THREATNOIR
Subscribe
Back to Feed
MalwareMar 23, 2026

There's this fake AdBlock download site: https://adblockplus[.]pro/. It has Russian comments in t...

Fake AdBlock download site impersonating legitimate extension, linked to North Korean threat actors.

Read at source

Summary

A malicious domain (adblockplus[.]pro) is impersonating the legitimate AdBlock Plus browser extension to distribute malware. The site contains Russian-language comments in its source code and has been hosted on IP 184.94.213[.]242. The domain is connected to North Korean threat activity via the qugesr[.]online infrastructure.

Indicators of Compromise

  • domain — adblockplus[.]pro
  • ip — 184.94.213[.]242
  • domain — qugesr[.]online