Keypoints :
Online criminals are targeting Google Ads advertisers through phishing.…Summary :
Threat actors are increasingly using social engineering tactics to deliver malware through browsers, exploiting clipboard functionality to execute malicious commands. #MalwareDelivery #SocialEngineering #CyberSecurity
Keypoints :
Threat actors are leveraging browsers to deliver malware while evading antivirus detection. Social engineering plays a crucial role in these attacks, often tricking victims into executing malicious commands.…Summary :
A malicious campaign targeting Kaiser Permanente employees through Google Search Ads was detected, leading to a compromised website that spreads the SocGholish malware. The attackers aimed to phish for login credentials but redirected victims to a site that prompted a fake browser update, ultimately infecting their machines.…
Summary:
The article discusses a prevalent scam targeting QuickBooks users, primarily through fraudulent Google ads that lead to malicious downloads. Scammers utilize fake popups to instill fear in users, prompting them to seek assistance through fraudulent channels. The article highlights the methods used by these scammers and warns users about the dangers of remote access to their computers.…Summary:
The resurgence of the FakeBat malware loader highlights the ongoing threat posed by malicious ads on search engines. This loader, which has previously been linked to various payloads, was recently detected delivering the LummaC2 stealer through a fraudulent Google ad for the productivity application Notion.…Summary:
Tech support scammers are targeting eBay customers in the U.S. through fraudulent Google ads that mislead users into calling fake customer service numbers. These ads exploit eBay’s branding and redirect victims to bogus websites, posing significant risks to consumers.Keypoints:
Scammers are using fraudulent Google ads to target eBay customers.…Summary:
A new phishing campaign targeting Keybank customers has been identified, utilizing Bing’s search engine to display malicious links as top search results. The attackers employ various techniques to evade detection and bypass security measures, including multi-factor authentication. Users are urged to adopt stronger security practices to protect their banking information.…Short Summary:
Google is currently A/B testing a new user interface for its search results page, aiming to enhance user trust and combat brand impersonation in ads. The changes include a simplified layout that combines ad titles with URLs, but concerns remain about the effectiveness of these updates in preventing misleading ads from threat actors.…
Short Summary:
The article discusses a resurgence of malvertising campaigns targeting utility software, particularly focusing on the Mac version of Slack. Threat actors are creating deceptive ads that impersonate legitimate businesses to distribute malware. Despite reporting these incidents to Google, new malicious ads continue to emerge, indicating an ongoing threat.…
Short Summary:
The article discusses a recent malware campaign targeting online stores using Magento, where digital skimmers are injected to steal payment information during checkout. The skimmers are difficult to detect, and Malwarebytes has identified numerous compromised sites and blocked theft attempts. Mitigations include using security products to detect and block malicious infrastructure.…
Short Summary:
This article discusses a recent malvertising campaign targeting Slack through Google search ads. The campaign employs stealth tactics, including cloaking and click tracking, to evade detection and deliver malware. The authors highlight the challenges in identifying malicious ads and the importance of contextual detection in combating such threats.…
Short Summary:
This article discusses a sophisticated malvertising campaign where criminals impersonated Google’s product line to redirect users to a fake Google homepage. They exploited Google’s APIs and Looker Studio to create rotating malicious URLs, effectively locking users’ browsers and leading them to tech support scams.…
“`html Short Summary:
This article discusses a recent incident of brand impersonation involving Google ads, where users searching for Google Authenticator were misled into downloading malware. The fraudulent ad directed users to a fake website that hosted the malicious software, DeerStealer, which exfiltrates personal data. The article emphasizes the importance of distinguishing real advertisers from fake ones to prevent such attacks.…
Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques.
Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer.…
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity.…
Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them.
A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern.…
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Google’s search engine page and localized to North America.
Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer.…
Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser.
In this blog post, we look at a very recent malvertising campaign impersonating the popular VPN software NordVPN.…
Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads.
A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other malware.…
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection.
One malware family we have been tracking on this blog is FakeBat.…