CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

admin by admin
January 1, 2023
in Information Security


Dec 29, 2022Ravie LakshmananOnline Security / Malvertising

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar.

The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords.

The ultimate objective of such attacks is to trick unsuspecting users into downloading malevolent programs or potentially unwanted applications.

In one campaign disclosed by Guardio Labs, threat actors have been observed creating a network of benign sites that are promoted on the search engine, which when clicked, redirect the visitors to a phishing page containing a trojanized ZIP archive hosted on Dropbox or OneDrive.

“The moment those ‘disguised’ sites are being visited by targeted visitors (those who actually click on the promoted search result) the server immediately redirects them to the rogue site and from there to the malicious payload,” researcher Nati Tal said.

CyberSecurity

Among the impersonated software include AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack, and Zoom, among others.

Guardio Labs, which has dubbed the campaign MasquerAds, is attributing a huge chunk of the activity to a threat actor it is tracking under the name Vermux, noting that the adversary is “abusing a vast list of brands and keeps on evolving.”

The Vermux operation has mainly singled out users in Canada and the U.S., employing masquerAds sites tailored to searches for AnyDesk and MSI Afterburner to proliferate cryptocurrency miners and Vidar information stealer.

The development marks the continued use of typosquatted domains that mimic legitimate software to lure users into installing rogue Android and Windows apps.

It’s also far from the first time the Google Ads platform has been leveraged to dispense malware. Microsoft last month disclosed an attack campaign that leverages the advertising service to deploy BATLOADER, which is then used to drop Royal ransomware.

BATLOADER aside, malicious actors have also used malvertising techniques to distribute the IcedID malware via cloned web pages of well-known applications such as Adobe, Brave, Discord, LibreOffice, Mozilla Thunderbird, and TeamViewer.

“IcedID is a noteworthy malware family that is capable of delivering other payloads, including Cobalt Strike and other malware,” Trend Micro said last week. “IcedID enables attackers to perform highly impactful follow through attacks that lead to total system compromise, such as data theft and crippling ransomware.”

The findings also come as the U.S. Federal Bureau of Investigation (FBI) warned that “cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Illuminatebehind

Next Post

Illuminatelook-2023 ~ Future of CIO

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

Illuminatelook-2023 ~ Future of CIO

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.