惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
S
Security Affairs
Engineering at Meta
Engineering at Meta
MongoDB | Blog
MongoDB | Blog
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
美团技术团队
月光博客
月光博客
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
有赞技术团队
有赞技术团队
博客园 - 叶小钗
Hugging Face - Blog
Hugging Face - Blog
Microsoft Azure Blog
Microsoft Azure Blog
V
V2EX
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
C
Cisco Blogs
T
Tor Project blog
The Hacker News
The Hacker News
雷峰网
雷峰网
MyScale Blog
MyScale Blog
博客园 - 司徒正美
AWS News Blog
AWS News Blog
GbyAI
GbyAI
Y
Y Combinator Blog
D
DataBreaches.Net
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
The GitHub Blog
The GitHub Blog
S
SegmentFault 最新的问题
T
Tenable Blog
L
LangChain Blog
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
The Cloudflare Blog
A
About on SuperTechFans
IT之家
IT之家
F
Fortinet All Blogs
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
A
Arctic Wolf
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Todyl Blog

CyberChef: How to Decode & Decrypt Malicious Scripts (Step-by-Step Guide) Achieving Zero Trust with SASE: A Practical Roadmap for Modern Network Securityso like MSP Security Maturity Assessment: Why 79% of MSPs Are Stuck in 2025 The Rising Threat of Malicious AI: What Every Organization Needs to Know Iran Cyber Threat 2026: What SMBs and MSPs Need to Know The OneStart AI Browser Deception Cyber Insurance Requirements Based on Industry Why Third-Party Security Certification Is Your MSP's Competitive Edge Why Cyber Insurance Carriers Are Shifting to Security Assurance Iran Conflict and Cyber Risk: What North American Organizations Need to Know ‍ Why Cyber Resilience Requires Security, Compliance, and Insurance MSP Security Services: How to Position Identity Protection as Competitive Advantage Identity Security Gap Assessment: A Step-by-Step Guide for MSPs How Credential Theft Attacks Are Costing MSP Clients Millions Do I Need Cyber Insurance as a Small Business? Advanced Persistent Threats (APTs) Explained Preparing for CMMC Level 1: What Your Organization Needs to Do The Real Cost of Doing Nothing in Cybersecurity MSP Security: Build vs Buy SOC The Rise of a Cybercrime Alliance: What LockBit, Qilin, and DragonForce Mean for Business Risk Cyber Threat Recovery Strategies for MSPs What MSPs Need to Know about CIRCIA Final Rule ClickFix: The Evolution of Copy-Paste Social Engineering Akira Ransomware: Threat Assessment of a Scalable RaaS Operation The Dos and Don’ts of Applying for a Cyber Insurance Policy What Is Threat Hunting? A Practical Guide for MSPs and SMBs The Business Case for Cyber Threat Management Evaluating Free and Open Source SIEM Tools in 2026 How organizations can combat BEC Using SASE to help meet cyber insurance requirements Introducing the Anomaly Framework Stopping Identity Threats with ITDR through MXDR Security Operations Over Tools Beyond Tools: A Strategic Approach to Data Security Cyber Threat Response Strategies for MSPs Threat Advisory: Email Account Compromise BECs In the Wild: When Millions of People Are Expecting the Same Email Michigan and Wisconsin Proposed Age Verification Bills and the Impact on VPNs and SASE: What You Need to Know Cyber Threat Detection Strategies for MSPs Cyber Threat Prevention Strategies for MSPs Simplifying CMMC Level 1 with Todyl GRC How to Complete Your CMMC Level 1 Self-Assessment: A Step-by-Step Walkthrough Cyber Threats Don't Take Time Off How MSPs Build Lasting Client Relationships Through Proactive Operations Risk Management for MSPs: Why Business Context Changes Everything 5 Pillars for Security Program Growth in 2025 One Action MSPs can take to Address Risk and Secure Clients Building Resilience in a Perimeter-less World with Defense-in-Depth Aligning Technology Implementation to Business Outcomes Top 5 Myths about Cybersecurity How Conditional Access Transforms Your Cybersecurity Program Why MSPs need to embrace a prescriptive model How Texas SB 2610 Positions MSPs as Strategic Risk Advisors Simplifying cybersecurity maturity with managed cloud SIEM Addressing firewall vulnerabilities Understanding the Pitfalls of RDP MSP Zero-Day Response Plan: When Security Tools Can't Help You Old is Gold: Tackling Persistent Vulnerabilities How MXDR drives operational efficiencies Using SASE for secure remote access How to find the best endpoint security solution The Cyber Insurance Crisis: Why MSPs and Their Clients Are Struggling What to ask of a prospective endpoint security vendor Thinking Red, Acting Blue: Turning Attack Tactics in Your Favor Zero-Day Attacks and False Alarms: Lessons for MSPs Dissecting the Recent Rise in 2025 Zero Days MSP Security Monitoring Strategy: Identity and Cloud Blind Spots Introducing the Todyl Community: A Collaborative Platform for MSPs Threat Advisory: PDFast Freeware Compromise Navigating Today’s Cybersecurity Threat Landscape: Where MSPs Should Start Threat Advisory: Understanding the Recent SonicWall SSL VPN Vulnerability and How to Protect Your Clients Partner Spotlight: GoTech IT Solutions Threat Advisory: SQL Injection in FortiClient CVE-2023-48788 The Importance of SSL Inspection Navigating Compliance Frameworks: Common Challenges and Effective Solutions Making the most of SASE Web Filtering Iran & Middle-East Geopolitical Shifts: Emerging Cyber Risks for SMBs MSP Security KPIs That Matter: Beyond Vanity Metrics to Business Outcomes MSP Challenges Looking into 2025 Combining EDR and NGAV for Defense-in-Depth Starting Your Security Framework Journey: A Practical Implementation Guide Cyber Insurance vs. Warranties: Key Risk Management Elements Akira Ransomware: A Persistent Threat to MSP Operations Transforming Cyber Insurance for MSPs and Their Clients Two Truths, Double Whammy: Why Vulnerability Remediation Needs a Rethink Using LAN ZeroTrust for segmentation The role of SIEM in incident response Partner Spotlight: 917 Solutions Threat Advisory: Business Email Compromise Campaign using OVPN for Obfuscation Beyond Implementation: Creating an Ongoing Security Framework Program ClickFix: Fake Captcha Leads to Real Damage Streamlining Security and Compliance Information Gathering with Assessments Partner Spotlight: AnchorSix Tips to Help MSPs Set Goals for the New Year How SIEM helps detect insider threats Massive Wave of Network Security Vulnerabilities Demands Immediate Action FortiJump: The FortiManager Zero-Day Vulnerability Explained Use cases of SASE: Software-defined perimeter Threat Advisory: LightPerlGirl Malware Why MSPs Must Prioritize CIS Critical Security Controls v8.1 for Client Success
EpiBrowser: A Sophisticated PUP Masquerading as Chromium
Ahsan Ayub · 2026-01-09 · via Todyl Blog

EpiBrowser is a Potentially Unwanted Program (PUP) that can install on a victim’s machine with or without their knowledge. To appear legitimate, it mimics Chromium-based browsers by using real Google Chrome components, most notably chrome_elf.dll, the library responsible for security initialization and system integration. It strengthens this deception with custom search engines (such as Yahoo!) and startup pages that mirror Chrome’s look and feel, exploiting user trust in the familiar brand.

Here is a GIF preview of the EpiBrowser performing an unwanted search redirection to Yahoo! Search engine.
Courtesy of PCRisk.com

Todyl’s EpiBrowser Findings

Observed Behaviors

  • Creation and modification of COM-based scheduled tasks for automatic execution
  • Registry autorun value manipulation to ensure boot-time activation
  • File association changes to redirect user browsing activities
  • Systematic reading of Internet Explorer security settings to map the browser environment
  • Proxy server configuration analysis to understand network routing and potential bypass mechanisms
  • Privacy and security setting modifications to reduce detection likelihood.

We also notice that it creates and subsequently terminates WerFault.exe (Windows Error Reporting service) during execution based on the samples’ behavior, which is a technique commonly associated with process hollowing or injection attacks.

Certificate Abuse

The threat actor signed the software using certificates issued to ‘Byte Media Sdn. Bhd.,’ a Johor, Malaysia–based digital transformation consultancy that provides IT modernization, usability, and advisory services.

What is the present and future impact?

Users tricked into installing this browser become victims of data collection and search redirection. They may also risk potential exposure to additional malware through sketchy ads and search results.  

The certificate abuse is particularly concerning because it's eroding one of our core trust mechanisms. If attackers can consistently obtain legitimate certificates from multiple CAs, the community may need to rethink our code signing verification approach entirely. With more malware families adopting these Chrome-mimicking techniques, EpiBrowser is a preview of what's coming, and we need to start preparing our defenses accordingly.

Guidance for MSPs

  • Monitor for unexpected modifications to browser settings and autorun registry entries
  • Exercise extreme caution when installing browser software from unfamiliar sources
  • Regularly audit installed programs and browser extensions
  • Monitor system startup programs for unexpected entries

Removal

Windows users can remove the browser from their system through the "Apps and Features" and "Programs and Features" options on Windows 11 and Windows 10, respectively.

Todyl Platform Capabilities

Todyl’s security solution is designed to detect this specific type of cyber threat with precision. Backed by our expert MXDR team, we provide continuous monitoring of suspicious activity to quickly identify potential threats and safeguard your most sensitive assets. We also collaborate closely with your team to develop custom detection rules, ensuring full visibility, transparency, and a security approach tailored to your unique environment.

Indicators of Compromise

The subject name of code signature is “Byte Media Sdn. Bhd."

(HKEY_CURRENT_USER\Software\EPISoftware\EpiBrowser*)

(HKEY_CURRENT_USER\Software\EPISoftware\Update*)

(HKEY_CURRENT_USER\SOFTWARE\Policies\EPISoftware\EpiBrowser)

Description: Epibrowser registry persistence

C:\Users\<USER>\AppData\Local\Temp
\epibrowser-bin\epibrowser.exe

C:\Users\<USER>\AppData\Local\EPISoftware
\EpiBrowser\Application\130.0.6723.147\notification_helper.exe

Description: The file locations of the application.

References

  1. https://www.malwarebytes.com/blog/detections/pup-optional-epibrowser
  2. https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor
  3. https://www.wipersoft.com/remove-epistart-epibrowser-potentially-unwanted-program/

Hashes

f52ca24fd5f99891
e0385959bad2ddd9

14040c0474ba5e16
c6d4d6fc20181d5e

184f49cade4b27dc
435fe24f18d31f14

10a3f5c065831b6c
889b289c5aacb02d

60b336093ae1c56e
9bcd3b8322533101

ed5dc60c6dfda6b4
ca321f147369de68

73c97542fe54228e
a553be487a8d1665

97222a357a9f423e
f3eee840154af91e

Dc03f86386c87623
1cef5e82c78ab75f

About Ahsan

Ahsan Ayub is a Security Research Engineer at Todyl with over 8 years of combined industry and research experience in Software Development, Cybersecurity, and AI. He is passionate about applying AI to solve real-world cybersecurity challenges, investigating security concerns within AI systems, and developing expertise in both defensive and offensive security practices.

Ahsan earned his Ph.D. from Tennessee Tech University with a focus on Cybersecurity and AI. Prior to joining Todyl, he worked as a Security Engineer at Vanderbilt University Medical Center (VUMC). He has published more than 10 peer-reviewed scholarly articles covering topics including ransomware, malware, cryptography, adversarial machine learning, responsible AI, domain generation algorithms (DGA), and network covert communication.

Outside of work, Ahsan enjoys traveling, playing sports, and connecting with people.