March 15, 2024 at 02:51AM
Chinese users seeking legitimate software like Notepad++ and VNote on Baidu are targeted with malicious ads, distributing trojanized versions of the software and deploying Geacon. Malicious websites offer download links to these software versions, leading to different types of malware. The malvertising campaigns also distribute other malware like FakeBat via MSIX installer files.
Based on the meeting notes, the key takeaways are:
– Chinese users searching for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links.
– The malicious site vnote.fuwenkeji[.]cn contains download links to trojanized versions of the software, with Windows, Linux, and macOS versions being affected.
– Fake look-alike websites for VNote lead to the same set of potentially malicious links as the Notepad– installer.
– The modified Notepad– installers are designed to retrieve a next-stage payload from a remote server, exhibiting similarities with the Geacon backdoor.
– Malvertising campaigns have also acted as a conduit for other malware such as FakeBat (aka EugenLoader) with the help of MSIX installer files masquerading as legitimate software.
This information highlights the need for heightened awareness and caution when downloading software, and the potential risks associated with malvertising campaigns.