Apr 18, 2024NewsroomMalvertising / Endpoint Security A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search […]
An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action has been taken yet,” , Malwarebytes researcher Jérôme Segura shared. The campaign Malicious ads served via […]
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is FakeBat. It is very unique in that […]
Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English. I have seen two different types in German. First Facebook scam Translation: Deadly accident on […]
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated around […]
During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. Criminals have found success in acquiring new victims thanks to search […]
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their activities. However, ScamClub has been back for several […]
A new malvertising campaign has been observed wherein threat actors are copying a legitimate Windows news portal to distribute malware. This type of website is often visited by software enthusiasts and system administrators to stay updated about computer reviews and download software utilities. What’s happening? Threat actors are leveraging the Windows news portal to promote […]
Nov 09, 2023NewsroomEndpoint Security / Malware A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. “This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and […]
- 1
- 2