According to Bleeping Computer, cybercriminals are increasingly using legal platforms and channels to distribute their malware. At the moment, they particularly appreciate Google Ads, Google’s advertising network.
The technique for tricking Internet users into downloading and installing malicious software is always the same. Hackers create a very similar copy of a publisher’s site software and offer their visitors to download an application. The latter is most often the original program, embellished with a Trojan horse that downloads and installs malware in parallel. MSI Afterburner, the PC optimization software, has been targeted by such a campaign.
The modus operandi of hackers is known: their campaigns most often rely on typosquatting, a technique by which Internet users are attracted to pirate sites whose addresses resemble those of the original sites except for one or two letters. On the other hand, little information had leaked out on the how victims found these faulty links.
Hackers use Google’s advertising network to spread their viruses
They place themselves on keywords such as Slack, Brave, Zoom, μTorrent, OBS, Teamviewer, Thunderbird or even Visual Studio. If by misfortune, a user clicks on one of these advertisements, he is first directed to a harmless site. This maneuver is intended to deceive the vigilance of Google. The visitor is then guided to a site on which he will be encouraged to download the malware from a trusted source such as Dropbox or Github, again to escape the monitoring of security software.
To read – Phishing: hundreds of fake FR domain names registered, an unprecedented campaign is being prepared
To avoid this kind of inconvenience, be sure to check the address of the site to which you will be directed before clicking. Make sure you won’t be a victim of typosquatting, and whenever possible, prefer the official domain name of the software or program publisher. You can also use an adblocker.
Source : BleepingComputer