Skip to main content

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software.

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar.

The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords.

The ultimate objective of such attacks is to trick unsuspecting users into downloading malevolent programs or potentially unwanted applications.

In one campaign disclosed by Guardio Labs, threat actors have been observed creating a network of benign sites that are promoted on the search engine, which when clicked, redirect the visitors to a phishing page containing a trojanized ZIP archive hosted on Dropbox or OneDrive.

"The moment those 'disguised' sites are being visited by targeted visitors (those who actually click on the promoted search result) the server immediately redirects them to the rogue site and from there to the malicious payload," researcher Nati Tal said.


Among the impersonated software include AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack, and Zoom, among others.

Guardio Labs, which has dubbed the campaign MasquerAds, is attributing a huge chunk of the activity to a threat actor it is tracking under the name Vermux, noting that the adversary is "abusing a vast list of brands and keeps on evolving."


The Vermux operation has mainly singled out users in Canada and the U.S., employing masquerAds sites tailored to searches for AnyDesk and MSI Afterburner to proliferate cryptocurrency miners and Vidar information stealer.

The development marks the continued use of typosquatted domains that mimic legitimate software to lure users into installing rogue Android and Windows apps.


It's also far from the first time the Google Ads platform has been leveraged to dispense malware. Microsoft last month disclosed an attack campaign that leverages the advertising service to deploy BATLOADER, which is then used to drop Royal ransomware.

BATLOADER aside, malicious actors have also used malvertising techniques to distribute the IcedID malware via cloned web pages of well-known applications such as Adobe, Brave, Discord, LibreOffice, Mozilla Thunderbird, and TeamViewer.

"IcedID is a noteworthy malware family that is capable of delivering other payloads, including Cobalt Strike and other malware," Trend Micro said last week. "IcedID enables attackers to perform highly impactful follow through attacks that lead to total system compromise, such as data theft and crippling ransomware."

The findings also come as the U.S. Federal Bureau of Investigation (FBI) warned that "cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information."

Source; THN

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.