May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more
May 18, 2024 at 02:27PM A ransomware operation targeted Windows system administrators by using Google ads to promote fake download sites for WinSCP and PuTTY. The counterfeit sites hosted trojanized installers and exploited DLL sideloading to install the Sliver post-exploitation toolkit, allowing remote access and potential deployment of ransomware. This campaign utilized typosquatting and displayed … Read more
April 5, 2024 at 12:50PM Hackers are using hijacked Facebook pages and advertisements to promote fake AI services, infecting users with password-stealing malware. The malvertising campaigns trick users into fraudulent Facebook communities, then entice them to download malicious executables. The stolen data is sold on the dark web or used for further scams. These sophisticated … Read more
January 6, 2024 at 11:46AM Cybercriminals are exploiting X ads to promote crypto scams including fake airdrops and drainer sites, targeting those interested in cryptocurrencies. X’s advertising algorithm matches users’ interests, resulting in an increasing volume of malicious ads. Despite warnings and skepticism over X’s ad vetting, it’s reported that malicious ads have significantly grown, … Read more
December 21, 2023 at 04:28PM Google and Twitter ads are promoting a malicious cryptocurrency drainer called ‘MS Drainer,’ responsible for stealing $59 million from over 63,000 victims. The drainer operates through phishing websites and malicious contracts, with its source code sold to cybercriminals for $1,500. Fraudulent ads for MS Drainer appear on Google and Twitter, … Read more
November 16, 2023 at 09:48AM ALPHV/BlackCat ransomware-as-a-service affiliates are resorting to malvertising campaigns to gain initial access to victims’ systems. They are using paid ads for popular business software like Slack and Cisco AnyConnect to trick corporate victims into downloading Nitrogen malware, which can then be used to deploy ransomware. eSentire’s Threat Response Unit has … Read more
November 9, 2023 at 11:15AM A threat actor has been using Google Ads to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware. Malicious ads redirect victims to a cloned copy of a legitimate Windows news site, where they are prompted to download a digitally-signed CPU-Z installer. This installer contains a … Read more
October 30, 2023 at 06:13PM A new method of using vulnerable websites to deliver malicious ads to search engine users has been discovered. The technique involves using Google’s “dynamic search ads” feature to pair targeted ads with searches. A compromised website was used to serve a fake software ad, overwhelming victims with malware. The researcher … Read more