January 26, 2024 at 05:48AM
Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential harvesting pages for Microsoft 365 users.
Key takeaways from the meeting notes:
1. Chinese-speaking users are being targeted by malicious Google ads, leading to the download of Remote Administration Trojans (RATs). The campaign, codenamed FakeAPP, has expanded to include messaging app LINE in addition to WhatsApp and Telegram.
2. Malicious ads were traced to advertiser accounts based in Nigeria – Interactive Communication Team Limited and Ringier Media Nigeria Limited.
3. A phishing-as-a-service (PhaaS) platform called Greatness is being used to create legitimate-looking credential harvesting pages targeting Microsoft 365 users. The kit is sold for $120 per month, enabling attackers to conduct attacks at scale and bypass security systems with anti-detection measures.
4. Phishing attacks have been observed impersonating tech companies like Kakao to distribute AsyncRAT via malicious Windows shortcut (LNK) files.
These takeaways highlight the ongoing threats of malvertising, phishing, and malware distribution, emphasizing the need for vigilance and updated security measures.