Malvertisers targeting users searching for popular software via Google Ads: Report


New Delhi, Oct 22 (IANS): A malvertising campaign has emerged that takes advantage of Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads, a new report has found.

According to the cybersecurity company Malwarebytes, the malvertising campaign is "unique in its way to fingerprint users and distribute time-sensitive payloads".

The attack targets users searching for Notepad++ and PDF converters with fake ads on Google search. These ads take users to a decoy site after filtering out bots and unwanted IP addresses.

The victim is redirected to a fake website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine.

Users who fail the security check are redirected to the legitimate Notepad++ website. Potential targets are assigned a unique ID for tracking and to make each download unique and time-sensitive, according to the report.

The final-stage malware establishes a connection to a remote domain ("mybigeye[.]icu") on a custom port and serves follow-on malware through an HTA payload.

"Threat actors are successfully applying evasion techniques that bypass ad verification checks and allow them to target certain types of victims," said Jerome Segura, director of threat intelligence, Malwarebytes.

"With a reliable malware delivery chain in hand, malicious actors can focus on improving their decoy pages and craft custom malware payloads," he added.

Users who land on the decoy site are tricked into downloading a malicious installer, which then executes FakeBat (a.k.a EugenLoader), a loader designed to download additional malicious code, the report noted.

 

  

Top Stories


Leave a Comment

Title: Malvertisers targeting users searching for popular software via Google Ads: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.