We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
BrowserModifier:Win32/MediaArena
Aliases: No associated aliases
Summary
BrowserModifier:Win32/MediaArena is a browser modifier which presents itself as a beneficial app, and is good at masking its true intentions while subtly adjusting specific browser settings to discreetly collect search queries. This deceptive facade includes posing as a docx-to-pdf converter and a tool for converting videos to animated GIFs.
This equips threat actors with the means to systematically manipulate search outcomes, gather valuable data about the user, introduce targeted drive-by downloads, and engage in various other exploitative actions.
Apply the following measures to reduce the impact of potential threats.
- Regularly update web browsers to ensure security.
- Activate Potentially PUA protection in Microsoft Edge, utilizing Microsoft Defender SmartScreen to guard PUA-associated URLs, in conjunction with the capabilities of Microsoft Defender Antivirus.
- Activate cloud-delivered protection in Microsoft Defender Antivirus or its equivalent in your antivirus product to cover rapidly evolving attacker tools and techniques. This cloud-based approach includes machine learning protections to block most new and unknown variants.
- Enforce a policy to restrict the execution of executable files unless they meet predefined criteria based on prevalence, age, or inclusion in a trusted list.
- Run network protection to prevent users from accessing risky domains through applications. This proactive measure involves blocking all outbound HTTP(s) traffic attempting to connect to sources with low-reputation scores, determined by the domain or hostname.
- Conduct a thorough review of perimeter firewall and proxy configurations to ensure that servers are genuinely restricted from making arbitrary connections to the internet, especially for activities such as browsing and downloading. These restrictions play a crucial role in impeding malware downloads and Command and Control (C2) activities.
- Implement endpoint detection and response (EDR) in block mode to empower Microsoft Defender for Endpoint to obstruct malicious artifacts. This is particularly valuable in scenarios where a non-Microsoft antivirus fails to detect the threat or when Microsoft Defender Antivirus operates in passive mode. EDR in block mode discreetly operates to remediate malicious artifacts identified post-breach.
