This fake Windows news site is spreading malware via hacked Google ads

Trending 4 weeks ago
Image Credit: Shutterstock (Image credit: Shutterstock)

Someone has been impersonating a known media publication and abusing nan Google Ads advertizing network, each to present nan RedLine infostealer malware to people.

A caller study from Malwarebytes, recovered a clone WindowsReport website that was being hosted connected almost a twelve different domains. 

On nan website, nan scammers hosted a trojanized type of CPU-Z, a celebrated inferior instrumentality for Windows that helps users way different hardware components specified arsenic CPU timepiece rates, and similar. The tool, successful fact, was RedLine Stealer, a known infostealer tin of exfiltrating delicate strategy data, stored passwords, costs information, cookies, cryptocurrency wallet information, and more. 

Multiple akin campaigns

Then, they created ads and ran them connected nan Google Ads network, promoting this malicious type of CPU-Z. The cloning of WindowsReport was done to adhd much legitimacy and trustworthiness to nan full campaign, nan researchers speculate. But earlier users are sent to this website, they’re pulled done a number of redirects, each to evade Google’s anti-abuse crawlers. 

Some users are redirected to benign pages, while others - those much suitable to person RedLine - are redirected to nan last website. We don’t cognize precisely really nan attackers take their victims. 

To make matters worse, nan installer is digitally signed pinch a valid certificate, meaning Windows information devices and different antivirus products astir apt won’t emblem it arsenic malicious. 

Malwarebytes has analyzed nan threat actors’ infrastructure for this run and came to nan conclusion that it was created by nan aforesaid group who precocious operated nan Notepad++ campaign. This campaign, spotted successful precocious October, was akin successful nan consciousness that it, too, included a transcript of a morganatic website, and a bunch of malicious ads being served via Google Ads. 

The champion measurement to enactment safe is to beryllium other observant erstwhile searching for products and solutions connected Google, and to ever double-check nan URL successful nan reside barroom earlier downloading anything.

Via BleepingComputer

More from TechRadar Pro

  • Ransomware, AI, and societal engineering each group to beryllium 2024's biggest information threats
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Networking