1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This fake Windows news site is spreading malware via hacked Googl

    From TechnologyDaily@1337:1/100 to All on Sat Nov 11 20:00:06 2023
    This fake Windows news site is spreading malware via hacked Google ads

    Date:
    Sat, 11 Nov 2023 19:47:58 +0000

    Description:
    Don't trust everything you see on Google ads - sometimes hackers managed to wiggle their way past defenses.

    FULL STORY ======================================================================

    Someone has been impersonating a known media publication and abusing the Google Ads advertising network, all to deliver the RedLine infostealer
    malware to people.

    A new report from Malwarebytes, found a fake WindowsReport website that was being hosted on almost a dozen different domains.

    On the website, the scammers hosted a trojanized version of CPU-Z, a popular utility tool for Windows that helps users track different hardware components such as CPU clock rates, and similar. The tool, in fact, was RedLine Stealer, a known infostealer capable of exfiltrating sensitive system data, stored passwords, payment information, cookies, cryptocurrency wallet information, and more.

    Reader Offer: $50 Amazon gift card with demo
    Perimeter 81's Malware Protection intercepts threats at the delivery stage
    to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

    Preferred partner ( What does this mean? ) Multiple similar campaigns

    Then, they created ads and ran them on the Google Ads network, promoting this malicious version of CPU-Z. The cloning of WindowsReport was done to add more legitimacy and trustworthiness to the whole campaign, the researchers speculate. But before users are sent to this website, theyre pulled through a number of redirects, all to evade Googles anti-abuse crawlers.

    Some users are redirected to benign pages, while others - those more suitable to receive RedLine - are redirected to the final website. We dont know
    exactly how the attackers choose their victims.

    To make matters worse, the installer is digitally signed with a valid certificate, meaning Windows security tools and other antivirus products most likely wont flag it as malicious.

    Malwarebytes has analyzed the threat actors infrastructure for this campaign and came to the conclusion that it was created by the same people who
    recently operated the Notepad++ campaign. This campaign, spotted in late October, was similar in the sense that it, too, included a copy of a legitimate website, and a bunch of malicious ads being served via Google Ads.

    The best way to stay safe is to be extra careful when searching for products and solutions on Google, and to always double-check the URL in the address
    bar before downloading anything.

    Via BleepingComputer More from TechRadar Pro Ransomware, AI, and social engineering all set to be 2024's biggest security threats Here's a list of
    the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-fake-windows-news-site-is-spreadin g-malware-via-hacked-google-ads


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)