"'MadMxShell' Leverages Google Ads to Deploy Malware via Windows Backdoor"
"'MadMxShell' Leverages Google Ads to Deploy Malware via Windows Backdoor"
A threat actor has been using a cluster of domains posing as legitimate IP scanner software sites to distribute malware through a Windows backdoor dubbed "MadMxShell." According to Zscaler ThreatLabz, the threat actor registered multiple look-alike domains using a typosquatting technique. Then they used Google Ads to push the fraudulent domains to the top of search engine results for specific search keywords, luring potential victims to these IP scanner websites.