May 25, 2024 at 07:33PM
Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification when downloading software.
Key Points from Meeting Notes:
– A malicious Google Ads campaign targeted users looking to download the Arc web browser for Windows, leading them to trojanized installers with malware payloads.
– The Arc browser, known for its innovative user interface design, recently launched on Windows, following a successful launch on macOS.
– Cybercriminals took advantage of the Windows launch by setting up malicious advertisements on Google Search to lure users.
– These ads displayed legitimate URLs for Arc but then redirected users to typo-squatted domains that resemble the genuine website.
– Upon clicking the “Download” button, users download trojanized installer files from the MEGA hosting platform, which retrieve additional malicious payloads and exploit MEGA’s API for command and control operations.
– Malwarebytes also observed a separate infection chain involving the installer injecting code into msbuild.exe to retrieve commands for execution.
– The final payload is suspected to be an info-stealer, and due to stealthy installation and operation, users may not realize their devices are infected.
– The meeting concluded with a recommendation for users to avoid promoted search results on Google, use ad blockers, verify domain authenticity, and scan downloaded files with up-to-date antivirus tools before execution.
Please let me know if there are any additional points or specific details you would like to focus on from these meeting notes.