Security News > 2022 > March > Mars Stealer malware pushed via Google Ads and phishing emails
Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it.
In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.
"The actor is paying for these Google Ads campaigns using stolen information," Osipov noted.
In another campaign, documented by the Ukrainian CERT, a threat actor is pushing the malware via emails impersonating the Ministry of Education and Science of Ukraine, offering "a new program for writing in the magazine" to Ukrainian citizens and organizations.
Mars Stealer is relatively new malware based on the Oski Stealer.
The threat actor compromised his own computer with the Mars Stealer while debugging, so they gleaned even more insight and information that lead them to the actor's GitLab account and the discovery that the threat actor is a Russian speaker.
News URL
https://www.helpnetsecurity.com/2022/03/30/mars-stealer/
Related news
- Fake Homebrew Google ads target Mac users with malware (source)
- Phishing Emails Targeting Australian Firms Rise by 30% in 2024 (source)
- Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google fixes flaw that could unmask YouTube users' email addresses (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)