Begin typing your search...

Malvertisers targeting users searching for popular software

via Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads: Report

image for illustrative purpose

Malvertisers targeting users searching for popular software
X

23 Oct 2023 8:57 AM IST

New Delhi: A malvertising campaign has emerged that takes advantage of Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads, a new report has found.

According to the cybersecurity company Malwarebytes, the malvertising campaign is "unique in its way to fingerprint users and distribute time-sensitive payloads".

The attack targets users searching for Notepad++ and PDF converters with fake ads on Google search. These ads take users to a decoy site after filtering out bots and unwanted IP addresses.

The victim is redirected to a fake website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine.

Users who fail the security check are redirected to the legitimate Notepad++ website. Potential targets are assigned a unique ID for tracking and to make each download unique and time-sensitive, according to the report.

The final-stage malware establishes a connection to a remote domain ("mybigeye[.]icu") on a custom port and serves follow-on malware through an HTA payload.

"Threat actors are successfully applying evasion techniques that bypass ad verification checks and allow them to target certain types of victims," said Jerome Segura, director of threat intelligence, Malwarebytes.

"With a reliable malware delivery chain in hand, malicious actors can focus on improving their decoy pages and craft custom malware payloads," he added.

malvertising campaign Google Ads popular software 
Next Story
Share it