Malware advertising campaigns disturbing info-stealers observed by researchers

January 24, 2023
|In Security
|By Security Team

Malvertising attacks happen when cybercriminals introduce malicious ads into online advertising networks. The malicious ads then appear on popular and trusted websites and either redirect victims to corrupted WebPages or install malware directly on their computers. These malicious campaigns that distributes to various information-stealer. According to the cyber researchers, hackers are primarily taking advantage of campaigns to distribute the IcedID Trojan, followed by Vidar stealer.

When and what happened?

Since November 2022, the malware-advertising campaign attracts victims through search engine advertisements that make like popular software such as Audacity, Blender and GIMP. The hackers bought the advertisements to achieve a higher search engine ranking for software-related queries. Unauthorizing users who clicked on these advertisements are redirected to a malicious website that look alike same to the original website but the domains name is different. Once the user clicked on the download button, an exe file   acting as an installer is downloaded on their systems.

According to researcher showed that total 92 domains were found which lookalike different software that could have been or could still be used to distribute IcedID. Other than IcedID and Vidar Stealer, similar campaigns that spread other malware such as rhadamanthys stealer and batloader were observed. Cyber security researchers that rhadamanthys was spread via Google Ads look alike AnyDesk, Zoom, Bluestacks, and Notepad++, and It was used to steal information from web browsers, cryptowallets, and messaging applications which is harmful for users information.

Another incident is Microsoft researchers shared details about the abuse of Google Ads by DEV-0569 to deliver BatLoader. The group had look like Microsoft Teams, Adobe Flash Player, and LogMeIn as part of the promotion process.

How to Protect Yourself against Malware advertising?

  • Install a strong antivirus-:No matter what other precautions you take, some threats are bound to slip through. When it comes to thwarting malicious downloads, there’s no substitute for the protection that top-of-the-line antivirus software can provide.
  • Use an ad-blocker-:One simple and effective way to prevent malware reaching you through advertisements is to cut them off at source by using a comprehensive ad-blocker. This will stop both legitimate and fraudulent ads displaying on your screen, denying malicious code the opportunity to attack your system.
  • Disable browser plug-ins-:Browser plug-ins are a common vector for malvertising attacks, but by adjusting browser settings to limit the plug-ins that run by default, it can remove exploitable vulnerabilities and limit opportunities for cybercriminals.
  • Keep your OS updated-: Malicious code is designed to exploit software vulnerabilities. Running the very latest version of operating system reduces exposure to malware advertisements that target older vulnerabilities that have since been patched. The same goes for the web browser and other programs and applications.
  • Download software and content from legitimate sources-: Apple’s App Store and other legitimate app marketplaces vet apps for security. Downloading any programs or content from random sites, you never know if the website is legitimate or if the software might come bundled with malware.
  • Use a secure browser-:The best secure and private browsers are engineered with an extra layer of protection against malvertising and other online threats.