Security News > 2023 > September > Fake Cisco Webex Google Ads abuse tracking templates to push malware

Fake Cisco Webex Google Ads abuse tracking templates to push malware
2023-09-14 13:47

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.

Malwarebytes reports that a malicious Google ad impersonates the official Webex download portal, ranking at the highest position in Google Search results for the "Webex" term.

The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy.

Specifically, Google says advertisers may use tracking templates with URL parameters that define a "Final URL" construction process based on gathered user information regarding their device, location, and other metrics related to ad interactions.

If visitors of the fake Webex page click on the download buttons, they receive an MSI installer that spawns several processes and runs PowerShell commands to install the BatLoader malware.

Sneaky Amazon Google ad leads to Microsoft support scam.


News URL

https://www.bleepingcomputer.com/news/security/fake-cisco-webex-google-ads-abuse-tracking-templates-to-push-malware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702
Cisco 2046 21 1771 1669 288 3749