adUnits.push({
code: ‘Rpp_tecnologia_mas_tecnologia_Nota_Interna1’,
mediaTypes: {
banner: {
sizes: (navigator.userAgent.match(/iPhone|android|iPod/i)) ? [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100]] : [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100], [635, 90]]
}
},
bids: [{
bidder: ‘appnexus’,
params: {
placementId: ‘14149971’
}
},{
bidder: ‘rubicon’,
params: {
accountId: ‘19264’,
siteId: ‘314342’,
zoneId: ‘1604128’
}
},{
bidder: ‘amx’,
params: {
tagId: ‘MTUybWVkaWEuY29t’
}
},{
bidder: ‘oftmedia’,
params: {
placementId: navigator.userAgent.match(/iPhone|android|iPod/i) ? ‘22617692’: ‘22617693’
}
}]
});
The increase in cyberattacks over the past couple of years is undeniable, and criminal strategists continue to adapt their skills to a less suspicious environment and access privileged data from our accounts or devices. Now it’s an advertising platform Google which is the alert center.
Cyber security firm ESET discovered in Southeast Asia a type of scam based on fraudulent Google Ads campaigns that distribute the FatalRAT trojan on computers that click on certain advertisements.
The report, published on Twitter from an ESET research account, highlights targets distributed around the world, with a focus on China, Taiwan, Hong Kong, Malaysia, Japan, Philippines, Thailand, Singapore, Indonesia and Burma.
“Unknown attackers have created fake websites that look identical to popular apps like Firefox, WhatsApp or Telegram; but, in addition to providing legitimate software, they also provide FatalRAT, a remote access trojan that gives the attacker control over the victim’s computer.” highlights ESET in the report.
Following the publication of this output, the ads were removed from the Google Ads system.
Malware through Google Ads
According to the study, the attackers use the Google Ads system to appear in the search engine as a recommended result when users search for popular apps and their installers.
In addition to those mentioned above, ESET notes that Google Chrome, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office are the most searched brands.
The report alleges that the URLs used by the criminals contain some deliberate misspellings to “look” like legitimate domains for delivering an installation file with FatalRAT malware, a remote access trojan documented since August 2021.
Once installed, this malicious code takes full control of the infected computer, including executing commands and files, as well as collecting data from browsers and capturing everything we type on the keyboard.
“Attackers may only be interested in stealing information such as web credentials to sell on underground forums or use for other types of criminal software campaigns,” ESET clarifies, “But at the moment it is not possible to specifically attribute this campaign to a known or new threat actor.”
Source: RPP
I am Ben Stock, a passionate and experienced digital journalist working in the news industry. At the Buna Times, I write articles covering technology developments and related topics. I strive to provide reliable information that my readers can trust. My research skills are top-notch, as well as my ability to craft engaging stories on timely topics with clarity and accuracy.