July 31, 2024 at 01:48PM Google’s ad platform has been manipulated by threat actors to display fake Google Authenticator ads, distributing the DeerStealer malware. Malicious ads impersonate trusted sites, presenting a challenge for detection. Despite efforts to block malicious advertisers, threat actors continue to evade detection through URL cloaking. Clicking on the ads leads to … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
November 17, 2023 at 08:48AM Threat actors are using manipulated search results and bogus Google ads to trick users into downloading malware instead of legitimate software, such as WinSCP. The attack involves redirecting users to a compromised WordPress website, then an attacker-controlled phishing site, and finally to a fake WinSCP website where they unknowingly download … Read more
October 20, 2023 at 10:09AM A malvertising campaign using Google Ads has been discovered that targets users searching for popular software. The campaign directs users to fake landing pages and distributes malware payloads. The attack filters out bots and unwanted IP addresses, and redirects potential victims to replica websites. The malware establishes a connection to … Read more
October 19, 2023 at 02:18PM A Google Ads campaign has been discovered promoting a fake KeePass download site that distributes malware. Threat actors are using Punycode to make the domain appear official, posing a challenge for security-conscious users. The Punycode domain is visually similar to the legitimate KeePass domain but with a slight difference. The … Read more