Tag: ads | Page 3

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

February 16, 2023/in Computer Security

Feb 16, 2023Ravie LakshmananAd Fraud / Malware

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.

The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down.

Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office.

“The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China,” the Slovak cybersecurity firm said, adding it observed the attacks between August 2022 and January 2023.

A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar.

The most important aspect of the attacks is the creation of lookalike websites with typosquatted domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT.

In doing so, it grants the attacker complete control of the victimized computer, including executing arbitrary shell commands, running files, harvesting data from web browsers, and capturing keystrokes.

“The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible,” the researchers said. “The fake websites are, in most cases, identical copies of the legitimate sites.”

The findings arrive less than a year after Trend Micro disclosed a Purple Fox campaign that leveraged tainted software packages Adobe, Google Chrome, Telegram, and WhatsApp as an arrival vector to propagate FatalRAT.

They also arrive amid a broader abuse of Google Ads to serve a wide range of malware, or alternatively, take users to credential phishing pages.

In a related development,…

Source…

Google Ads exploited for network breaches | SC Media – SC Media

January 25, 2023/in Computer Security

Google Ads exploited for network breaches | SC Media SC Media

Source…

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

November 20, 2022/in Internet Security

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware.

Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569.

“Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation,” the Microsoft Security Threat Intelligence team said in an analysis.

The threat actor is known to rely on malvertising to point unsuspecting victims to malware downloader links that pose as software installers for legitimate apps like Adobe Flash Player, AnyDesk, LogMeIn, Microsoft Teams, and Zoom.

The malware downloader, a strain referred to as BATLOADER, is a dropper that functions as a conduit to distribute next-stage payloads. It has been observed to share overlaps with another malware called ZLoader.

A recent analysis of BATLOADER by eSentire and VMware called out the malware’s stealth and persistence, in addition to its use of search engine optimization (SEO) poisoning to lure users to download the malware from compromised websites or attacker-created domains.

Alternatively, phishing links are shared through spam emails, fake forum pages, blog comments, and even contact forms present on targeted organizations’ websites.

“DEV-0569 has used varied infection chains using PowerShell and batch scripts that ultimately led to the download of malware payloads like information stealers or a legitimate remote management tool used for persistence on the network,” the tech giant noted.

“The management tool can also be an access point for the staging and spread of ransomware.”

Also utilized is a tool known as NSudo to launch programs with elevated privileges and impair defenses by adding registry values that are designed to disable antivirus solutions.

The use of Google Ads to deliver BATLOADER selectively marks a diversification of the DEV-0569’s distribution vectors, enabling it to reach more targets and deliver malware payloads, the company…

Source…

Is my smartphone listening to me? How to end targeted ads and hackers

November 17, 2022/in Computer Security

Sometimes I feel like I spend my entire day dodging attacks on my digital identity. I wake up to scammy text messages begging me to click sketchy links. I delete them. Brush my teeth.

Open my email and voila! Fake sweepstakes emails — from my own email address, no less — telling me I won everything from a power drill to a Yeti cooler. I delete those, too. By noon I’ve silenced at least a half dozen robocalls, and at least once a day I see a Facebook ad for something I recently talked to my husband about — is Siri eavesdropping on me, too?

Obviously, I’m not alone. With so many scams floating around we’re all starting to see privacy dangers around every mouse click, even where they might not exist, like in a Snapchat filter.

The recent midterm elections and upcoming Black Friday/Cyber Monday online shopping extravaganza have only made these concerns more intense. If you haven’t gotten at least a hundred unsolicited text messages — again, with sketchy-looking links — consider yourself lucky.

Where is all of this headed? Are we forever doomed to a future of digital paranoia, and the threat of cybercrime, stolen money, identities or worse? Is there a way to break free from all these shady spammers, scammers and thieves?

The good news is: It all gets a lot less scary once you realize what is going on.

Now you know:7 default settings tech companies don’t ever want you to change

An email from myself?

I get emails from myself all the time … only I never sent them. They’re often low-effort scam-bait messages claiming that I won something or I have unclaimed funds somewhere. Or even more annoying, that I’ve been hacked “watching porn” on my laptop and better pay up — or else.

Spoiler alert, there’s no watching porn or getting hacked actually going on, these are among the most common of threats.

Source…

Tag Archive for: ads