Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising

May 18, 2024 at 02:27PM A ransomware operation targeted Windows system administrators by using Google ads to promote fake download sites for WinSCP and PuTTY. The counterfeit sites hosted trojanized installers and exploited DLL sideloading to install the Sliver post-exploitation toolkit, allowing remote access and potential deployment of ransomware. This campaign utilized typosquatting and displayed … Read more

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

November 17, 2023 at 08:48AM Threat actors are using manipulated search results and bogus Google ads to trick users into downloading malware instead of legitimate software, such as WinSCP. The attack involves redirecting users to a compromised WordPress website, then an attacker-controlled phishing site, and finally to a fake WinSCP website where they unknowingly download … Read more