1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This fake GIMP Google ad just ends up serving malware

    From TechnologyDaily@1337:1/100 to All on Tue Nov 1 22:00:04 2022
    This fake GIMP Google ad just ends up serving malware

    Date:
    Tue, 01 Nov 2022 21:42:12 +0000

    Description:
    You want GIMP? That's too bad, because you're getting Vidar malware instead.

    FULL STORY ======================================================================

    Googles advertising network has been found serving a malicious ad that might end up seeing users have their identity data and other sensitive intel
    stolen.

    Hackers have reportedly managed to trick Google Ad Manager into serving a
    fake ad for popular photo editor GIMP, meaning those who wanted to download the program only ended up with a potent infostealer called Vidar.

    Whenever a victim typed in GIMP or a similar keyword in Googles search
    engine, theyd be presented, among other things, with an ad showing GIMPs official website - GIMP.org. However, actually clicking on the ad would not send the victim to that particular domain, but rather to gilimp.org, or gimp.monster. There, theyd be offered to download a 700MB-large file, an overinflated executable thats actually just 5MB in size - the Vidar infostealer. Tricking the system

    How this was possible is still not entirely certain. While some researchers think the threat actor used the IDN homograph technique to make the Cyrillic gmp.org - typed as http://xn--gmp-jhd.org/, appear as gimp.org in the Latin alphabet, others are of the opinion that the trick is actually far less elaborate. Read more

    Vidar spyware is now hidden in Microsoft help files


    These fake Zoom websites want to trick you into downloading malware


    These are the best antivirus programs out there today

    In fact, BleepingComputer reports that Google lets publishers create ads with two different URLs - one to serve to the viewers, and the other one where theyll actually be taken. Allegedly, Googles pretty strict with these things allowing, for example, only those that use the same domain. How, or why, the Ad Manager allowed this particular campaign to go live is unknown. Google is still silent on the matter, and well update the article if the search giant decides to elaborate.

    Vidar is a known infostealer capable of grabbing browser information (passwords, cookies, stored credit card information, and similar), cryptocurrency wallet information, Telegram credentials, file transfer application information, and plenty of other sensitive data. Check out the best malware protection out there

    Via. BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-fake-gimp-google-ad-just-ends-up-serving-m alware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)