When searching for specific software on Google, avoid ads in search results

0 19

Users who search on Google for popular software such as AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack and Zoom, among others, are being targeted by a new malicious advertising campaign that abuses Google Ads to deliver trojanized software to users that infects victims’ devices with malware such as Raccoon Stealer and Vidar.

Those responsible for these infections use legitimate-looking websites with minor domain name errors. These fake sites appear at the top of Google search results in the form of advertisements when certain keywords are searched for.

The ultimate goal of such attacks is to trick users into downloading malware.

In the countryside he discovered Guardio Labs, the attackers have created a network of benign sites that advertise on the browser. When users click on them, they are redirected to a page with a trojanized ZIP file located on Dropbox or OneDrive.

Guardio Labs, which named the campaign MasquerAds, says a group called Vermux is responsible for it, which is “misusing a huge list of brands.”

Operation Vermux is mainly focused on users in Canada and the United States, and the sites used for this campaign are optimized for AnyDesk and MSI Afterburner searches. Victims are infected with cryptominers and Vidar malware.

This is not the first time that the Google Ads platform has been used to spread malware. One such campaign was discovered by Microsoft last month and the goal of the attack was to infect devices with BATLOADER, which is then used to infect devices with Royal ransomware.

Cybercriminals have used similar tactics to distribute IcedID malware via website copies of well-known applications such as Adobe, Brave, Discord, LibreOffice, Mozilla Thunderbird and TeamViewer.

Source: Information.rs from www.informacija.rs.

*The article was translated based on the content of Information.rs from www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report under the article. We try to process as quickly as possible to protect copyright. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

* ? ? We always respect the copyright of the author’s content and always include the original link to the source article. If the author disagrees, leave the report under the article, the article will be edited or deleted at the request of the author. Thank you very much! Best regards!

Leave A Reply

Your email address will not be published.