Security News > 2023 > September > Fake Cisco Webex Google Ads abuse tracking templates to push malware
Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.
Malwarebytes reports that a malicious Google ad impersonates the official Webex download portal, ranking at the highest position in Google Search results for the "Webex" term.
The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy.
Specifically, Google says advertisers may use tracking templates with URL parameters that define a "Final URL" construction process based on gathered user information regarding their device, location, and other metrics related to ad interactions.
If visitors of the fake Webex page click on the download buttons, they receive an MSI installer that spawns several processes and runs PowerShell commands to install the BatLoader malware.
Sneaky Amazon Google ad leads to Microsoft support scam.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Cisco warns of Webex for BroadWorks flaw exposing credentials (source)