New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

2023-11-09 13:26

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura said.

While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.

The goal is to trick unsuspecting users searching for CPU-Z on search engines like Google by serving malicious ads that, when clicked, redirect them to the fake portal.

At the same time, users who are not the intended victims of the campaign are served an innocuous blog with different articles, a technique known as cloaking.

Last week, cybersecurity firm eSentire disclosed details of an updated Nitrogen campaign that paves the way for a BlackCat ransomware attack.

To top it all, eSentire also called attention to a new method dubbed the Wiki-Slack attack, a user-direction attack that aims to drive victims to an attacker-controlled website by defacing the end of the first para of a Wikipedia article and sharing it on Slack.

News URL

https://thehackernews.com/2023/11/new-malvertising-campaign-uses-fake.html

#malvertising #windows