Security News > 2023 > February > Google ads push ‘virtualized’ malware made for antivirus evasion

Google ads push ‘virtualized’ malware made for antivirus evasion
2023-02-03 00:04

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.

In a Google advertising campaign spotted by Sentinel Labs, threat actors push the Formbook information-stealing malware as virtualized.

Sentinel Labs comments that while KoiVM virtualization is popular for hacking tools and cracks, it is seldom used in malware distribution.

Over the past month, researchers have seen increased abuse of Google search ads to distribute various malware, including RedLine Stealer, Gozi/Ursnif, Vidar, Rhadamanthys stealer, IcedID, Raccoon Stealer, and many more.

In the ongoing campaign seen by SentinelLabs, threat actors push the MalVirt loaders in ads pretending to be for the Blender 3D software.

In addition to all detection avoidance systems used in the malware loader, a new trick is employed by Formbook itself that helps disguise its real C2 traffic and IP addresses.


News URL

https://www.bleepingcomputer.com/news/security/google-ads-push-virtualized-malware-made-for-antivirus-evasion/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4230 4521 732 9739