Cybercriminals Exploit Google Ads and Phishing Websites to Spread Malware

Google Ads are being exploited in malicious campaigns to spread malware by impersonating popular software websites. The malicious websites are promoted via Google Ad campaigns. Upon clicking the advertisement, the victims land on a malicious cloned copy of the original website. When users click on the download button, trojanized versions of the software are downloaded, containing Raccoon Stealer, Vidar Stealer and IcedID malware loaders. The payload is downloaded from trusted file-sharing and code-hosting services like GitHub, Dropbox, and Discord’s CDN to evade detection. The campaigns have impersonated Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, OBS, Ring, AnyDesk, LibreOffice, Teamviewer, Thunderbird, and Brave.

Verified by MonsterInsights