This fake Windows news site is spreading malware via hacked Google ads

This fake Windows news site is spreading malware via hacked Google ads

Passwords

Image Credit: Shutterstock
(Image credit: Shutterstock)

Someone has been impersonating a known media publication and abusing the Google Ads advertising network, all to deliver the RedLine infostealer malware to people.

A new report from Malwarebytes, found a fake WindowsReport website that was being hosted on almost a dozen different domains. 

On the website, the scammers hosted a trojanized version of CPU-Z, a popular utility tool for Windows that helps users track different hardware components such as CPU clock rates, and similar. The tool, in fact, was RedLine Stealer, a known infostealer capable of exfiltrating sensitive system data, stored passwords, payment information, cookies, cryptocurrency wallet information, and more. 

Multiple similar campaigns

Then, they created ads and ran them on the Google Ads network, promoting this malicious version of CPU-Z. The cloning of WindowsReport was done to add more legitimacy and trustworthiness to the whole campaign, the researchers speculate. But before users are sent to this website, they’re pulled through a number of redirects, all to evade Google’s anti-abuse crawlers. 

Some users are redirected to benign pages, while others – those more suitable to receive RedLine – are redirected to the final website. We don’t know exactly how the attackers choose their victims. 

To make matters worse, the installer is digitally signed with a valid certificate, meaning Windows security tools and other antivirus products most likely won’t flag it as malicious. 

Malwarebytes has analyzed the threat actors’ infrastructure for this campaign and came to the conclusion that it was created by the same people who recently operated the Notepad++ campaign. This campaign, spotted in late October, was similar in the sense that it, too, included a copy of a legitimate website, and a bunch of malicious ads being served via Google Ads. 

The best way to stay safe is to be extra careful when searching for products and solutions on Google, and to always double-check the URL in the address bar before downloading anything.

Via BleepingComputer

More from TechRadar Pro

Ransomware, AI, and social engineering all set to be 2024’s biggest security threatsHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechRadar – https://www.techradar.com/pro/security/this-fake-windows-news-site-is-spreading-malware-via-hacked-google-ads

Exit mobile version