SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.presfox (Back to overview)

PresFox


The family is adding a fake root certificate authority, sets a proxy.pac-url for local browsers and redirects infected users to fake banking applications (currently targeting Poland). Based on information shared, it seems the PowerShell script is dropped by an exploit kit.

References
2019-02-03Twitter (@kafeine)Kafeine
Tweet on Fallout Exploit Kit
PresFox

There is no Yara-Signature yet.