1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Google Ads campaign pushes malware that your antivirus can't

    From TechnologyDaily@1337:1/100 to All on Fri Feb 3 10:30:03 2023
    This Google Ads campaign pushes malware that your antivirus can't pick up

    Date:
    Fri, 03 Feb 2023 10:21:25 +0000

    Description:
    Fake Google Ads campaign promoting popular 3D rendering software is actually deploying dangerous infostealers.

    FULL STORY ======================================================================

    Cybersecurity researchers have spotted a new advertising campaign on the Google Ads network which pushes malware onto unsuspecting victims endpoints . What makes this malvertising campaign different from others is the fact that the malware being distributed is almost impossible for todays antivirus solutions to pick up.

    The threat actors made it work by building code that can only be understood
    by virtual machines. If the victims run the malware , the virtual machine can translate the code back to its original code and run the malicious executive.

    The researchers, from from SentinelLabs, explain the MO: "Virtualization frameworks such as KoiVM obfuscate executables by replacing the original
    code, such as NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework understands. Delivering Formbook

    "A virtual machine engine executes the virtualized code by translating it
    into the original code at runtime."

    This type of malware also makes analysis difficult, the researchers added: "When put to malicious use, virtualization makes malware analysis challenging and also represents an attempt to evade static analysis mechanisms."

    The malware being distributed this way is Formbook, a known infostealer. Its virtualized version was dubbed MalVirt. To trick people into downloading the malware, the threat actors created a number of fake websites, pretending to
    be landing pages where people can download the Blender 3D software. Read more

    Security experts take down spam network hitting millions of iOS devices


    Google AdWords is being hijacked by scammers


    Check out the best ransomware protections right now

    Blender 3D is a popular 3D modeling, rendering, and animation program.

    This is not the first time Googles ad network was abused to deliver malware. In late December last year, researchers spotted a major campaign
    impersonating a number of popular programs and applications, such as Grammarly, MSI Afterburner, and Slack, to deliver IceID and Racoon Stealer, both known infostealing malware.

    Malicious campaigns that make their way to Google Ads are arguably more dangerous, as people tend to trust major tech companies by default. Still,
    the best way to stay safe is to always double-check the address of the website, regardless of if its being advertised on Google or not. Here's our list of the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-google-ads-campaign-pushes-malware-that-yo ur-antivirus-cant-pick-up


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)