PresFox (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

ps1.presfox (Back to overview)

PresFox

The family is adding a fake root certificate authority, sets a proxy.pac-url for local browsers and redirects infected users to fake banking applications (currently targeting Poland). Based on information shared, it seems the PowerShell script is dropped by an exploit kit.

References

2019-02-03 ⋅ Twitter (@kafeine) ⋅ Kafeine
Tweet on Fallout Exploit Kit
PresFox

There is no Yara-Signature yet.

PresFox Propose Change

References

PresFox