Read Time:1 Minute, 25 Second
Users looking for well-known programs are the target of a new malvertising campaign that employs Google Ads to spread malware like Raccoon Stealer and trojanized variants of Vidar.
By fooling consumers into looking for specific phrases, the technique uses websites with typosquatted domain names appearing on top of Google search results as detrimental advertisements.
The main objective of such assaults is to trick unsuspecting users into installing malicious software or possibly unwanted programs.
The creators of Guardio, a simple extension that facilitates secure browsing for users, Guardio Labs, have revealed something in a campaign regarding threat actors. The data protection company claimed to be creating a network of safe websites promoted on several search engines.
The visitor will access a phishing page once the advertisements are clicked. It is the location of a compromised ZIP archive that is stored on OneDrive or Dropbox.
“The moment those ‘disguised’ sites are being visited by targeted visitors (those who actually click on the promoted search result), the server immediately redirects them to the rogue site and from there to the malicious payload,” researcher Nati Tal stated.
The cyber attackers are using the Google Ads platform to distribute the malware. Even Microsoft has reported that an attack campaign uses an advertising service to deploy BATLOADER.
Another malware, IcedID, is distributed through various malvertising techniques on cloned web pages of legit software like Adobe, Discord, and Brave.
“IcedID is a noteworthy malware family that is capable of delivering other payloads, including Cobalt Strike and other malware.
“IcedID enables attackers to perform highly impactful follow-through attacks that lead to total system compromise, such as data theft and crippling ransomware,” noted Trend Micro.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
