Someone has been impersonating a known media publication and abusing nan Google Ads advertizing network, each to present nan RedLine infostealer malware to people.
A caller study from Malwarebytes, recovered a clone WindowsReport website that was being hosted connected almost a twelve different domains.
On nan website, nan scammers hosted a trojanized type of CPU-Z, a celebrated inferior instrumentality for Windows that helps users way different hardware components specified arsenic CPU timepiece rates, and similar. The tool, successful fact, was RedLine Stealer, a known infostealer tin of exfiltrating delicate strategy data, stored passwords, costs information, cookies, cryptocurrency wallet information, and more.
Multiple akin campaigns
Then, they created ads and ran them connected nan Google Ads network, promoting this malicious type of CPU-Z. The cloning of WindowsReport was done to adhd much legitimacy and trustworthiness to nan full campaign, nan researchers speculate. But earlier users are sent to this website, they’re pulled done a number of redirects, each to evade Google’s anti-abuse crawlers.
Some users are redirected to benign pages, while others - those much suitable to person RedLine - are redirected to nan last website. We don’t cognize precisely really nan attackers take their victims.
To make matters worse, nan installer is digitally signed pinch a valid certificate, meaning Windows information devices and different antivirus products astir apt won’t emblem it arsenic malicious.
Malwarebytes has analyzed nan threat actors’ infrastructure for this run and came to nan conclusion that it was created by nan aforesaid group who precocious operated nan Notepad++ campaign. This campaign, spotted successful precocious October, was akin successful nan consciousness that it, too, included a transcript of a morganatic website, and a bunch of malicious ads being served via Google Ads.
The champion measurement to enactment safe is to beryllium other observant erstwhile searching for products and solutions connected Google, and to ever double-check nan URL successful nan reside barroom earlier downloading anything.
More from TechRadar Pro
- Ransomware, AI, and societal engineering each group to beryllium 2024's biggest information threats
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now