"RomCom Malware Spread via Google Ads for ChatGPT, GIMP, More"

A new campaign spreading the RomCom backdoor malware impersonates the websites of well-known or fictitious software in order to deceive users into downloading and launching malicious installers. Trend Micro researchers, who have tracked RomCom since the summer of 2022, uncovered the latest campaign. According to the researchers, the threat actors behind the campaign have expanded the malware's evasion capabilities by using payload encryption and obfuscation. The threat actors have also expanded the tool's capabilities by introducing new and powerful commands. Most websites used to distribute RomCom to victims involve remote desktop management applications, increasing the likelihood of phishing or social engineering attacks being conducted by the attackers. Trend Micro's report on the most recent RomCom activity provides examples of websites used by the malware operators between December 2022 and April 2023 that impersonate legitimate software, such as GIMP, Go To Meeting, ChatGPT, WinDirStat, AstraChat, System Ninja, and Devolutions' Remote Desktop Manager. This article continues to discuss findings regarding the new RomCom campaign. 

Bleeping Computer reports "RomCom Malware Spread via Google Ads for ChatGPT, GIMP, More"