HomeTechnologyViruses in advertising: criminals...

Viruses in advertising: criminals disguise malware in Google Ads

Cybercriminals spread malware using Google Ads in Asia | Fountain: ESET

adUnits.push({
code: ‘Rpp_tecnologia_mas_tecnologia_Nota_Interna1’,
mediaTypes: {
banner: {
sizes: (navigator.userAgent.match(/iPhone|android|iPod/i)) ? [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100]] : [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100], [635, 90]]
}
},
bids: [{
bidder: ‘appnexus’,
params: {
placementId: ‘14149971’
}
},{
bidder: ‘rubicon’,
params: {
accountId: ‘19264’,
siteId: ‘314342’,
zoneId: ‘1604128’
}
},{
bidder: ‘amx’,
params: {
tagId: ‘MTUybWVkaWEuY29t’
}
},{
bidder: ‘oftmedia’,
params: {
placementId: navigator.userAgent.match(/iPhone|android|iPod/i) ? ‘22617692’: ‘22617693’
}
}]
});

The increase in cyberattacks over the past couple of years is undeniable, and criminal strategists continue to adapt their skills to a less suspicious environment and access privileged data from our accounts or devices. Now it’s an advertising platform Google which is the alert center.

Cyber ​​security firm ESET discovered in Southeast Asia a type of scam based on fraudulent Google Ads campaigns that distribute the FatalRAT trojan on computers that click on certain advertisements.

The report, published on Twitter from an ESET research account, highlights targets distributed around the world, with a focus on China, Taiwan, Hong Kong, Malaysia, Japan, Philippines, Thailand, Singapore, Indonesia and Burma.

“Unknown attackers have created fake websites that look identical to popular apps like Firefox, WhatsApp or Telegram; but, in addition to providing legitimate software, they also provide FatalRAT, a remote access trojan that gives the attacker control over the victim’s computer.” highlights ESET in the report.

Following the publication of this output, the ads were removed from the Google Ads system.

Malware through Google Ads

According to the study, the attackers use the Google Ads system to appear in the search engine as a recommended result when users search for popular apps and their installers.

In addition to those mentioned above, ESET notes that Google Chrome, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office are the most searched brands.

Attackers take advantage of popular applications to inject malware into downloaded files.
Hackers take advantage of popular apps to inject malware into downloads | Fountain: ESET

The report alleges that the URLs used by the criminals contain some deliberate misspellings to “look” like legitimate domains for delivering an installation file with FatalRAT malware, a remote access trojan documented since August 2021.

Once installed, this malicious code takes full control of the infected computer, including executing commands and files, as well as collecting data from browsers and capturing everything we type on the keyboard.

“Attackers may only be interested in stealing information such as web credentials to sell on underground forums or use for other types of criminal software campaigns,” ESET clarifies, “But at the moment it is not possible to specifically attribute this campaign to a known or new threat actor.”

Source: RPP

- A word from our sponsors -

Most Popular

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More from Author

- A word from our sponsors -

Read Now

Putin is ready to hide with Zelensky subsequently good work – sandwiches

Russian dictator Vladimir Putin is ready to meet with the President of Ukraine Vladimir Zelenski. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } The Kremlin did not exclude the possibility...

Ukrainian pvo deprived of practical all Russian drones at night

Ukrainian air defense at night worked effectively on Russian drones. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } On the night of August 4, the invaders launched 162 shahajd drones...

Zelensky introduction of Sannsias against the captain of the “grain” of the Fleet Ten in the Russian Federation

Ukraine imposed new sanctions against the Russian Federation. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } President Volodymyr Zelensky signed decrees No. 579/2025 and No. 580/2025 on the decision of...

Steams stood in the Russian attack on Severia directions (video)

Ukrainian paratroopers led to the new losses of the Russian army. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } In the direction of Seversky, the invaders went to the attack...

Shakhheda was attacked in the Odessa region – large fires (photo)

Russian shock drones attacked the region of Odessa. .in_text_content_22 {width: 300px; Height: 600px; } @Media (min-width: 600px) {.in_text_content_22 {width: 580px; Height: 400px; }} .Adsbygoogle {Touch-Action: Manipulation; } On Monday evening, August 4, large fires broke out in the clothing region. Firefighters,...