Security News > 2023 > May > Infostealer with hVNC capability pushed via Google Ads

There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target computers through a hVNC module.

LOBSHOT, an infostealer and remote access trojan, is being distributed via Google Ads.

Infostealer + hVNC. To achieve persistence, LOBSHOT registers a new registry key.

What makes this malware notable is its hVNC capability.

Traditional VNC software allows remote access to a machine with the user's permission; hVNC operates stealthily, enabling attackers to carry out actions on the same machine without being detected by the victim.

While LOBSHOT's primary purpose seems to be theft of data that may lead to cryptocurrency theft, its hVNC capability may point to attackers' other goals.

News URL

https://www.helpnetsecurity.com/2023/05/02/infostealer-hvnc/