Security News > 2023 > May > RomCom malware spread via Google Ads for ChatGPT, GIMP, more

RomCom malware spread via Google Ads for ChatGPT, GIMP, more
2023-05-30 19:01

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.

The first documented use of RomCom was reported in August 2022 by Palo Alto Networks, attributing the attacks to a Cuba ransomware affiliate they named 'Tropical Scorpius.

In October 2022, Ukraine's CERT-UA reported that the RomCom malware was being used in attacks against critical networks in the country.

Trend Micro's report on the latest RomCom activity lists several examples of websites used by the malware operators between December 2022 and April 2023 that impersonate legitimate software, like Gimp, Go To Meeting, ChatGPT, WinDirStat, AstraChat, System Ninja, Devolutions' Remote Desktop Manager, and more.

The latest version of the RomCom payload analyzed by Trend Micro shows that its authors have worked towards implementing additional malicious commands, with their number of commands growing from 20 to 42.

These commands already give the attackers extensive capabilities, but the cybersecurity company reports having seen several cases of additional malware payloads being installed through RomCom.


News URL

https://www.bleepingcomputer.com/news/security/romcom-malware-spread-via-google-ads-for-chatgpt-gimp-more/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Gimp 1 0 3 7 1 11