If you search for PDF converters or Notepad++ on Google, then be on your guard. According to the cybersecurity company Malwarebytes, a malvertising campaign has emerged that takes advantage of Google Ads to direct users searching for these popular software to dangerous landing pages and distribute next-stage payloads. The report claims that the malvertising campaign is “unique in its way to fingerprint users and distribute time-sensitive payloads”. Another thing that sets apart this campaign from others is the way the payload is being downloaded.
How hackers work
The hacking campaign targets users looking for free versions of Notepad++ and PDF converters with fake ads on Google search. These ads take users to a decoy website after filtering out bots and unwanted IP addresses. “A first level of filtering happens when the user clicks on one of these ads. This is likely an IP check that discards VPNs and other non genuine IP addresses and instead shows a decoy site,” said the report.
The victim is redirected to a fake website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine. Potential targets are assigned a unique ID for tracking and to make each download unique and time-sensitive, according to the report.
The final-stage malware establishes a connection to a remote domain (“mybigeye[.]icu”) on a custom port and serves follow-on malware through an HTA payload.
“Threat actors are successfully applying evasion techniques that bypass ad verification checks and allow them to target certain types of victims,” said Jerome Segura, director of threat intelligence, Malwarebytes.
“With a reliable malware delivery chain in hand, malicious actors can focus on improving their decoy pages and craft custom malware payloads,” he added.
Users who land on the decoy site are tricked into downloading a malicious installer, which then executes FakeBat (a.k.a EugenLoader), a loader designed to download additional malicious code, the report noted.
How hackers work
The hacking campaign targets users looking for free versions of Notepad++ and PDF converters with fake ads on Google search. These ads take users to a decoy website after filtering out bots and unwanted IP addresses. “A first level of filtering happens when the user clicks on one of these ads. This is likely an IP check that discards VPNs and other non genuine IP addresses and instead shows a decoy site,” said the report.
The victim is redirected to a fake website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine. Potential targets are assigned a unique ID for tracking and to make each download unique and time-sensitive, according to the report.
The final-stage malware establishes a connection to a remote domain (“mybigeye[.]icu”) on a custom port and serves follow-on malware through an HTA payload.
“Threat actors are successfully applying evasion techniques that bypass ad verification checks and allow them to target certain types of victims,” said Jerome Segura, director of threat intelligence, Malwarebytes.
“With a reliable malware delivery chain in hand, malicious actors can focus on improving their decoy pages and craft custom malware payloads,” he added.
Users who land on the decoy site are tricked into downloading a malicious installer, which then executes FakeBat (a.k.a EugenLoader), a loader designed to download additional malicious code, the report noted.
Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Alex Smith is a writer and editor with over 10 years of experience. He has written extensively on a variety of topics, including technology, business, and personal finance. His work has been published in a number of magazines and newspapers, and he is also the author of two books. Alex is passionate about helping people learn and grow, and he believes that writing is a powerful tool for communication and understanding.
