Skip to main content

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps.

By Editor

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.

The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down.

Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office.

"The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China," the Slovak cybersecurity firm said, adding it observed the attacks between August 2022 and January 2023.

A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar.

The most important aspect of the attacks is the creation of lookalike websites with typosquatted domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT.

In doing so, it grants the attacker complete control of the victimized computer, including executing arbitrary shell commands, running files, harvesting data from web browsers, and capturing keystrokes.

"The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible," the researchers said. "The fake websites are, in most cases, identical copies of the legitimate sites."


The findings arrive less than a year after Trend Micro disclosed a Purple Fox campaign that leveraged tainted software packages Adobe, Google Chrome, Telegram, and WhatsApp as an arrival vector to propagate FatalRAT.

They also arrive amid a broader abuse of Google Ads to serve a wide range of malware, or alternatively, take users to credential phishing pages.

In a related development, Symantec's Threat Hunter Team shed light on another malware campaign that targets entities in Taiwan with a previously undocumented .NET-based implant dubbed Frebniis.

"The technique used by Frebniis involves injecting malicious code into the memory of a DLL file (iisfreb.dll) related to an IIS feature used to troubleshoot and analyze failed web page requests," Symantec said.

"This allows the malware to stealthily monitor all HTTP requests and recognize specially formatted HTTP requests sent by the attacker, allowing for remote code execution."

The cybersecurity firm, which attributed the intrusion to an unknown actor, said it's currently not known how access to the Windows machine running the Internet Information Services (IIS) server was obtained.


Source; THN.

Comments

Post a Comment

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

By Editor
The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...
Post a Comment
Read more

President Museveni Praises Soldiers for Torturing Bobi Wine in Arua on August 2018.

By Editor
        President Museveni at the passout of police officers in Masindi Friday https://www.facebook.com/1829407613953796 President Museveni has praised his Special Forces Command [SFC] guards for properly and legally beating National Unity Platform [NUP] presidential flagbearer, Robert Kyagulanyi aka Bobi Wine. “The other day, there was a fracas in West Nile where our young friend Bobi Wine was fighting security people,” Museveni said Friday while passing out police recruits at Kabalye Training School in Masindi district. “I think they beat him a bit and then they came and said a Member of Parliament has been beaten. I said let me study and see how he was beaten. I found the man had been beaten in the right way,” Museveni explained. “This was because…I think this was SFC people who are not police-minded. They are used to doing other things. But somehow they managed to act properly, I was surprised.” When they [SFC] went where this young man was in the room, he had ca...
Post a Comment
Read more

Parliament Urges Government to Provide Shs 4 Billion to Media Houses to Run Awareness Campaign on Tourism in Uganda.

By Editor
Parliament also urged Gov’t to provide additional Shs4Bn to UTB to engage international and national media houses in production of positive media stories for improved destination image, following reports of drop in number of tourists from US, Europe and China visiting Uganda. "The National Development Plan targeted to cumulatively attract 281,760 International Tourist arrivals from US, Europe & China but only 67,252 arrivals were registered by the end of the first half of FY 2023/24. The U.S, Europe & China were key target source for leisure tourist who stay longer than business tourists. However, statistics show that international arrivals from the aforementioned areas have continue to drop. The UTB requires Shs4Bn to engage international & national media houses in production of positive tourism stories to improve destination perception in light of recent controversies that shade the destination in a bad light. However, this has remained unfunded,” said La...
Post a Comment
Read more