Security News > 2022 > March > Mars Stealer malware pushed via Google Ads and phishing emails
Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it.
In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.
"The actor is paying for these Google Ads campaigns using stolen information," Osipov noted.
In another campaign, documented by the Ukrainian CERT, a threat actor is pushing the malware via emails impersonating the Ministry of Education and Science of Ukraine, offering "a new program for writing in the magazine" to Ukrainian citizens and organizations.
Mars Stealer is relatively new malware based on the Oski Stealer.
The threat actor compromised his own computer with the Mars Stealer while debugging, so they gleaned even more insight and information that lead them to the actor's GitLab account and the discovery that the threat actor is a Russian speaker.
News URL
https://www.helpnetsecurity.com/2022/03/30/mars-stealer/
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Google Pay alarms users with accidental ‘new card’ added emails (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Fake Google Meet conference errors push infostealing malware (source)
- Israeli orgs targeted with wiper malware via ESET-branded emails (source)
- Google Scholar has a 'verified email' for Sir Isaac Newton (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)