#Malvertising

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

by

January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential … Read more

Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload

by

January 11, 2024 at 09:00AM Cybersecurity researchers have found an enhanced version of the macOS information stealer, Atomic (AMOS), with updated capabilities, including payload encryption to bypass detection rules. Its cost has risen to $3,000/month with a festive promotion. Malvertising campaigns impersonating Slack and TradingView are used to distribute the malware. Caution is advised when … Read more

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

by

December 19, 2023 at 06:33AM The PikaBot malware loader, previously distributed through malspam campaigns, has now been linked to malvertising targeting users seeking software like AnyDesk. It operates as a backdoor, enabling unauthorized remote access and delivery of other malicious tools. PikaBot is employed by threat actors, including TA577, using sophisticated techniques to evade detection … Read more

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

by

December 4, 2023 at 12:00AM Microsoft alerts of a CACTUS ransomware spread through malvertising, deploying DanaBot for initial access, leading to attacks by the Storm-0216 group. DanaBot’s usage follows law enforcement disrupting QakBot. Recent attacks also exploit Qlik Sense vulnerabilities and a new macOS ransomware called Turtle has emerged. Clear Takeaways from Meeting Notes on … Read more

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

by

November 17, 2023 at 08:48AM Threat actors are using manipulated search results and bogus Google ads to trick users into downloading malware instead of legitimate software, such as WinSCP. The attack involves redirecting users to a compromised WordPress website, then an attacker-controlled phishing site, and finally to a fake WinSCP website where they unknowingly download … Read more

BlackCat plays with malvertising traps to lure corporate victims

by

November 16, 2023 at 09:48AM ALPHV/BlackCat ransomware-as-a-service affiliates are resorting to malvertising campaigns to gain initial access to victims’ systems. They are using paid ads for popular business software like Slack and Cisco AnyConnect to trick corporate victims into downloading Nitrogen malware, which can then be used to deploy ransomware. eSentire’s Threat Response Unit has … Read more

Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season

by

November 14, 2023 at 11:33PM Malwarebytes has released new threat research showing an increase in credit card skimming for the holiday shopping season. The report highlights the Kritec campaign, which has compromised hundreds of websites with realistic payment templates. Malvertising is also on the rise, with a 42% increase in incidents in the US. Malwarebytes … Read more

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

by

November 9, 2023 at 09:09AM A malvertising campaign is targeting users searching for CPU-Z by serving malicious ads that redirect them to a fake Windows news portal. The campaign also cloaks itself by showing innocuous content to those not targeted. The rogue website contains a malicious script that deploys RedLine Stealer. Similar deceptive Google Ads … Read more

New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics

by

November 6, 2023 at 01:00PM An updated version of the information stealer malware Jupyter has resurfaced with new tactics to establish a persistent presence on compromised systems. The malware leverages PowerShell command modifications and signatures of private keys to appear as a legitimately signed file. It utilizes manipulated search engine optimization and malvertising to trick … Read more

Trojanized PyCharm Software Version Delivered via Google Search Ads

by

October 31, 2023 at 07:06AM A malvertising campaign has been discovered that exploits a compromised website to promote fake versions of PyCharm on Google search results. Users who clicked on the ad were directed to a hacked webpage that installed multiple malware. The campaign takes advantage of Dynamic Search Ads offered by Google, allowing threat … Read more