Pages

This New Infostealer is Using Google Ads Mimicking OpenOffice Products

It seems like a new form of malware is poised to launch one of its first major campaigns of the year, namely an infostealer by the name of Mars Malware. This new malware is an update of the Oski malware that stole a massive amount of information from a wide range of apps in 2020 before it was finally taken down, and it is currently available for a very low price of around $150 or so.

With all of that having been said and now out of the way, it is important to note that the recent shut down of the Raccoon Stealer malware. Cybercriminals started rushing to find alternatives because of the fact that this is the sort of thing that could potentially end up allowing them to keep their future criminal plans on track, and it seems that Mars Malware is quickly becoming the most popular alternative for them to implement.

According to a threat analysis conducted by Morphisec, it seems that the developers behind this malware are capitalizing on its popularity which is a direct result to how similar it is to former popular malware options. They are doing so by placing Google Ads strategically to market sites that are OpenOffice clones, and using such a prominent brand name that too on such a widely trusted ad platform will greatly increase the popularity of this malware with all things having been considered and taken into account.

Going to this site will likely result in users having the malware code executed in their systems, and that will greatly compromise the security of their own data. Ironically, the threat actor behind this malware infected their own system with the malware as well which led to their log directories for their victims getting exposed. This revealed how they used credentials stolen from others to pay for the ads they posted on Google, and it also showed that the person behind the app is of Russian origin. Further research is being conducted to mitigate any damage that this malware might cause in the future to protect users that might come across it.


Read next: Bad Actors Can Now Obtain Dangerous Cyber Attack Kits On The Dark Web For Less Than $50

No comments: