โ† Back to hub

LOLBAS Process Spawned from Web Browser (Keitaro Malvertising)

Detects popular web browsers spawning child processes that are known LOLBAS binaries, a pattern consistent with Keitaro malvertising campaigns that infect users through malicious ads and phishing pages to deliver multi-stage malware. Covers Chrome, Edge, Firefox, Opera, Brave, and Vivaldi with exclusions for internal browser processes.

๐Ÿ”’

Premium Content

This query requires an active subscription to access the code.

Get Access