct victims to malicious websites that contain the RIG EK, which then infects systems with Ramnit. The NJCCIC recommends reviewing the Malwarebytes report and proactively monitoring systems and networks for the associated indicators of compromise. Additionally, ensure that antivirus software and web browsers are kept up-to-date and consider using a reputable ad-blocking extension.