Tag: ads | SpinSafe

Ads for Zero-Day Exploit Sales Surge 70% Annually

February 28, 2024/in Internet Security

Security researchers have warned that threat actors are increasingly turning to zero-day exploits to increase the success rate of advanced targeted attacks.

Group-IB noted in its Hi-Tech Crime Trends Report 2023/2024 that it observed a 70% increase in public ads selling zero-day exploits between 2022 and 2023.

In some cases, such as the CVE-2023-38831 zero-day vulnerability in the ZIP file format, the threat actors that discover a bug provide access to clients for a subscription fee – in this case, $1000 per month.

Such threats are popular with advanced cybercrime groups and nation states, especially for cyber-espionage activities where threat actors need to establish persistence and spy on their victims for prolonged periods without discovery, the report claimed.

Elsewhere, Group-IB warned of a growing interest in ChatGPT credentials on the cybercrime underground, as a way to reach sensitive corporate date.

That’s because public LLM models automatically save chat logs with the AI model, but accounts are often not protected by multi-factor authentication (MFA).

“When using AI systems, users often enter all sorts of data, including confidential information such as internal source code, financial information, and trade secrets. Users sometimes even enter data intended for authentication in internal systems,” Group-IB explained.

That means any threat actor with access to a corporate user’s account could gain a direct pathway to a huge volume of sensitive information.

“This gives them access to logs with the communication history between employees and systems, which they can use to search for confidential information (for espionage purposes), details about internal infrastructure, authentication data (for conducting even more damaging attacks), and information about application source code (to analyze it and identify potential vulnerabilities that could be exploited),” the report noted.

Group-IB said it detected more than 225,000 infostealer logs up for sale on the dark web containing compromised ChatGPT credentials between January and October 2023.

As corporates invest…

Source…

Threat actors abuse Google Ads to distribute info-stealing malware: Report

November 10, 2023/in Computer Security

A threat actor was found abusing Google Ads to distribute a trojanised version of the CPU-Z tool to deliver the Redline info-stealing malware.

Threat actors were found using Google Ads to redirect users to a cloned copy of the legitimate Windows news site Windows Report.

Clicking on the ad takes the victim through a redirect step that tricks Google’s anti-abuse crawlers by sending invalid visitors to an innocuous site, a report from Bleeping Computer said.

Those deemed valid to receive the payload are redirected to a Windows news site that lookalike hosted on a number of different domains. Users are then presented with a “Download now” button that results in them installing a malicious script that loads the malware on devices.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

This malware is a powerful stealer able to collect passwords, cookies, and browsing data from a range of web browsers and applications, as well as sensitive data from cryptocurrency wallets.

Users are advised to be careful when clicking on promoted results in Google Search and check the loaded site and the domain match before downloading any files. Users can also make use of adblockers to automatically hide such results from their search results.

Source…

NSFW Facebook ads being used to spread dangerous malware — don’t click on these

October 31, 2023/in Computer Security

Hackers have devised a clever new way to trick unsuspecting Facebook users into downloading malware on their computers.

While having your Facebook hacked is bad enough as it is, a new campaign discovered by Bitdefender uses compromised Facebook Business accounts to deliver the NodeStealer malware.

Just like with other info-stealing malware, NodeStealer targets Windows PCs with the goal of stealing browser cookies as well as saved usernames and passwords which can then be used to compromise a user’s other online accounts.

According to a blog post from Meta’s engineering team, previous NodeStealer campaigns have used malicious documents to distribute this dangerous malware. However, this time around, hackers are now using malicious ads to do so.

Here’s everything you need to know about this latest NodeStealer campaign and why you might want to think twice before clicking on any ads you see online.

Duping Facebook users with fake photo albums

(Image credit: Shutterstock)

During its investigation into this new NodeStealer campaign, Bitdefender found that the hackers behind it have come up with an interesting way to get potential victims to click on their malicious ads.

In a blog post detailing its findings, the firm’s security researchers explained that NSFW ads are the main lure used in this campaign. These ads are for Facebook pages which feature scantily clad women as male users are the targeted demographic.

Bitdefender found a number of fake Facebook profiles using “Album Update”, “Album Girl News Update”, “Private Album Update”, “Hot Album Update Today” or other similar names. These profiles feature one or two photos of young women where their faces or NSFW outfits are censored.

Once these fake profiles are set up, the hackers then begin running ads on Facebook to promote their content with short descriptions like “New stuff is online today” or “Watch now before it’s deleted” to instill a sense of urgency and get unsuspecting users to click on them.

When a potential victim does click on one of these ads, instead of getting access to an album full of NSFW photos, they instead download a Windows executable. While most people know the dangers of…

Source…

Spyware can infect your phone or computer via the ads you see online – report

September 22, 2023/in Computer Security

(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.)

(THE CONVERSATION) Each day, you leave digital traces of what you did, where you went, who you communicated with, what you bought, what you’re thinking of buying, and much more. This mass of data serves as a library of clues for personalized ads, which are sent to you by a sophisticated network – an automated marketplace of advertisers, publishers and ad brokers that operates at lightning speed.

The ad networks are designed to shield your identity, but companies and governments are able to combine that information with other data, particularly phone location, to identify you and track your movements and online activity. More invasive yet is spyware – malicious software that a government agent, private investigator or criminal installs on someone’s phone or computer without their knowledge or consent. Spyware lets the user see the contents of the target’s device, including calls, texts, email and voicemail. Some forms of spyware can take control of a phone, including turning on its microphone and camera.

Article continues below this ad

Now, according to an investigative report by the Israeli newspaper Haaretz, an Israeli technology company called Insanet has developed the means of delivering spyware via online ad networks, turning some targeted ads into Trojan horses. According to the report, there’s no defense against the spyware, and the Israeli government has given Insanet approval to sell the technology.

Insanet’s spyware, Sherlock, is not the first spyware that can be installed on a phone without the need to trick the phone’s owner into clicking on a malicious link or downloading a malicious file. NSO’s iPhone-hacking Pegasus, for instance, is one of the most controversial spyware tools to emerge in the past five years.

Article continues below this ad

What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange….

Source…

Tag Archive for: ads