In this era of rapidly evolving technology, the developments being made have both positive and negative sides and one such negative side is cyber-stealing. There is a new threat as DEV-0569 uses Google Ads to reach a huge amount of people and ultimately steal their passwords, spread malware and break the firewalls for Ransomware attacks.
Ever since the last few weeks, major Cybersecurity researchers Germán Fernández, Will Dormann, and MalwareHunterTeam have made it clear how Google search results are a full minefield of malicious ads that are just waiting to install malware into your device.
These ads hide behind the disguise of popular software programs like Lightshot, Rufus, 7-Zip, WinRAR, VLC, LibreOffice, FileZilla, and many more. How this works is simple, when the unsuspecting user clicks on the ads it takes them to a fake website that is the replica of the original. However, even though they seem genuine, when the user downloads the link they are putting an MSI file that installs malware that depends on the campaign that is being run by the hackers into your device.
As of now the malware downloaded by these campaigns include RedLine Stealer, Gozi/Ursnif, and Vidar, and it is suspected that Cobalt Strike and Ransomware could also be playing a part in this. Even though there are a lot of campaigns on the internet that are using this method, two stand out from the rest as their infrastructure has been formerly linked with Ransomware attacks.
Last year in February, Mandiant revealed a malware distribution campaign that was using SEO Poisoning to rank sites that were pretending to be popular. The gist of it was that whenever a user downloaded any sort of link from those websites they would let a new malware downloader called BatLoader into their device, which sets into motion a multi-stage infection process much like how an infection invades the human body. This malware would then give the hackers access to the target’s networks.
Read next: New Warning Issued Against Google Ads Invites That Are Being Abused To Deliver Spam
Ever since the last few weeks, major Cybersecurity researchers Germán Fernández, Will Dormann, and MalwareHunterTeam have made it clear how Google search results are a full minefield of malicious ads that are just waiting to install malware into your device.
These ads hide behind the disguise of popular software programs like Lightshot, Rufus, 7-Zip, WinRAR, VLC, LibreOffice, FileZilla, and many more. How this works is simple, when the unsuspecting user clicks on the ads it takes them to a fake website that is the replica of the original. However, even though they seem genuine, when the user downloads the link they are putting an MSI file that installs malware that depends on the campaign that is being run by the hackers into your device.
As of now the malware downloaded by these campaigns include RedLine Stealer, Gozi/Ursnif, and Vidar, and it is suspected that Cobalt Strike and Ransomware could also be playing a part in this. Even though there are a lot of campaigns on the internet that are using this method, two stand out from the rest as their infrastructure has been formerly linked with Ransomware attacks.
Last year in February, Mandiant revealed a malware distribution campaign that was using SEO Poisoning to rank sites that were pretending to be popular. The gist of it was that whenever a user downloaded any sort of link from those websites they would let a new malware downloader called BatLoader into their device, which sets into motion a multi-stage infection process much like how an infection invades the human body. This malware would then give the hackers access to the target’s networks.
Read next: New Warning Issued Against Google Ads Invites That Are Being Abused To Deliver Spam
