• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new malvertising campaign via google ads targets users searching for

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

You are here: Home / General Cyber Security News / New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
December 29, 2022

Consumers seeking for well-liked software package are remaining targeted by a new malvertising campaign that abuses Google Ads to provide trojanized variants that deploy malware, these kinds of as Raccoon Stealer and Vidar.

The activity tends to make use of seemingly credible sites with typosquatted domain names that are surfaced on prime of Google search effects in the form of malicious advertisements by hijacking lookups for certain search phrases.

The top goal of such attacks is to trick unsuspecting end users into downloading malevolent plans or potentially unwanted apps.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In just one marketing campaign disclosed by Guardio Labs, threat actors have been noticed generating a network of benign web-sites that are promoted on the lookup motor, which when clicked, redirect the visitors to a phishing site that contains a trojanized ZIP archive hosted on Dropbox or OneDrive.

“The second all those ‘disguised’ web pages are staying visited by targeted guests (those who basically simply click on the promoted search result) the server quickly redirects them to the rogue internet site and from there to the malicious payload,” researcher Nati Tal said.

CyberSecurity

Among the the impersonated software incorporate AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack, and Zoom, amongst others.

Guardio Labs, which has dubbed the marketing campaign MasquerAds, is attributing a huge chunk of the activity to a threat actor it is monitoring below the identify Vermux, noting that the adversary is “abusing a broad list of brands and retains on evolving.”

The Vermux procedure has predominantly singled out customers in Canada and the U.S., employing masquerAds web sites tailor-made to searches for AnyDesk and MSI Afterburner to proliferate cryptocurrency miners and Vidar information stealer.

The improvement marks the ongoing use of typosquatted domains that mimic genuine software package to entice buyers into installing rogue Android and Windows apps.

It really is also considerably from the initial time the Google Adverts platform has been leveraged to dispense malware. Microsoft previous thirty day period disclosed an attack marketing campaign that leverages the advertising company to deploy BATLOADER, which is then used to fall Royal ransomware.

BATLOADER apart, destructive actors have also utilised malvertising techniques to distribute the IcedID malware via cloned web pages of perfectly-recognized apps these types of as Adobe, Courageous, Discord, LibreOffice, Mozilla Thunderbird, and TeamViewer.

“IcedID is a noteworthy malware household that is able of delivering other payloads, like Cobalt Strike and other malware,” Development Micro mentioned last week. “IcedID permits attackers to execute hugely impactful abide by by means of attacks that guide to full procedure compromise, this sort of as facts theft and crippling ransomware.”

The findings also arrive as the U.S. Federal Bureau of Investigation (FBI) warned that “cyber criminals are using look for motor advertisement expert services to impersonate brands and direct users to destructive web pages that host ransomware and steal login credentials and other monetary information and facts.”

Found this write-up intriguing? Adhere to us on Twitter  and LinkedIn to browse additional exceptional content material we put up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «bitkeep confirms cyber attack, loses over $9 million in digital BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
Next Post: Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities thousands of citrix servers still unpatched for critical vulnerabilities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands
  • N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks
  • Ransomware-as-a-Service: The Growing Threat You Can’t Ignore
  • Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software
  • WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
  • Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme
  • Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics
  • New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
  • Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’
  • Building a Robust Threat Intelligence with Wazuh

Copyright © TheCyberSecurity.News, All Rights Reserved.