• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new malvertising campaign via google ads targets users searching for

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

You are here: Home / General Cyber Security News / New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
December 29, 2022

Consumers seeking for well-liked software package are remaining targeted by a new malvertising campaign that abuses Google Ads to provide trojanized variants that deploy malware, these kinds of as Raccoon Stealer and Vidar.

The activity tends to make use of seemingly credible sites with typosquatted domain names that are surfaced on prime of Google search effects in the form of malicious advertisements by hijacking lookups for certain search phrases.

The top goal of such attacks is to trick unsuspecting end users into downloading malevolent plans or potentially unwanted apps.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In just one marketing campaign disclosed by Guardio Labs, threat actors have been noticed generating a network of benign web-sites that are promoted on the lookup motor, which when clicked, redirect the visitors to a phishing site that contains a trojanized ZIP archive hosted on Dropbox or OneDrive.

“The second all those ‘disguised’ web pages are staying visited by targeted guests (those who basically simply click on the promoted search result) the server quickly redirects them to the rogue internet site and from there to the malicious payload,” researcher Nati Tal said.

CyberSecurity

Among the the impersonated software incorporate AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack, and Zoom, amongst others.

Guardio Labs, which has dubbed the marketing campaign MasquerAds, is attributing a huge chunk of the activity to a threat actor it is monitoring below the identify Vermux, noting that the adversary is “abusing a broad list of brands and retains on evolving.”

The Vermux procedure has predominantly singled out customers in Canada and the U.S., employing masquerAds web sites tailor-made to searches for AnyDesk and MSI Afterburner to proliferate cryptocurrency miners and Vidar information stealer.

The improvement marks the ongoing use of typosquatted domains that mimic genuine software package to entice buyers into installing rogue Android and Windows apps.

It really is also considerably from the initial time the Google Adverts platform has been leveraged to dispense malware. Microsoft previous thirty day period disclosed an attack marketing campaign that leverages the advertising company to deploy BATLOADER, which is then used to fall Royal ransomware.

BATLOADER apart, destructive actors have also utilised malvertising techniques to distribute the IcedID malware via cloned web pages of perfectly-recognized apps these types of as Adobe, Courageous, Discord, LibreOffice, Mozilla Thunderbird, and TeamViewer.

“IcedID is a noteworthy malware household that is able of delivering other payloads, like Cobalt Strike and other malware,” Development Micro mentioned last week. “IcedID permits attackers to execute hugely impactful abide by by means of attacks that guide to full procedure compromise, this sort of as facts theft and crippling ransomware.”

The findings also arrive as the U.S. Federal Bureau of Investigation (FBI) warned that “cyber criminals are using look for motor advertisement expert services to impersonate brands and direct users to destructive web pages that host ransomware and steal login credentials and other monetary information and facts.”

Found this write-up intriguing? Adhere to us on Twitter  and LinkedIn to browse additional exceptional content material we put up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «bitkeep confirms cyber attack, loses over $9 million in digital BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
Next Post: Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities thousands of citrix servers still unpatched for critical vulnerabilities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.