Security News > 2023 > February > Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.
The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today.
The most important aspect of the attacks is the creation of lookalike websites with typosquatted domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT. In doing so, it grants the attacker complete control of the victimized computer, including executing arbitrary shell commands, running files, harvesting data from web browsers, and capturing keystrokes.
"The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible," the researchers said.
The findings arrive less than a year after Trend Micro disclosed a Purple Fox campaign that leveraged tainted software packages Adobe, Google Chrome, Telegram, and WhatsApp as an arrival vector to propagate FatalRAT. They also arrive amid a broader abuse of Google Ads to serve a wide range of malware, or alternatively, take users to credential phishing pages.
"This allows the malware to stealthily monitor all HTTP requests and recognize specially formatted HTTP requests sent by the attacker, allowing for remote code execution."
News URL
https://thehackernews.com/2023/02/hackers-using-google-ads-to-spread.html
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Fake Google Meet conference errors push infostealing malware (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)