Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
May 26, 2022
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling." The U.S. cybersecurity company said it observed command-and-control (C2) IP addresses associated with malware such as Bumblebee , BlackGuard , and RedLine Stealer establishing connections to the downloads subdomain of Bablosoft ("downloads.bablosoft[.]com"), the maker of the Browser Automation Studio (BAS). Bablosoft was previously