HomeTechnologyViruses in advertising: criminals...

Viruses in advertising: criminals disguise malware in Google Ads

Cybercriminals spread malware using Google Ads in Asia | Fountain: ESET

adUnits.push({
code: ‘Rpp_tecnologia_mas_tecnologia_Nota_Interna1’,
mediaTypes: {
banner: {
sizes: (navigator.userAgent.match(/iPhone|android|iPod/i)) ? [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100]] : [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100], [635, 90]]
}
},
bids: [{
bidder: ‘appnexus’,
params: {
placementId: ‘14149971’
}
},{
bidder: ‘rubicon’,
params: {
accountId: ‘19264’,
siteId: ‘314342’,
zoneId: ‘1604128’
}
},{
bidder: ‘amx’,
params: {
tagId: ‘MTUybWVkaWEuY29t’
}
},{
bidder: ‘oftmedia’,
params: {
placementId: navigator.userAgent.match(/iPhone|android|iPod/i) ? ‘22617692’: ‘22617693’
}
}]
});

The increase in cyberattacks over the past couple of years is undeniable, and criminal strategists continue to adapt their skills to a less suspicious environment and access privileged data from our accounts or devices. Now it’s an advertising platform Google which is the alert center.

Cyber ​​security firm ESET discovered in Southeast Asia a type of scam based on fraudulent Google Ads campaigns that distribute the FatalRAT trojan on computers that click on certain advertisements.

The report, published on Twitter from an ESET research account, highlights targets distributed around the world, with a focus on China, Taiwan, Hong Kong, Malaysia, Japan, Philippines, Thailand, Singapore, Indonesia and Burma.

“Unknown attackers have created fake websites that look identical to popular apps like Firefox, WhatsApp or Telegram; but, in addition to providing legitimate software, they also provide FatalRAT, a remote access trojan that gives the attacker control over the victim’s computer.” highlights ESET in the report.

Following the publication of this output, the ads were removed from the Google Ads system.

Malware through Google Ads

According to the study, the attackers use the Google Ads system to appear in the search engine as a recommended result when users search for popular apps and their installers.

In addition to those mentioned above, ESET notes that Google Chrome, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office are the most searched brands.

Attackers take advantage of popular applications to inject malware into downloaded files.
Hackers take advantage of popular apps to inject malware into downloads | Fountain: ESET

The report alleges that the URLs used by the criminals contain some deliberate misspellings to “look” like legitimate domains for delivering an installation file with FatalRAT malware, a remote access trojan documented since August 2021.

Once installed, this malicious code takes full control of the infected computer, including executing commands and files, as well as collecting data from browsers and capturing everything we type on the keyboard.

“Attackers may only be interested in stealing information such as web credentials to sell on underground forums or use for other types of criminal software campaigns,” ESET clarifies, “But at the moment it is not possible to specifically attribute this campaign to a known or new threat actor.”

Source: RPP

- A word from our sponsors -

Most Popular

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More from Author

- A word from our sponsors -

Read Now

Dmitry Rogozin – Gur was died in the Kherson region

The Chevrolet Aveo car, in which there were three Russian UAV operators in the so-called center of special targets of the Bars-Sarmat unmanned systems, exploded today, July 4, on the outskirts of the temporarily occupied settlement of the Kherson region. .in_text_content_22 {width: 300px; Height:...

Russia will begin the pain of Shahas Shakha

Russia can start launching a thousand or more shahs within one day for a simultaneous attack on the territory of Ukraine. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } About...