Security News > 2021 > May > Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "Clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages.

AnyDesk's remote desktop access solution has been downloaded by more than 300 million users worldwide, according to the company's website.

The PowerShell script may have all the hallmarks of a typical backdoor, but it's the intrusion route where the attack throws a curve, signaling that it's beyond a garden-variety data gathering operation - the AnyDesk installer is distributed through malicious Google ads placed by the threat actor, which are then served to unsuspecting people who are using Google to search for 'AnyDesk.

The fraudulent ad result, when clicked, redirects users to a social engineering page that's a clone of the legitimate AnyDesk website, in addition to providing the individual with a link to the trojanized installer.

"While it is unknown what percentage of Google searches for AnyDesk resulted in clicks on the ad, a 40% Trojan installation rate from an ad click shows that this is an extremely successful method of gaining remote access across a wide range of potential targets," the researchers said.

"Because of the nature of the Google advertising platform, it can provide a really good estimate of how many people will click on the ad. From that, the threat actor can adequately plan and budget based on this information. In addition to targeting tools like AnyDesk or other administrative tools, the threat actor can target privileged/administrative users in a unique way."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wGoXioXuOOg/malvertising-campaign-on-google.html