Attention PDF Converter and Notepad users: Cybersecurity firm has a warning for you
Cybersecurity company Malwarebytes has issued a warning about a malvertising campaign that targets users searching for PDF converters or Notepad++ on Google. The campaign uses Google Ads to direct users to dangerous landing pages and distribute ma...
By ET Online |
Agencies
Cybersecurity company Malwarebytes has issued a warning about a malvertising campaign that is targeting users searching for PDF converters or Notepad++ on Google. As per a TOI report, the campaign uses Google Ads to direct users to dangerous landing pages and distribute malicious payloads. According to Malwarebytes, this campaign is unique in its ability to fingerprint users and distribute time-sensitive payloads.
The hackers behind this campaign specifically target users who are searching for free versions of Notepad++ and PDF converters. They create fake ads on Google search that filter out bots and unwanted IP addresses, redirecting users to a decoy website. The first level of filtering occurs when users click on these ads, discarding VPNs and non-genuine IP addresses. The decoy site then silently fingerprints the system to check if the request is coming from a virtual machine.
To track potential targets and make each download unique and time-sensitive, a unique ID is assigned to each victim. The final-stage malware establishes a connection to a remote domain ("mybigeye[.]icu") on a custom port and serves follow-on malware through an HTA payload. Jerome Segura, the director of threat intelligence at Malwarebytes, stated that threat actors are using evasion techniques to bypass ad verification checks and target specific victims. He also noted that with a reliable malware delivery chain, malicious actors can focus on improving their decoy pages and creating custom malware payloads.
Users who visit the decoy site are tricked into downloading a malicious installer, which then executes FakeBat (also known as EugenLoader). FakeBat is a loader designed to download additional malicious code. It is important for users to be cautious when searching for software online and to ensure that they are accessing legitimate websites to avoid falling victim to such malvertising campaigns.
This news article is based on the information from Malwarebytes' report and has been rewritten to adhere to the given constraints.
The hackers behind this campaign specifically target users who are searching for free versions of Notepad++ and PDF converters. They create fake ads on Google search that filter out bots and unwanted IP addresses, redirecting users to a decoy website. The first level of filtering occurs when users click on these ads, discarding VPNs and non-genuine IP addresses. The decoy site then silently fingerprints the system to check if the request is coming from a virtual machine.
To track potential targets and make each download unique and time-sensitive, a unique ID is assigned to each victim. The final-stage malware establishes a connection to a remote domain ("mybigeye[.]icu") on a custom port and serves follow-on malware through an HTA payload. Jerome Segura, the director of threat intelligence at Malwarebytes, stated that threat actors are using evasion techniques to bypass ad verification checks and target specific victims. He also noted that with a reliable malware delivery chain, malicious actors can focus on improving their decoy pages and creating custom malware payloads.
Users who visit the decoy site are tricked into downloading a malicious installer, which then executes FakeBat (also known as EugenLoader). FakeBat is a loader designed to download additional malicious code. It is important for users to be cautious when searching for software online and to ensure that they are accessing legitimate websites to avoid falling victim to such malvertising campaigns.
This news article is based on the information from Malwarebytes' report and has been rewritten to adhere to the given constraints.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
