Security News > 2023 > February > Google ads push ‘virtualized’ malware made for antivirus evasion
An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.
In a Google advertising campaign spotted by Sentinel Labs, threat actors push the Formbook information-stealing malware as virtualized.
Sentinel Labs comments that while KoiVM virtualization is popular for hacking tools and cracks, it is seldom used in malware distribution.
Over the past month, researchers have seen increased abuse of Google search ads to distribute various malware, including RedLine Stealer, Gozi/Ursnif, Vidar, Rhadamanthys stealer, IcedID, Raccoon Stealer, and many more.
In the ongoing campaign seen by SentinelLabs, threat actors push the MalVirt loaders in ads pretending to be for the Blender 3D software.
In addition to all detection avoidance systems used in the malware loader, a new trick is employed by Formbook itself that helps disguise its real C2 traffic and IP addresses.
News URL
Related news
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)