"New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software"

Users searching for popular software are being targeted in a new malvertising campaign that uses Google Ads to deliver trojanized variants in order to deliver malware, such as Raccoon Stealer and Vidar. The activity involves websites with typosquatted domain names that appear on top of Google search results as malicious advertisements by hijacking searches for particular keywords. These attacks aim to get unsuspecting users to download malicious or unwanted software. One campaign uncovered by Guardio Labs, included threat actors forming a network of benign sites advertised on the search engine. When clicked, the sites redirect visitors to a phishing page containing a malware-infected ZIP archive hosted on Dropbox or OneDrive. AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack, and Zoom are among the impersonated software. Guardio Labs, which has called the campaign MasquerAds, attributes a large portion of the activity to a threat actor known as Vermux, stating that the adversary is exploiting a wide range of brands and is constantly developing. The Vermux operation has mostly targeted users in Canada and the US using MasquerAds sites tailored to searches for AnyDesk and MSI Afterburner to spread cryptocurrency miners and the Vidar information stealer. This article continues to discuss findings regarding the MasquerAds malvertising campaign.

THN reports "New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software"